You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/03/14 23:27:00 UTC
svn commit: r1666759 - in /tomcat/tc8.0.x/trunk: ./
java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
java/org/apache/catalina/mbeans/LocalStrings.properties
webapps/docs/changelog.xml webapps/docs/config/listeners.xml
Author: markt
Date: Sat Mar 14 22:26:59 2015
New Revision: 1666759
URL: http://svn.apache.org/r1666759
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57377
Remove the restriction that prevented the use of SSL when specifying a bind address.
Enable SSL to be configured for the registry as well as the server.
Modified:
tomcat/tc8.0.x/trunk/ (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
tomcat/tc8.0.x/trunk/java/org/apache/catalina/mbeans/LocalStrings.properties
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.0.x/trunk/webapps/docs/config/listeners.xml
Propchange: tomcat/tc8.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Mar 14 22:26:59 2015
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,1655558,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657
907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663324,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,1666637,1
666649
+/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,1655558,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657
907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663324,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,1666637,1
666649,1666757
Modified: tomcat/tc8.0.x/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java?rev=1666759&r1=1666758&r2=1666759&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java Sat Mar 14 22:26:59 2015
@@ -25,17 +25,25 @@ import java.net.MalformedURLException;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.UnknownHostException;
+import java.rmi.AlreadyBoundException;
import java.rmi.RemoteException;
import java.rmi.registry.LocateRegistry;
+import java.rmi.registry.Registry;
import java.rmi.server.RMIClientSocketFactory;
import java.rmi.server.RMIServerSocketFactory;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
import java.util.HashMap;
+import java.util.List;
+import java.util.Locale;
-import javax.management.MBeanServer;
import javax.management.remote.JMXConnectorServer;
-import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXServiceURL;
import javax.management.remote.rmi.RMIConnectorServer;
+import javax.management.remote.rmi.RMIJRMPServerImpl;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
import javax.rmi.ssl.SslRMIClientSocketFactory;
import javax.rmi.ssl.SslRMIServerSocketFactory;
@@ -55,19 +63,16 @@ import org.apache.tomcat.util.res.String
*/
public class JmxRemoteLifecycleListener implements LifecycleListener {
- private static final Log log =
- LogFactory.getLog(JmxRemoteLifecycleListener.class);
+ private static final Log log = LogFactory.getLog(JmxRemoteLifecycleListener.class);
- /**
- * The string resources for this package.
- */
protected static final StringManager sm =
- StringManager.getManager(Constants.Package);
+ StringManager.getManager(Constants.Package);
protected String rmiBindAddress = null;
protected int rmiRegistryPortPlatform = -1;
protected int rmiServerPortPlatform = -1;
- protected boolean rmiSSL = true;
+ protected boolean rmiRegistrySSL = true;
+ protected boolean rmiServerSSL = true;
protected String ciphers[] = null;
protected String protocols[] = null;
protected boolean clientAuth = true;
@@ -154,9 +159,13 @@ public class JmxRemoteLifecycleListener
// Get all the other parameters required from the standard system
// properties. Only need to get the parameters that affect the creation
// of the server port.
- String rmiSSLValue = System.getProperty(
+ String rmiRegistrySSLValue = System.getProperty(
+ "com.sun.management.jmxremote.registry.ssl", "false");
+ rmiRegistrySSL = Boolean.parseBoolean(rmiRegistrySSLValue);
+
+ String rmiServerSSLValue = System.getProperty(
"com.sun.management.jmxremote.ssl", "true");
- rmiSSL = Boolean.parseBoolean(rmiSSLValue);
+ rmiServerSSL = Boolean.parseBoolean(rmiServerSSLValue);
String protocolsValue = System.getProperty(
"com.sun.management.jmxremote.ssl.enabled.protocols");
@@ -171,7 +180,7 @@ public class JmxRemoteLifecycleListener
}
String clientAuthValue = System.getProperty(
- "com.sun.management.jmxremote.ssl.need.client.auth", "true");
+ "com.sun.management.jmxremote.ssl.need.client.auth", "true");
clientAuth = Boolean.parseBoolean(clientAuthValue);
String authenticateValue = System.getProperty(
@@ -204,47 +213,64 @@ public class JmxRemoteLifecycleListener
// Create the environment
HashMap<String,Object> env = new HashMap<>();
- RMIClientSocketFactory csf = null;
- RMIServerSocketFactory ssf = null;
+ RMIClientSocketFactory registryCsf = null;
+ RMIServerSocketFactory registrySsf = null;
- // Configure SSL for RMI connection if required
- if (rmiSSL) {
+ RMIClientSocketFactory serverCsf = null;
+ RMIServerSocketFactory serverSsf = null;
+
+ // Configure registry socket factories
+ if (rmiRegistrySSL) {
+ registryCsf = new SslRMIClientSocketFactory();
+ if (rmiBindAddress == null) {
+ registrySsf = new SslRMIServerSocketFactory(
+ ciphers, protocols, clientAuth);
+ } else {
+ registrySsf = new SslRmiServerBindSocketFactory(
+ ciphers, protocols, clientAuth, rmiBindAddress);
+ }
+ } else {
if (rmiBindAddress != null) {
- throw new IllegalStateException(sm.getString(
- "jmxRemoteLifecycleListener.sslRmiBindAddress"));
+ registrySsf = new RmiServerBindSocketFactory(rmiBindAddress);
}
+ }
- csf = new SslRMIClientSocketFactory();
- ssf = new SslRMIServerSocketFactory(ciphers, protocols,
- clientAuth);
+ // Configure server socket factories
+ if (rmiServerSSL) {
+ serverCsf = new SslRMIClientSocketFactory();
+ if (rmiBindAddress == null) {
+ serverSsf = new SslRMIServerSocketFactory(
+ ciphers, protocols, clientAuth);
+ } else {
+ serverSsf = new SslRmiServerBindSocketFactory(
+ ciphers, protocols, clientAuth, rmiBindAddress);
+ }
+ } else {
+ if (rmiBindAddress != null) {
+ serverSsf = new RmiServerBindSocketFactory(rmiBindAddress);
+ }
}
- // Force server bind address if required
+ // By default, the registry will pick an address to listen on.
+ // Setting this property overrides that and ensures it listens on
+ // the configured address.
if (rmiBindAddress != null) {
- try {
- ssf = new RmiServerBindSocketFactory(
- InetAddress.getByName(rmiBindAddress));
- } catch (UnknownHostException e) {
- log.error(sm.getString(
- "jmxRemoteLifecycleListener.invalidRmiBindAddress",
- rmiBindAddress), e);
- }
+ System.setProperty("java.rmi.server.hostname", rmiBindAddress);
}
// Force the use of local ports if required
if (useLocalPorts) {
- csf = new RmiClientLocalhostSocketFactory(csf);
+ registryCsf = new RmiClientLocalhostSocketFactory(registryCsf);
+ serverCsf = new RmiClientLocalhostSocketFactory(serverCsf);
}
// Populate the env properties used to create the server
- if (csf != null) {
- env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE,
- csf);
- env.put("com.sun.jndi.rmi.factory.socket", csf);
- }
- if (ssf != null) {
- env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE,
- ssf);
+ if (serverCsf != null) {
+ env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, serverCsf);
+ env.put("com.sun.jndi.rmi.factory.socket", registryCsf);
+ }
+ if (serverSsf != null) {
+ env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, serverSsf);
}
// Configure authentication
@@ -254,25 +280,27 @@ public class JmxRemoteLifecycleListener
env.put("jmx.remote.x.login.config", loginModuleName);
}
-
// Create the Platform server
csPlatform = createServer("Platform", rmiBindAddress, rmiRegistryPortPlatform,
- rmiServerPortPlatform, env, csf, ssf,
- ManagementFactory.getPlatformMBeanServer());
+ rmiServerPortPlatform, env, registryCsf, registrySsf, serverCsf, serverSsf);
} else if (Lifecycle.STOP_EVENT == event.getType()) {
destroyServer("Platform", csPlatform);
}
}
+
private JMXConnectorServer createServer(String serverName,
String bindAddress, int theRmiRegistryPort, int theRmiServerPort,
- HashMap<String,Object> theEnv, RMIClientSocketFactory csf,
- RMIServerSocketFactory ssf, MBeanServer theMBeanServer) {
+ HashMap<String,Object> theEnv,
+ RMIClientSocketFactory registryCsf, RMIServerSocketFactory registrySsf,
+ RMIClientSocketFactory serverCsf, RMIServerSocketFactory serverSsf) {
// Create the RMI registry
+ Registry registry;
try {
- LocateRegistry.createRegistry(theRmiRegistryPort, csf, ssf);
+ registry = LocateRegistry.createRegistry(
+ theRmiRegistryPort, registryCsf, registrySsf);
} catch (RemoteException e) {
log.error(sm.getString(
"jmxRemoteLifecycleListener.createRegistryFailed",
@@ -284,37 +312,27 @@ public class JmxRemoteLifecycleListener
bindAddress = "localhost";
}
- // Build the connection string with fixed ports
- StringBuilder url = new StringBuilder();
- url.append("service:jmx:rmi://");
- url.append(bindAddress);
- url.append(":");
- url.append(theRmiServerPort);
- url.append("/jndi/rmi://");
- url.append(bindAddress);
- url.append(":");
- url.append(theRmiRegistryPort);
- url.append("/jmxrmi");
+ String url = "service:jmx:rmi://" + bindAddress;
JMXServiceURL serviceUrl;
try {
serviceUrl = new JMXServiceURL(url.toString());
} catch (MalformedURLException e) {
- log.error(sm.getString(
- "jmxRemoteLifecycleListener.invalidURL",
- serverName, url.toString()), e);
+ log.error(sm.getString("jmxRemoteLifecycleListener.invalidURL", serverName, url), e);
return null;
}
- // Start the JMX server with the connection string
- JMXConnectorServer cs = null;
+ RMIConnectorServer cs = null;
try {
- cs = JMXConnectorServerFactory.newJMXConnectorServer(
- serviceUrl, theEnv, theMBeanServer);
+ RMIJRMPServerImpl server = new RMIJRMPServerImpl(
+ rmiServerPortPlatform, serverCsf, serverSsf, theEnv);
+ cs = new RMIConnectorServer(serviceUrl, theEnv, server,
+ ManagementFactory.getPlatformMBeanServer());
cs.start();
+ registry.bind("jmxrmi", server);
log.info(sm.getString("jmxRemoteLifecycleListener.start",
Integer.toString(theRmiRegistryPort),
Integer.toString(theRmiServerPort), serverName));
- } catch (IOException e) {
+ } catch (IOException | AlreadyBoundException e) {
log.error(sm.getString(
"jmxRemoteLifecycleListener.createServerFailed",
serverName), e);
@@ -322,6 +340,7 @@ public class JmxRemoteLifecycleListener
return cs;
}
+
private void destroyServer(String serverName,
JMXConnectorServer theConnectorServer) {
if (theConnectorServer != null) {
@@ -335,6 +354,7 @@ public class JmxRemoteLifecycleListener
}
}
+
public static class RmiClientLocalhostSocketFactory
implements RMIClientSocketFactory, Serializable {
@@ -358,13 +378,22 @@ public class JmxRemoteLifecycleListener
}
}
- public static class RmiServerBindSocketFactory
- implements RMIServerSocketFactory {
+
+ public static class RmiServerBindSocketFactory implements RMIServerSocketFactory {
private final InetAddress bindAddress;
- public RmiServerBindSocketFactory(InetAddress address) {
- bindAddress = address;
+ public RmiServerBindSocketFactory(String address) {
+ InetAddress bindAddress = null;
+ try {
+ bindAddress = InetAddress.getByName(address);
+ } catch (UnknownHostException e) {
+ log.error(sm.getString(
+ "jmxRemoteLifecycleListener.invalidRmiBindAddress", address), e);
+ // bind address will be null which means any/all local addresses
+ // which should be safe
+ }
+ this.bindAddress = bindAddress;
}
@Override
@@ -372,4 +401,64 @@ public class JmxRemoteLifecycleListener
return new ServerSocket(port, 0, bindAddress);
}
}
+
+
+ public static class SslRmiServerBindSocketFactory extends SslRMIServerSocketFactory {
+
+ private static final SSLServerSocketFactory sslServerSocketFactory;
+ private static final String[] defaultProtocols;
+
+ static {
+ SSLContext sslContext;
+ try {
+ sslContext = SSLContext.getDefault();
+ } catch (NoSuchAlgorithmException e) {
+ // Can't continue. Force a failure.
+ throw new IllegalStateException(e);
+ }
+ sslServerSocketFactory = sslContext.getServerSocketFactory();
+ String[] protocols = sslContext.getDefaultSSLParameters().getProtocols();
+ List<String> filteredProtocols = new ArrayList<>(protocols.length);
+ for (String protocol : protocols) {
+ if (protocol.toUpperCase(Locale.ENGLISH).contains("SSL")) {
+ continue;
+ }
+ filteredProtocols.add(protocol);
+ }
+ defaultProtocols = filteredProtocols.toArray(new String[filteredProtocols.size()]);
+ }
+
+ private final InetAddress bindAddress;
+
+ public SslRmiServerBindSocketFactory(String[] enabledCipherSuites,
+ String[] enabledProtocols, boolean needClientAuth, String address) {
+ super(enabledCipherSuites, enabledProtocols, needClientAuth);
+ InetAddress bindAddress = null;
+ try {
+ bindAddress = InetAddress.getByName(address);
+ } catch (UnknownHostException e) {
+ log.error(sm.getString(
+ "jmxRemoteLifecycleListener.invalidRmiBindAddress", address), e);
+ // bind address will be null which means any/all local addresses
+ // which should be safe
+ }
+ this.bindAddress = bindAddress;
+ }
+
+ @Override
+ public ServerSocket createServerSocket(int port) throws IOException {
+ SSLServerSocket sslServerSocket =
+ (SSLServerSocket) sslServerSocketFactory.createServerSocket(port, 0, bindAddress);
+ if (getEnabledCipherSuites() != null) {
+ sslServerSocket.setEnabledCipherSuites(getEnabledCipherSuites());
+ }
+ if (getEnabledProtocols() == null) {
+ sslServerSocket.setEnabledProtocols(defaultProtocols);
+ } else {
+ sslServerSocket.setEnabledProtocols(getEnabledProtocols());
+ }
+ sslServerSocket.setNeedClientAuth(getNeedClientAuth());
+ return sslServerSocket;
+ }
+ }
}
Modified: tomcat/tc8.0.x/trunk/java/org/apache/catalina/mbeans/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/mbeans/LocalStrings.properties?rev=1666759&r1=1666758&r2=1666759&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/catalina/mbeans/LocalStrings.properties (original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/catalina/mbeans/LocalStrings.properties Sat Mar 14 22:26:59 2015
@@ -18,7 +18,6 @@ jmxRemoteLifecycleListener.createServerF
jmxRemoteLifecycleListener.destroyServerFailed=The JMX connector server could not be stopped for the {0} server
jmxRemoteLifecycleListener.invalidURL=The JMX Service URL requested for the {0} server, "{1}", was invalid
jmxRemoteLifecycleListener.start=The JMX Remote Listener has configured the registry on port {0} and the server on port {1} for the {2} server
-jmxRemoteLifecycleListener.sslRmiBindAddress=rmiBindAddress is incompatible with setting the system property com.sun.management.jmxremote.ssl to true
jmxRemoteLifecycleListener.invalidRmiBindAddress=Invalid RMI bind address [{0}]
mBeanFactory.managerContext=Manager components may only be added to Contexts.
Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1666759&r1=1666758&r2=1666759&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Sat Mar 14 22:26:59 2015
@@ -254,6 +254,16 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Extras">
+ <changelog>
+ <fix>
+ <bug>57377</bug>: Remove the restriction that prevented the use of SSL
+ when specifying a bind address with the JMXRemoteLifecycleListener. Also
+ enable SSL to be configured for the registry as well as the server.
+ (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Tribes">
<changelog>
<fix>
Modified: tomcat/tc8.0.x/trunk/webapps/docs/config/listeners.xml
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/config/listeners.xml?rev=1666759&r1=1666758&r2=1666759&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/config/listeners.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/config/listeners.xml Sat Mar 14 22:26:59 2015
@@ -496,10 +496,7 @@
</attribute>
<attribute name="rmiBindAddress" required="false">
- <p>The address of the interface to be used by JMX/RMI server.
- This option is incompatible with setting the system
- property <code>com.sun.management.jmxremote.ssl</code> to
- <code>true</code>.</p>
+ <p>The address of the interface to be used by JMX/RMI server.</p>
</attribute>
<attribute name="useLocalPorts" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org