Re: [jetty-users] jetty 8 secure jmx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] jetty 8 secure jmx

From: Robert Hook <robert.hook@xxxxxxxxxxxxxx>
Date: Wed, 18 Jul 2012 10:51:11 +0100
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1

Thank you Simone, those two references hit the nail on the head. In order to add authorization constraints to the remote JMX console for jetty 8, I added the map to the Connector definition, so that it became: <New id="ConnectorServer" class="org.eclipse.jetty.jmx.ConnectorServer"> <Arg> <New class="javax.management.remote.JMXServiceURL"> <Arg type="java.lang.String">rmi</Arg> <Arg type="java.lang.String" /> <Arg type="java.lang.Integer"><SystemProperty name="jetty.jmxrmiport" default="1097"/></Arg> <Arg type="java.lang.String">/jndi/rmi://<SystemProperty name="jetty.jmxrmihost" default="localhost"/>:<SystemProperty name="jetty.jmxrmiport" default="1097"/>/jmxrmi</Arg> </New> </Arg> <Arg> <Map> <Entry> <Item>jmx.remote.x.password.file</Item> <Item> <New class="java.lang.String"><Arg><Property name="jetty.home" default="." />/resources/jmx.password</Arg></New> </Item> </Entry> <Entry> <Item>jmx.remote.x.access.file</Item> <Item> <New class="java.lang.String"><Arg><Property name="jetty.home" default="." />/resources/jmx.access</Arg></New> </Item> </Entry> </Map> </Arg> <Arg>org.eclipse.jetty.jmx:name=rmiconnectorserver</Arg> <Call name="start" /> </New> I found also that I did need to specify the RMI server hostname in that file as well, although that could be a misfeature of our DNS <Call class="java.lang.System" name="setProperty"> <Arg>java.rmi.server.hostname</Arg> <Arg>192.168.1.153</Arg> </Call> Note that I placed the password and access file in JETTYHOME/resources, and made damned sure that those files are only readable by the user that runs the Jetty processes.

--

Robert Hook

Senior Java Developer

+44 (0)750 714 4649

Somo | Haymarket House | 28 Haymarket | London | SW1Y 4SP
www.somoglobal.com

@somoglobal

This email and any files transmitted with it are private, may be confidential and are for the intended recipient only. If you are not the intended recipient, be advised that you have received them in error. Please notify the sender of the error, delete all copies of them from your system and destroy any printed copies.
If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this email and any files transmitted with it. Please rely on your own anti-virus system. No responsibility is taken by Somo Ltd for any damage arising out of any bug or virus infection.

Prev by Date: [jetty-users] Jetty Releases 7.6.5.v20120716 and 8.1.5.v20120716
Next by Date: Re: [jetty-users] jetty 8 secure jmx
Previous by thread: Re: [jetty-users] jetty 8 secure jmx
Next by thread: [jetty-users] Adding/remove contexts at runtime?
Index(es):
- Date
- Thread

Breadcrumbs