[jetty-users] jetty 8 secure jmx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] jetty 8 secure jmx

From: Robert Hook <robert.hook@xxxxxxxxxxxxxx>
Date: Fri, 13 Jul 2012 16:20:16 +0100
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1

Folks, I've worked myself into a state of deep confusion around this. I want to be able to access jetty with jconsole, remotely, but very (very) much want to have password authentication on that, as the service in question may be on a publicly facing server (yes, we will be deploying with firewalls and so forth that should prevent it being open to the world, but defence-in-depth and all that)

I've attempted to add the usual com.sun.management.jmxremote* properties to the JVM by adding them to start.ini, which worked when i did not have etc/jetty-jmx.xml enabled. But of course, then I only got a very limited set of beans, and not the jetty ones (or our own) that I was interested in. If I re-enabled etc/jetty-jmx.xml, there were problems because that config file was creating a RMI registry and connector on the ports I'd specified in start.ini

I tried removing the definition of the RMI registry and connector in etc/jetty-jmx.xml, and nothing worked.
I tried removing the RMI registry and port information from the com.sun.management.jmxremote* properties in start.ini, and it looked like com.sun.management.jmxremote.authenticate was entirely ignored.

So in the end it looks like the right way to enable remote jmx access is to use the stock etc/jetty-jmx.xml, but I've searched high, low and in the middle and cannot find any information on how to then secure the service exposed by that configuration.
--

Robert Hook

Senior Java Developer

+44 (0)750 714 4649

Somo | Haymarket House | 28 Haymarket | London | SW1Y 4SP
www.somoglobal.com

@somoglobal

This email and any files transmitted with it are private, may be confidential and are for the intended recipient only. If you are not the intended recipient, be advised that you have received them in error. Please notify the sender of the error, delete all copies of them from your system and destroy any printed copies.
If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this email and any files transmitted with it. Please rely on your own anti-virus system. No responsibility is taken by Somo Ltd for any damage arising out of any bug or virus infection.

Follow-Ups:
- Re: [jetty-users] jetty 8 secure jmx
  - From: Simone Bordet

Prev by Date: [jetty-users] Loading resources from multiple locations
Next by Date: [jetty-users] Adding/remove contexts at runtime?
Previous by thread: [jetty-users] Loading resources from multiple locations
Next by thread: Re: [jetty-users] jetty 8 secure jmx
Index(es):
- Date
- Thread

Breadcrumbs