[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] jetty 8 secure jmx

On 07/17/2012 10:15 PM, Simone Bordet wrote:
Let us know if it worked. Simon

It worked for me! I only set up JMX properly last week.. nice to have some security on it now.


From my jetty-7.6.4 jetty-jmx.xml:

<New id="ConnectorServer" class="org.eclipse.jetty.jmx.ConnectorServer">
<Arg>
<New class="javax.management.remote.JMXServiceURL">
<Arg type="java.lang.String">rmi</Arg>
<Arg type="java.lang.String">myhostname.com</Arg>
<Arg type="java.lang.Integer"><SystemProperty name="jetty.jmxrmiport" default="1099"/></Arg>
<Arg type="java.lang.String">/jndi/rmi://myhostname.com:<SystemProperty name="jetty.jmxrmiport" default="1099"/>/jmxrmi</Arg>
</New>
</Arg>
<Arg><Map>
<Entry><Item>jmx.remote.x.password.file</Item><Item><New class="java.lang.String"><Arg><SystemProperty name="jetty.home" default="."/>/etc/my.password.file</Arg></New></Item></Entry>
<Entry><Item>jmx.remote.x.access.file</Item><Item><New class="java.lang.String"><Arg><SystemProperty name="jetty.home" default="."/>/etc/my.access.file</Arg></New></Item></Entry>
</Map></Arg>
<Arg>org.eclipse.jetty.jmx:name=rmiconnectorserver</Arg>
<Call name="start" />
</New>


where $JETTY_HOME/etc/my.password.file
monitorRole mrpasswd
controlRole crpasswd

and $JETTY_HOME/etc/my.access.file
monitorRole readonly
controlRole readwrite

Jetty logs as expected on startup:
Jul 19, 2012 4:06:29 AM org.eclipse.jetty.jmx.ConnectorServer doStart
INFO: JMX Remote URL: service:jmx:rmi://myhostname.com:1099/jndi/rmi://myhostname.com:1099/jmxrmi


I can now connect via JConsole with that URL and username "monitorRole", password "mrpasswd". Getting the password wrong gives a connection failure. Connecting with monitorRole and trying to e.g. invoke setLoggerLevel throws java.lang.SecurityException, while with controlRole it succeeds.

Thank you very much for this tip :)

Nick