Re: [jetty-users] jetty 8 secure jmx

[Robert Hook]

Thank you Simone, those two references hit the nail on the head. In 
order to add authorization constraints to the remote JMX console for 
jetty 8, I added the map to the Connector definition, so that it became:

  <New id="ConnectorServer" class="org.eclipse.jetty.jmx.ConnectorServer">
    <Arg>
      <New class="javax.management.remote.JMXServiceURL">
        <Arg type="java.lang.String">rmi</Arg>
        <Arg type="java.lang.String" />
        <Arg type="java.lang.Integer"><SystemProperty 
name="jetty.jmxrmiport" default="1097"/></Arg>
        <Arg type="java.lang.String">/jndi/rmi://<SystemProperty 
name="jetty.jmxrmihost" default="localhost"/>:<SystemProperty 
name="jetty.jmxrmiport" default="1097"/>/jmxrmi</Arg>
      </New>
    </Arg>
    <Arg>
        <Map>
            <Entry>
<Item>jmx.remote.x.password.file</Item>
                <Item>
                    <New class="java.lang.String"><Arg><Property 
name="jetty.home" default="." />/resources/jmx.password</Arg></New>
                </Item>
            </Entry>
            <Entry>
                <Item>jmx.remote.x.access.file</Item>
                <Item>
                    <New class="java.lang.String"><Arg><Property 
name="jetty.home" default="." />/resources/jmx.access</Arg></New>
                </Item>
            </Entry>
        </Map>
    </Arg>

<Arg>org.eclipse.jetty.jmx:name=rmiconnectorserver</Arg>
    <Call name="start" />
  </New>

I found also that I did need to specify the RMI server hostname in that 
file as well, although that could be a misfeature of our DNS

  <Call class="java.lang.System" name="setProperty">
    <Arg>java.rmi.server.hostname</Arg>
    <Arg>192.168.1.153</Arg>
  </Call>

Note that I placed the password and access file in JETTYHOME/resources, 
and made damned sure that those files are only readable by the user that 
runs the Jetty processes.
--


--
*
*
*Robert Hook*
Senior Java Developer
+44 (0)750 714 4649

Somo | Haymarket House | 28 Haymarket | London | SW1Y 4SP
www.somoglobal.com <http://www.somoglobal.com/>
@somoglobal <http://www.twitter.com/somoglobal>

This email and any files transmitted with it are private, may be 
confidential and are for the intended recipient only. If you are not the 
intended recipient, be advised that you have received them in error. 
Please notify the sender of the error, delete all copies of them from 
your system and destroy any printed copies.
If you are not the intended recipient, you are not authorised to read, 
print, retain, copy, disseminate, distribute, or use this email and any 
files transmitted with it. Please rely on your own anti-virus system. No 
responsibility is taken by Somo Ltd for any damage arising out of any 
bug or virus infection.

_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
https://dev.eclipse.org/mailman/listinfo/jetty-users