[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] jetty 8 secure jmx
|
On 07/17/2012 10:15 PM, Simone Bordet wrote:
Let us know if it worked. Simon
It worked for me! I only set up JMX properly last week.. nice to have
some security on it now.
From my jetty-7.6.4 jetty-jmx.xml:
<New id="ConnectorServer" class="org.eclipse.jetty.jmx.ConnectorServer">
<Arg>
<New class="javax.management.remote.JMXServiceURL">
<Arg type="java.lang.String">rmi</Arg>
<Arg type="java.lang.String">myhostname.com</Arg>
<Arg type="java.lang.Integer"><SystemProperty
name="jetty.jmxrmiport" default="1099"/></Arg>
<Arg
type="java.lang.String">/jndi/rmi://myhostname.com:<SystemProperty
name="jetty.jmxrmiport" default="1099"/>/jmxrmi</Arg>
</New>
</Arg>
<Arg><Map>
<Entry><Item>jmx.remote.x.password.file</Item><Item><New
class="java.lang.String"><Arg><SystemProperty name="jetty.home"
default="."/>/etc/my.password.file</Arg></New></Item></Entry>
<Entry><Item>jmx.remote.x.access.file</Item><Item><New
class="java.lang.String"><Arg><SystemProperty name="jetty.home"
default="."/>/etc/my.access.file</Arg></New></Item></Entry>
</Map></Arg>
<Arg>org.eclipse.jetty.jmx:name=rmiconnectorserver</Arg>
<Call name="start" />
</New>
where $JETTY_HOME/etc/my.password.file
monitorRole mrpasswd
controlRole crpasswd
and $JETTY_HOME/etc/my.access.file
monitorRole readonly
controlRole readwrite
Jetty logs as expected on startup:
Jul 19, 2012 4:06:29 AM org.eclipse.jetty.jmx.ConnectorServer doStart
INFO: JMX Remote URL:
service:jmx:rmi://myhostname.com:1099/jndi/rmi://myhostname.com:1099/jmxrmi
I can now connect via JConsole with that URL and username "monitorRole",
password "mrpasswd". Getting the password wrong gives a connection
failure. Connecting with monitorRole and trying to e.g. invoke
setLoggerLevel throws java.lang.SecurityException, while with
controlRole it succeeds.
Thank you very much for this tip :)
Nick
