[jetty-users] jetty 8 secure jmx

Fri, 13 Jul 2012 08:20:25 -0700

Folks, I've worked myself into a state of deep confusion around this. I want to be able to access jetty with jconsole, remotely, but very (very) much want to have password authentication on that, as the service in question may be on a publicly facing server (yes, we will be deploying with firewalls and so forth that should prevent it being open to the world, but defence-in-depth and all that)
I've attempted to add the usual com.sun.management.jmxremote* properties to the JVM by adding them to start.ini, which worked when i did not have etc/jetty-jmx.xml enabled. But of course, then I only got a very limited set of beans, and not the jetty ones (or our own) that I was interested in. If I re-enabled etc/jetty-jmx.xml, there were problems because that config file was creating a RMI registry and connector on the ports I'd specified in start.ini 


I tried removing the definition of the RMI registry and connector in 
etc/jetty-jmx.xml, and nothing worked.
I tried removing the RMI registry and port information from the 
com.sun.management.jmxremote* properties in start.ini, and it looked 
like com.sun.management.jmxremote.authenticate was entirely ignored.



So in the end it looks like the right way to enable remote jmx access is 
to use the stock etc/jetty-jmx.xml, but I've searched high, low and in 
the middle and cannot find any information on how to then secure the 
service exposed by that configuration.

--


--
*
*
*Robert Hook*
Senior Java Developer
+44 (0)750 714 4649

Somo | Haymarket House | 28 Haymarket | London | SW1Y 4SP
www.somoglobal.com <http://www.somoglobal.com/>
@somoglobal <http://www.twitter.com/somoglobal>


This email and any files transmitted with it are private, may be 
confidential and are for the intended recipient only. If you are not the 
intended recipient, be advised that you have received them in error. 
Please notify the sender of the error, delete all copies of them from 
your system and destroy any printed copies.
If you are not the intended recipient, you are not authorised to read, 
print, retain, copy, disseminate, distribute, or use this email and any 
files transmitted with it. Please rely on your own anti-virus system. No 
responsibility is taken by Somo Ltd for any damage arising out of any 
bug or virus infection.



_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users






















					Reply via email to