Folks, I've worked myself into a state of deep confusion around
this. I want to be able to access jetty with jconsole, remotely, but
very (very) much want to have password authentication on that, as
the service in question may be on a publicly facing server (yes, we
will be deploying with firewalls and so forth that should prevent it
being open to the world, but defence-in-depth and all that)
I've attempted to add the usual com.sun.management.jmxremote*
properties to the JVM by adding them to start.ini, which worked when
i did not have etc/jetty-jmx.xml enabled. But of course, then I only
got a very limited set of beans, and not the jetty ones (or our own)
that I was interested in. If I re-enabled etc/jetty-jmx.xml, there
were problems because that config file was creating a RMI registry
and connector on the ports I'd specified in start.ini
I tried removing the definition of the RMI registry and connector in
etc/jetty-jmx.xml, and nothing worked.
I tried removing the RMI registry and port information from the
com.sun.management.jmxremote* properties in start.ini, and it looked
like com.sun.management.jmxremote.authenticate was entirely ignored.
So in the end it looks like the right way to enable remote jmx
access is to use the stock etc/jetty-jmx.xml, but I've searched
high, low and in the middle and cannot find any information on how
to then secure the service exposed by that configuration.
--
--
Robert
Hook
Senior Java Developer
Somo |
Haymarket House | 28 Haymarket | London | SW1Y 4SP
www.somoglobal.com
This
email and any files transmitted with it are private,
may be confidential and are for the intended
recipient only. If you are not the intended
recipient, be advised that you have received them in
error. Please notify the sender of the error, delete
all copies of them from your system and destroy any
printed copies.
If you are not the intended recipient, you are not
authorised to read, print, retain, copy,
disseminate, distribute, or use this email and any
files transmitted with it. Please rely on your own
anti-virus system. No responsibility is taken by
Somo Ltd for any damage arising out of any bug or
virus infection.
|