Announcement Announcement Module
Collapse
No announcement yet.
How to secure jmxServer (JConsole) Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    client connection

    Code:
    <bean id="jmx.client.connector" class="org.springframework.jmx.support.MBeanServerConnectionFactoryBean"
     			p:serviceUrl="service:jmx:rmi://localhost/jndi/rmi://localhost:1098/stock"
     			p:environmentMap-ref="jmx.remote.environment.map"
     			p:connectOnStartup="false"
     		/>
     		
     		<util:map id="jmx.remote.environment.map">
     			<entry key-ref="jmx.remote.credentials" value="willem:willem"/>
     		</util:map>
     		
     		<util:constant id="jmx.remote.credentials" static-field="javax.management.remote.JMXConnector.CREDENTIALS"/>

    Comment


    • #17
      In this article I present guide how to obligate a simple MBean which allows users to alter the aim of a Log4j logger at runtime without the essential to preserve the effort.

      The Spring design has transformed only slightly from my previous article to serve testing; the nub remains the identical tho'.



      Pontiac Power Steering Gear Box

      Comment


      • #18
        Secure JMX access with JMXPluggableAuthenticator (built-in JDK authenticator)

        Originally posted by bwelnack View Post
        I have been trying to secure the JConsole access to my stand-alone Java Server which uses Spring 2.5, but it seems anyone that knows the URL and jmx port can access JConsole without being challenged for login credentials. The Sun docs say that by default authentication is enabled, but it seems not...
        Working configuration:
        Code:
         <util:map id="jmx.environment">
                <entry key="com.sun.management.jmxremote.authenticate" value="true"/>
                <entry key="jmx.remote.x.password.file" value="[Absolute path to file with 600 permissions] "/>
         </util:map>
        
            <bean depends-on="mbeanServer" id="serverConnector" class="org.springframework.jmx.support.ConnectorServerFactoryBean"
                  p:objectName="connector:name=slpRMIConnector"
                  p:serviceUrl="service:jmx:rmi://localhost/jndi/rmi://localhost:1099/myConnector" 
              p:environmentMap-ref="jmx.environment" />

        jmx.remote.x.password.file property is used in javax.management.remote.rmi.RMIServerImpl.doNewCli ent() method as follows:

        Code:
          RMIConnection doNewClient(Object credentials) throws IOException {
            ...
                Subject subject = null;
                JMXAuthenticator authenticator =
                    (JMXAuthenticator) env.get(JMXConnectorServer.AUTHENTICATOR);
        	if (authenticator == null) {
        	    /*
        	     * Create the JAAS-based authenticator only if authentication
        	     * has been enabled
        	     */
        	    if (env.get("jmx.remote.x.password.file") != null ||
        		env.get("jmx.remote.x.login.config") != null) {
        		authenticator = new JMXPluggableAuthenticator(env);
        	    }
        	}
                if (authenticator != null) {
        	    if (tracing) logger.trace("newClient","got authenticator: " +
        			       authenticator.getClass().getName());
        	    try {
        		subject = authenticator.authenticate(credentials);
        	    } catch (SecurityException e) {
        		logger.trace("newClient", "Authentication failed: " + e);
        		throw e;
        	    }
                }
        ...
        }

        Regards,
        Maciej

        Comment


        • #19
          Thanks a lot for this solution @wims.tijd. It works well.
          However, is there a way other than using aspectJ for authorization.

          Thanks again.

          Comment

          Working...
          X