Yes, there is a second port you need to open, which is 100 higher than the jmxport listed in the configuration (8999 in your case, so 9099 is the other one you want).
RMI based JMX actually requires 2 ports when used the way basically everyone uses it (an RMIConnectorServer JMX server advertised in an RMIRegistry), so the reason you are not getting connected is that the 2nd port (where the actual JMX Connector Server is listening) is still blocked and when the console tries connecting to it after retrieving its address from the registry it cant reach it. Prior to 0.5 this second port was randomly assigned in the ephemeral range by the JVM, but I modified it to an offset of the configured port (which is where the RMIRegistry is located) for 0.5 for exactly the situation you are in where the ports need to be known to be opened. Robbie 2009/11/20 mARK bLOORE <[email protected]>: > Thanks Robbie. That got me going on a local test broker, but I have > made the same access changes to the remote production server and I > still can't connect. I opened port 8999/TCP in its firewall; do I > need to do anything else? > > > On Wed, Nov 11, 2009 at 5:09 PM, Robbie Gemmell > <[email protected]> wrote: >> Ok, I have narrowed down the cause of the exception you are seeing. >> >> The problem in this case seems to be that you have used a user account which >> is valid, but does not have any management access rights. As a result, the >> CLI managed to establish a JMXConnector to the server, but as soon as you >> actually try to do something with it you get the SecurityException as you >> don't have permissions to invoke any operations. >> >> You need to edit the etc/jmxremote.access file in the broker configuration >> to give the user rights. It is of the format username=rights where rights >> can be either readonly, readwrite, or admin. Readonly allows all >> non-modifying actions, readwrite also allows modifying actions, and admin is >> the same but with access to additional management mbeans (though as far as I >> know the CLI cant acually do anything that would require admin - in 0.5 this >> controls access rights to the ConfigurationManagement, UserManagement and >> LoggingManagement MBeans) >> >> Once that is done the CLI should be able to do stuff, though as ive noted it >> has its issues (eg https://issues.apache.org/jira/browse/QPID-1878) >> >> Robbie >> >>> -----Original Message----- >>> From: mARK bLOORE [mailto:[email protected]] >>> Sent: 11 November 2009 16:57 >>> To: [email protected] >>> Subject: can't list in java cli >>> >>> I am running the Java 0.5 broker and management tools. In qpid-cli, >>> if I try to list any type of object, I get >>> >>> qpid-admin-$ queue list >>> java.lang.SecurityException: Access denied >>> at >>> org.apache.qpid.server.management.MBeanInvocationHandlerImpl.invoke(MBe >>> anInvocationHandlerImpl.java:159) >>> at $Proxy7.queryNames(Unknown Source) >>> at >>> javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnection >>> Impl.java:1468) >>> at >>> javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionI >>> mpl.java:90) >>> at >>> javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(R >>> MIConnectionImpl.java:1284) >>> at java.security.AccessController.doPrivileged(Native Method) >>> at >>> javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMI >>> ConnectionImpl.java:1389) >>> at >>> javax.management.remote.rmi.RMIConnectionImpl.queryNames(RMIConnectionI >>> mpl.java:552) >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> at >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja >>> va:57) >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso >>> rImpl.java:43) >>> at java.lang.reflect.Method.invoke(Method.java:616) >>> at >>> sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:322) >>> at sun.rmi.transport.Transport$1.run(Transport.java:177) >>> at java.security.AccessController.doPrivileged(Native Method) >>> at sun.rmi.transport.Transport.serviceCall(Transport.java:173) >>> at >>> sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:553 >>> ) >>> at >>> sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport. >>> java:808) >>> at >>> sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.j >>> ava:667) >>> at >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.ja >>> va:1110) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.j >>> ava:603) >>> at java.lang.Thread.run(Thread.java:636) >>> at >>> sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRe >>> moteCall.java:273) >>> at >>> sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:25 >>> 1) >>> at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:160) >>> at com.sun.jmx.remote.internal.PRef.invoke(Unknown Source) >>> at >>> javax.management.remote.rmi.RMIConnectionImpl_Stub.queryNames(Unknown >>> Source) >>> at >>> javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.qu >>> eryNames(RMIConnector.java:829) >>> at >>> org.apache.qpid.commands.objects.ObjectNames.returnObjects(ObjectNames. >>> java:52) >>> at >>> org.apache.qpid.commands.Commandlist.listobjects(Commandlist.java:106) >>> at >>> org.apache.qpid.commands.Commandlist.execute(Commandlist.java:191) >>> at >>> org.apache.qpid.CommandExecutionEngine.runcommand(CommandExecutionEngin >>> e.java:69) >>> at >>> org.apache.qpid.CommandLineInterpreter.main(CommandLineInterpreter.java >>> :170) >>> java.lang.NullPointerException >>> at >>> org.apache.qpid.commands.Commandlist.listobjects(Commandlist.java:107) >>> at >>> org.apache.qpid.commands.Commandlist.execute(Commandlist.java:191) >>> at >>> org.apache.qpid.CommandExecutionEngine.runcommand(CommandExecutionEngin >>> e.java:69) >>> at >>> org.apache.qpid.CommandLineInterpreter.main(CommandLineInterpreter.java >>> :170) >>> qpid-admin-$ >>> >>> >>> What is wrong? >>> >>> -- >>> mARK bLOORE <[email protected]> >>> >>> --------------------------------------------------------------------- >>> Apache Qpid - AMQP Messaging Implementation >>> Project: http://qpid.apache.org >>> Use/Interact: mailto:[email protected] >> >> >> >> --------------------------------------------------------------------- >> Apache Qpid - AMQP Messaging Implementation >> Project: http://qpid.apache.org >> Use/Interact: mailto:[email protected] >> >> > > > > -- > mARK bLOORE <[email protected]> > > --------------------------------------------------------------------- > Apache Qpid - AMQP Messaging Implementation > Project: http://qpid.apache.org > Use/Interact: mailto:[email protected] > > --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:[email protected]
