Re: Tomcat JMX connection - Authentication failed.

Ziggy Thu, 13 Jan 2011 05:25:08 -0800

Ok i am stuck now - here is the full configuration

$CATALINA_BASE/setenv.sh
---------------------------
        CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
-Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access"
        export CATALINA_OPTS


$CATALINA_BASE/conf/jmxremote.password
---------------------------------------
        monitorRole monitorpass
        controlRole controlpass

$CATALINA_BASE/conf/jmxremote.access
---------------------------------------
        monitorRole readonly
        controlRole readwrite

The client tool i am using to access the Tomcat JMX server is running on the
same machine as the Tomcat instance. when i start tomcat i can see that
there is something listening at port 18070 but when i try to connect i get
the following error

        Exception in thread "main" java.lang.SecurityException:
Authentication failed! Credentials required
                at
com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticationFailure(JMXPluggableAuthenticator.java:193)
                at
com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticate(JMXPluggableAuthenticator.java:145)
                at
sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(ConnectorBootstrap.java:185)
                at
javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:213)


I connect using the following bit of code


                try {
                    url = new
JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:18070/jmxrmi");
                    jmxc = JMXConnectorFactory.connect(url,null);
                    mbsc = jmxc.getMBeanServerConnection();
                } catch (MalformedURLException e) {
                    throw new Exception(methodName + ":" + e);
                } catch (IOException e) {
                    throw new Exception(methodName + ":" + "Failed to
connect to the Tomcat Server " + e);
                }

It works fine if i set com.sun.management.jmxremote.authenticate=true to
false. Other than that it just fails. The client tool is running on the same
machine as the tomcat instance so there should not be any issues with the
firewall. Any clues

On Thu, Jan 13, 2011 at 1:20 PM, André Warnier <a...@ice-sa.com> wrote:

> Ziggy wrote:
>
>> Tomcat JMX connection - Authentication failed.
>>
>> I am having some problems setting up Tomcat for JMX. I added the following
>> properties to CATALINA_OPTS
>>
>> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
>>
>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
>> -Dcom.sun
>> .management.jmxremote.ssl=false"
>>
>> And have added the jmxremote.password file in to the conf directory. I
>> wrote
>> a client tool that connects to the JMX server running on port 18070. When
>> i
>> run the client program i get the following error.
>>
>> Exception in thread "main" java.lang.SecurityException: Authentication
>> failed! Credentials required
>>        at
>>
> ...
>
> Ok, so how does your client provide a username and password to the server's
> JMX interface, when it connects ?
>
>
>
>> If i change the CATALINA_OPTS properties to
>>
>> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
>>
>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
>> -Dcom.sun
>> .management.jmxremote.ssl=false
>> -Dcom.sun.management.jmxremote.authenticate=false"
>>
>> Then it works fine.
>>
>
> Of course, since then there is no authentication required.
>
>
>
>  I think what i am confused of is what is classed as
>
>> remote access. I am running the client program away from the Tomcat
>> instance
>> but both Tomcat and the client tool are on the same machine (i.e.
>> different
>> virtual machines but same environemnt). I thought i had to configure the
>> remote authentication if i access the JMX server remotely from a different
>> machine.
>>
>> By remote access do they mean accessing the JMX server from any VM either
>> locally on the same machine or remotely from a different machine?
>>
>>  I believe that in this context, "remote" just means "via a TCP/IP
> connection".
> It does not matter if your client is on the same host or not.  If it
> accesses the "server" via TCP/IP, then it counts as remote.
>
> There is another way to connect, limited to local processes running on the
> same host, but I forget how it is called or how it works.
> You can see the distinction pretty clearly by using the "jconsole"
> application, which is included in the JDK.
>
> Note : for the "remote" kind of access, there is another (second) TCP
> connection used, separate from the port which you indicate with the
> jmxremote.port parameter.
> If you are on the same host, it does not matter, but if you really need to
> connect from another host through a firewall or so, it may.
> You may want to have a look here for more info :
>
> http://download.oracle.com/javase/6/docs/technotes/guides/management/agent.html#gdevo
> (see the section :  Monitoring Applications through a Firewall)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat JMX connection - Authentication failed.

Reply via email to