You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Ziggy <zi...@gmail.com> on 2011/01/13 13:12:40 UTC
Tomcat JMX connection - Authentication failed.
Tomcat JMX connection - Authentication failed.
I am having some problems setting up Tomcat for JMX. I added the following
properties to CATALINA_OPTS
CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
-Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
-Dcom.sun
.management.jmxremote.ssl=false"
And have added the jmxremote.password file in to the conf directory. I wrote
a client tool that connects to the JMX server running on port 18070. When i
run the client program i get the following error.
Exception in thread "main" java.lang.SecurityException: Authentication
failed! Credentials required
at
com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticationFailure(JMXPluggableAuthenticator.java:193)
at
com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticate(JMXPluggableAuthenticator.java:145)
at
sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(ConnectorBootstrap.java:185)
at
javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:213)
at
javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:180)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
at sun.rmi.transport.Transport$1.run(Transport.java:159)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at
sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at
sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at
sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
at
sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:255)
at
sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:233)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:142)
at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown
Source)
at
javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2312)
at
javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:277)
at
javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248)
at
com.bt.c21sc.c21tkprobe.accessors.C21TkProbeJmxDAO.connect(Unknown Source)
at com.bt.c21sc.c21tkprobe.service.C21TkProbeBD.execute(Unknown
Source)
at com.bt.c21sc.c21tkprobe.C21AppserverProbe.main(Unknown Source)
If i change the CATALINA_OPTS properties to
CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
-Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
-Dcom.sun
.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false"
Then it works fine. I think what i am confused of is what is classed as
remote access. I am running the client program away from the Tomcat instance
but both Tomcat and the client tool are on the same machine (i.e. different
virtual machines but same environemnt). I thought i had to configure the
remote authentication if i access the JMX server remotely from a different
machine.
By remote access do they mean accessing the JMX server from any VM either
locally on the same machine or remotely from a different machine?
Re: Tomcat JMX connection - Authentication failed.
Posted by André Warnier <aw...@ice-sa.com>.
Ziggy wrote:
> Aha... i didnt realise that i needed to supply the credentials from the
> client. I thought Tomcat would get those from the password files.
Purely from an intellectual curiosity point of view, it would be interesting if you could
explain what you thought that this server-side password file was for, then.
Granted, it would simplify things a lot.
One would never have to worry about forgetting a password, for example.
:-)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat JMX connection - Authentication failed.
Posted by Pid <pi...@pidster.com>.
On 1/13/11 5:09 PM, Ziggy wrote:
> Given that Jconsole can connect to the Tomcat JMX without any user
> credentials (locally), i am guessing that i dont need to supply these
> credentials but how do i connect to the JMX server without supplying the
> port number? (by specifying the port number it means i am allowing remote
> authentication meaning i have to provide the login credentials).
You've configured JMX to listen on a port and be protected by a
password, if you are connecting to a port you must therefor supply a
password.
If, instead, you want to use the Attach API (an experimental package in
Java 6), you can connect to a local Java process directly, using the
localConnectorStub. The Attach API is the mechanism used by JConsole,
jps and VisualVM.
There is code in the below project which illustrates this. Look for
AbstractJMXCommand.
p
>> From my own efforts:
>>
>> https://github.com/pidster/Tomcat-CLI
>>
>>
>> p
>>
>>
>>
>>>>> mbsc = jmxc.getMBeanServerConnection();
>>>>> } catch (MalformedURLException e) {
>>>>> throw new Exception(methodName + ":" + e);
>>>>> } catch (IOException e) {
>>>>> throw new Exception(methodName + ":" + "Failed to
>>>>> connect to the Tomcat Server " + e);
>>>>> }
>>
>
Re: Tomcat JMX connection - Authentication failed.
Posted by Ziggy <zi...@gmail.com>.
Given that Jconsole can connect to the Tomcat JMX without any user
credentials (locally), i am guessing that i dont need to supply these
credentials but how do i connect to the JMX server without supplying the
port number? (by specifying the port number it means i am allowing remote
authentication meaning i have to provide the login credentials).
On Thu, Jan 13, 2011 at 4:06 PM, Pid <pi...@pidster.com> wrote:
> On 1/13/11 3:15 PM, Ziggy wrote:
> > Aha... i didnt realise that i needed to supply the credentials from the
> > client. I thought Tomcat would get those from the password files. Ok im
> off
> > to the documentation now. :)
>
> It could do, but you'd have to point the client at those files and read
> their contents too.
>
>
>
> >>> try {
> >>> url = new
> >>> JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:18070/jmxrmi");
> >>> jmxc = JMXConnectorFactory.connect(url,null);
>
> Map<String, Object> environment = new HashMap<String, Object>();
> String[] pair = new String[] { "username", "password" };
> environment.put(JMXConnector.CREDENTIALS, pair);
>
> jmxc = JMXConnectorFactory.connect(url, environment);
>
>
> From my own efforts:
>
> https://github.com/pidster/Tomcat-CLI
>
>
> p
>
>
>
> >>> mbsc = jmxc.getMBeanServerConnection();
> >>> } catch (MalformedURLException e) {
> >>> throw new Exception(methodName + ":" + e);
> >>> } catch (IOException e) {
> >>> throw new Exception(methodName + ":" + "Failed to
> >>> connect to the Tomcat Server " + e);
> >>> }
>
Re: Tomcat JMX connection - Authentication failed.
Posted by Pid <pi...@pidster.com>.
On 1/13/11 3:15 PM, Ziggy wrote:
> Aha... i didnt realise that i needed to supply the credentials from the
> client. I thought Tomcat would get those from the password files. Ok im off
> to the documentation now. :)
It could do, but you'd have to point the client at those files and read
their contents too.
>>> try {
>>> url = new
>>> JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:18070/jmxrmi");
>>> jmxc = JMXConnectorFactory.connect(url,null);
Map<String, Object> environment = new HashMap<String, Object>();
String[] pair = new String[] { "username", "password" };
environment.put(JMXConnector.CREDENTIALS, pair);
jmxc = JMXConnectorFactory.connect(url, environment);
From my own efforts:
https://github.com/pidster/Tomcat-CLI
p
>>> mbsc = jmxc.getMBeanServerConnection();
>>> } catch (MalformedURLException e) {
>>> throw new Exception(methodName + ":" + e);
>>> } catch (IOException e) {
>>> throw new Exception(methodName + ":" + "Failed to
>>> connect to the Tomcat Server " + e);
>>> }
Re: Tomcat JMX connection - Authentication failed.
Posted by Ziggy <zi...@gmail.com>.
Aha... i didnt realise that i needed to supply the credentials from the
client. I thought Tomcat would get those from the password files. Ok im off
to the documentation now. :)
On Thu, Jan 13, 2011 at 1:31 PM, André Warnier <aw...@ice-sa.com> wrote:
> Ok, what I was trying to say is this :
>
> By using the jmxremote.password.file etc.. on the JVM which runs Tomcat,
> you let this JVM know which remote user-id's can connect, and what password
> they should use.
>
> Now, from the client side, when you connect, you have to provide such a
> valid user-id and password, to "login" to the server.
>
> If you try the jconsole utility as a client, you will see this on the
> connection box.
>
> I have no idea how you supply these credentials programmatically from
> /your/ client, but that is what you have to find out.
>
>
>
>
>
>
> Ziggy wrote:
>
>> Ok i am stuck now - here is the full configuration
>>
>> $CATALINA_BASE/setenv.sh
>> ---------------------------
>> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
>>
>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
>> -Dcom.sun.management.jmxremote.ssl=false
>> -Dcom.sun.management.jmxremote.authenticate=true
>>
>> -Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access"
>> export CATALINA_OPTS
>>
>> $CATALINA_BASE/conf/jmxremote.password
>> ---------------------------------------
>> monitorRole monitorpass
>> controlRole controlpass
>>
>> $CATALINA_BASE/conf/jmxremote.access
>> ---------------------------------------
>> monitorRole readonly
>> controlRole readwrite
>>
>> The client tool i am using to access the Tomcat JMX server is running on
>> the
>> same machine as the Tomcat instance. when i start tomcat i can see that
>> there is something listening at port 18070 but when i try to connect i get
>> the following error
>>
>> Exception in thread "main" java.lang.SecurityException:
>> Authentication failed! Credentials required
>> at
>>
>> com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticationFailure(JMXPluggableAuthenticator.java:193)
>> at
>>
>> com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticate(JMXPluggableAuthenticator.java:145)
>> at
>>
>> sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(ConnectorBootstrap.java:185)
>> at
>>
>> javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:213)
>>
>>
>> I connect using the following bit of code
>>
>>
>> try {
>> url = new
>> JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:18070/jmxrmi");
>> jmxc = JMXConnectorFactory.connect(url,null);
>> mbsc = jmxc.getMBeanServerConnection();
>> } catch (MalformedURLException e) {
>> throw new Exception(methodName + ":" + e);
>> } catch (IOException e) {
>> throw new Exception(methodName + ":" + "Failed to
>> connect to the Tomcat Server " + e);
>> }
>>
>> It works fine if i set com.sun.management.jmxremote.authenticate=true to
>> false. Other than that it just fails. The client tool is running on the
>> same
>> machine as the tomcat instance so there should not be any issues with the
>> firewall. Any clues
>>
>> On Thu, Jan 13, 2011 at 1:20 PM, André Warnier <aw...@ice-sa.com> wrote:
>>
>> Ziggy wrote:
>>>
>>> Tomcat JMX connection - Authentication failed.
>>>>
>>>> I am having some problems setting up Tomcat for JMX. I added the
>>>> following
>>>> properties to CATALINA_OPTS
>>>>
>>>> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
>>>>
>>>>
>>>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
>>>> -Dcom.sun
>>>> .management.jmxremote.ssl=false"
>>>>
>>>> And have added the jmxremote.password file in to the conf directory. I
>>>> wrote
>>>> a client tool that connects to the JMX server running on port 18070.
>>>> When
>>>> i
>>>> run the client program i get the following error.
>>>>
>>>> Exception in thread "main" java.lang.SecurityException: Authentication
>>>> failed! Credentials required
>>>> at
>>>>
>>>> ...
>>>
>>> Ok, so how does your client provide a username and password to the
>>> server's
>>> JMX interface, when it connects ?
>>>
>>>
>>>
>>> If i change the CATALINA_OPTS properties to
>>>>
>>>> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
>>>>
>>>>
>>>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
>>>> -Dcom.sun
>>>> .management.jmxremote.ssl=false
>>>> -Dcom.sun.management.jmxremote.authenticate=false"
>>>>
>>>> Then it works fine.
>>>>
>>>> Of course, since then there is no authentication required.
>>>
>>>
>>>
>>> I think what i am confused of is what is classed as
>>>
>>> remote access. I am running the client program away from the Tomcat
>>>> instance
>>>> but both Tomcat and the client tool are on the same machine (i.e.
>>>> different
>>>> virtual machines but same environemnt). I thought i had to configure the
>>>> remote authentication if i access the JMX server remotely from a
>>>> different
>>>> machine.
>>>>
>>>> By remote access do they mean accessing the JMX server from any VM
>>>> either
>>>> locally on the same machine or remotely from a different machine?
>>>>
>>>> I believe that in this context, "remote" just means "via a TCP/IP
>>>>
>>> connection".
>>> It does not matter if your client is on the same host or not. If it
>>> accesses the "server" via TCP/IP, then it counts as remote.
>>>
>>> There is another way to connect, limited to local processes running on
>>> the
>>> same host, but I forget how it is called or how it works.
>>> You can see the distinction pretty clearly by using the "jconsole"
>>> application, which is included in the JDK.
>>>
>>> Note : for the "remote" kind of access, there is another (second) TCP
>>> connection used, separate from the port which you indicate with the
>>> jmxremote.port parameter.
>>> If you are on the same host, it does not matter, but if you really need
>>> to
>>> connect from another host through a firewall or so, it may.
>>> You may want to have a look here for more info :
>>>
>>>
>>> http://download.oracle.com/javase/6/docs/technotes/guides/management/agent.html#gdevo
>>> (see the section : Monitoring Applications through a Firewall)
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Tomcat JMX connection - Authentication failed.
Posted by André Warnier <aw...@ice-sa.com>.
Ok, what I was trying to say is this :
By using the jmxremote.password.file etc.. on the JVM which runs Tomcat, you let this JVM
know which remote user-id's can connect, and what password they should use.
Now, from the client side, when you connect, you have to provide such a valid user-id and
password, to "login" to the server.
If you try the jconsole utility as a client, you will see this on the connection box.
I have no idea how you supply these credentials programmatically from /your/ client, but
that is what you have to find out.
Ziggy wrote:
> Ok i am stuck now - here is the full configuration
>
> $CATALINA_BASE/setenv.sh
> ---------------------------
> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
> -Dcom.sun.management.jmxremote.ssl=false
> -Dcom.sun.management.jmxremote.authenticate=true
> -Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access"
> export CATALINA_OPTS
>
> $CATALINA_BASE/conf/jmxremote.password
> ---------------------------------------
> monitorRole monitorpass
> controlRole controlpass
>
> $CATALINA_BASE/conf/jmxremote.access
> ---------------------------------------
> monitorRole readonly
> controlRole readwrite
>
> The client tool i am using to access the Tomcat JMX server is running on the
> same machine as the Tomcat instance. when i start tomcat i can see that
> there is something listening at port 18070 but when i try to connect i get
> the following error
>
> Exception in thread "main" java.lang.SecurityException:
> Authentication failed! Credentials required
> at
> com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticationFailure(JMXPluggableAuthenticator.java:193)
> at
> com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticate(JMXPluggableAuthenticator.java:145)
> at
> sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(ConnectorBootstrap.java:185)
> at
> javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:213)
>
>
> I connect using the following bit of code
>
>
> try {
> url = new
> JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:18070/jmxrmi");
> jmxc = JMXConnectorFactory.connect(url,null);
> mbsc = jmxc.getMBeanServerConnection();
> } catch (MalformedURLException e) {
> throw new Exception(methodName + ":" + e);
> } catch (IOException e) {
> throw new Exception(methodName + ":" + "Failed to
> connect to the Tomcat Server " + e);
> }
>
> It works fine if i set com.sun.management.jmxremote.authenticate=true to
> false. Other than that it just fails. The client tool is running on the same
> machine as the tomcat instance so there should not be any issues with the
> firewall. Any clues
>
> On Thu, Jan 13, 2011 at 1:20 PM, André Warnier <aw...@ice-sa.com> wrote:
>
>> Ziggy wrote:
>>
>>> Tomcat JMX connection - Authentication failed.
>>>
>>> I am having some problems setting up Tomcat for JMX. I added the following
>>> properties to CATALINA_OPTS
>>>
>>> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
>>>
>>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
>>> -Dcom.sun
>>> .management.jmxremote.ssl=false"
>>>
>>> And have added the jmxremote.password file in to the conf directory. I
>>> wrote
>>> a client tool that connects to the JMX server running on port 18070. When
>>> i
>>> run the client program i get the following error.
>>>
>>> Exception in thread "main" java.lang.SecurityException: Authentication
>>> failed! Credentials required
>>> at
>>>
>> ...
>>
>> Ok, so how does your client provide a username and password to the server's
>> JMX interface, when it connects ?
>>
>>
>>
>>> If i change the CATALINA_OPTS properties to
>>>
>>> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
>>>
>>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
>>> -Dcom.sun
>>> .management.jmxremote.ssl=false
>>> -Dcom.sun.management.jmxremote.authenticate=false"
>>>
>>> Then it works fine.
>>>
>> Of course, since then there is no authentication required.
>>
>>
>>
>> I think what i am confused of is what is classed as
>>
>>> remote access. I am running the client program away from the Tomcat
>>> instance
>>> but both Tomcat and the client tool are on the same machine (i.e.
>>> different
>>> virtual machines but same environemnt). I thought i had to configure the
>>> remote authentication if i access the JMX server remotely from a different
>>> machine.
>>>
>>> By remote access do they mean accessing the JMX server from any VM either
>>> locally on the same machine or remotely from a different machine?
>>>
>>> I believe that in this context, "remote" just means "via a TCP/IP
>> connection".
>> It does not matter if your client is on the same host or not. If it
>> accesses the "server" via TCP/IP, then it counts as remote.
>>
>> There is another way to connect, limited to local processes running on the
>> same host, but I forget how it is called or how it works.
>> You can see the distinction pretty clearly by using the "jconsole"
>> application, which is included in the JDK.
>>
>> Note : for the "remote" kind of access, there is another (second) TCP
>> connection used, separate from the port which you indicate with the
>> jmxremote.port parameter.
>> If you are on the same host, it does not matter, but if you really need to
>> connect from another host through a firewall or so, it may.
>> You may want to have a look here for more info :
>>
>> http://download.oracle.com/javase/6/docs/technotes/guides/management/agent.html#gdevo
>> (see the section : Monitoring Applications through a Firewall)
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat JMX connection - Authentication failed.
Posted by Ziggy <zi...@gmail.com>.
Ok i am stuck now - here is the full configuration
$CATALINA_BASE/setenv.sh
---------------------------
CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
-Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access"
export CATALINA_OPTS
$CATALINA_BASE/conf/jmxremote.password
---------------------------------------
monitorRole monitorpass
controlRole controlpass
$CATALINA_BASE/conf/jmxremote.access
---------------------------------------
monitorRole readonly
controlRole readwrite
The client tool i am using to access the Tomcat JMX server is running on the
same machine as the Tomcat instance. when i start tomcat i can see that
there is something listening at port 18070 but when i try to connect i get
the following error
Exception in thread "main" java.lang.SecurityException:
Authentication failed! Credentials required
at
com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticationFailure(JMXPluggableAuthenticator.java:193)
at
com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticate(JMXPluggableAuthenticator.java:145)
at
sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(ConnectorBootstrap.java:185)
at
javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:213)
I connect using the following bit of code
try {
url = new
JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:18070/jmxrmi");
jmxc = JMXConnectorFactory.connect(url,null);
mbsc = jmxc.getMBeanServerConnection();
} catch (MalformedURLException e) {
throw new Exception(methodName + ":" + e);
} catch (IOException e) {
throw new Exception(methodName + ":" + "Failed to
connect to the Tomcat Server " + e);
}
It works fine if i set com.sun.management.jmxremote.authenticate=true to
false. Other than that it just fails. The client tool is running on the same
machine as the tomcat instance so there should not be any issues with the
firewall. Any clues
On Thu, Jan 13, 2011 at 1:20 PM, André Warnier <aw...@ice-sa.com> wrote:
> Ziggy wrote:
>
>> Tomcat JMX connection - Authentication failed.
>>
>> I am having some problems setting up Tomcat for JMX. I added the following
>> properties to CATALINA_OPTS
>>
>> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
>>
>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
>> -Dcom.sun
>> .management.jmxremote.ssl=false"
>>
>> And have added the jmxremote.password file in to the conf directory. I
>> wrote
>> a client tool that connects to the JMX server running on port 18070. When
>> i
>> run the client program i get the following error.
>>
>> Exception in thread "main" java.lang.SecurityException: Authentication
>> failed! Credentials required
>> at
>>
> ...
>
> Ok, so how does your client provide a username and password to the server's
> JMX interface, when it connects ?
>
>
>
>> If i change the CATALINA_OPTS properties to
>>
>> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
>>
>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
>> -Dcom.sun
>> .management.jmxremote.ssl=false
>> -Dcom.sun.management.jmxremote.authenticate=false"
>>
>> Then it works fine.
>>
>
> Of course, since then there is no authentication required.
>
>
>
> I think what i am confused of is what is classed as
>
>> remote access. I am running the client program away from the Tomcat
>> instance
>> but both Tomcat and the client tool are on the same machine (i.e.
>> different
>> virtual machines but same environemnt). I thought i had to configure the
>> remote authentication if i access the JMX server remotely from a different
>> machine.
>>
>> By remote access do they mean accessing the JMX server from any VM either
>> locally on the same machine or remotely from a different machine?
>>
>> I believe that in this context, "remote" just means "via a TCP/IP
> connection".
> It does not matter if your client is on the same host or not. If it
> accesses the "server" via TCP/IP, then it counts as remote.
>
> There is another way to connect, limited to local processes running on the
> same host, but I forget how it is called or how it works.
> You can see the distinction pretty clearly by using the "jconsole"
> application, which is included in the JDK.
>
> Note : for the "remote" kind of access, there is another (second) TCP
> connection used, separate from the port which you indicate with the
> jmxremote.port parameter.
> If you are on the same host, it does not matter, but if you really need to
> connect from another host through a firewall or so, it may.
> You may want to have a look here for more info :
>
> http://download.oracle.com/javase/6/docs/technotes/guides/management/agent.html#gdevo
> (see the section : Monitoring Applications through a Firewall)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Tomcat JMX connection - Authentication failed.
Posted by André Warnier <aw...@ice-sa.com>.
Ziggy wrote:
> Tomcat JMX connection - Authentication failed.
>
> I am having some problems setting up Tomcat for JMX. I added the following
> properties to CATALINA_OPTS
>
> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
> -Dcom.sun
> .management.jmxremote.ssl=false"
>
> And have added the jmxremote.password file in to the conf directory. I wrote
> a client tool that connects to the JMX server running on port 18070. When i
> run the client program i get the following error.
>
> Exception in thread "main" java.lang.SecurityException: Authentication
> failed! Credentials required
> at
...
Ok, so how does your client provide a username and password to the server's JMX interface,
when it connects ?
>
> If i change the CATALINA_OPTS properties to
>
> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
> -Dcom.sun
> .management.jmxremote.ssl=false
> -Dcom.sun.management.jmxremote.authenticate=false"
>
> Then it works fine.
Of course, since then there is no authentication required.
I think what i am confused of is what is classed as
> remote access. I am running the client program away from the Tomcat instance
> but both Tomcat and the client tool are on the same machine (i.e. different
> virtual machines but same environemnt). I thought i had to configure the
> remote authentication if i access the JMX server remotely from a different
> machine.
>
> By remote access do they mean accessing the JMX server from any VM either
> locally on the same machine or remotely from a different machine?
>
I believe that in this context, "remote" just means "via a TCP/IP connection".
It does not matter if your client is on the same host or not. If it accesses the "server"
via TCP/IP, then it counts as remote.
There is another way to connect, limited to local processes running on the same host, but
I forget how it is called or how it works.
You can see the distinction pretty clearly by using the "jconsole" application, which is
included in the JDK.
Note : for the "remote" kind of access, there is another (second) TCP connection used,
separate from the port which you indicate with the jmxremote.port parameter.
If you are on the same host, it does not matter, but if you really need to connect from
another host through a firewall or so, it may.
You may want to have a look here for more info :
http://download.oracle.com/javase/6/docs/technotes/guides/management/agent.html#gdevo
(see the section : Monitoring Applications through a Firewall)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org