You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Shawn Jiang (JIRA)" <ji...@apache.org> on 2009/02/10 08:11:00 UTC
[jira] Updated: (GERONIMO-4534) Can't secure connect to JMX with
JConsole.
[ https://issues.apache.org/jira/browse/GERONIMO-4534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shawn Jiang updated GERONIMO-4534:
----------------------------------
Priority: Major (was: Blocker)
update to major from blocker and some investigation result here:
This defect is caused by a recent change in class JMXSecureConnector to use org.apache.geronimo.kernel.rmi.GeronimoSslRMIClientSocketFactory to replace javax.rmi.ssl.SslRMIClientSocketFactory.
JConsole need the client socket factory class locally to connect to the JMX server. That's why this defect happened. Two possible solutions.
* 1, Put the geronimo-kernel-2.1.4-SNAPSHOT.jar to the classpath when starting the jconsole so that jconsole could find org.apache.geronimo.kernel.rmi.GeronimoSslRMIClientSocketFactory.
* 2, Revert the client socket factory to javax.rmi.ssl.SslRMIClientSocketFactory.
Solution #1 just needs to update the document. But it has a limitation when user can't use jconsole at a machine without the geronimo-kernel-2.1.4-SNAPSHOT.jar to connect to the JMX server.
Solution #2 needs review because there's no JIRA related to the client socket factory replacement in the svn commit.
* path: https://svn.apache.org/repos/asf/geronimo/server/branches/2.1/framework/modules/geronimo-kernel/
* revision 727268.
* log: "RMI client socket factories that set socket timeouts - should prevent automatic builds from getting stuck"
> Can't secure connect to JMX with JConsole.
> ------------------------------------------
>
> Key: GERONIMO-4534
> URL: https://issues.apache.org/jira/browse/GERONIMO-4534
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: management
> Affects Versions: 2.1.4, 2.2
> Environment: Windows XP
> Sun JDK 1.5
> geronimo_tomcat6_2.1.4_snapshot/20090209/
> Reporter: Shawn Jiang
>
> I'm trying to use jconsole to securely connect to the JMX server of geronimo 2.1.4 snapshot according to the guide here:
> http://cewiki.cn.ibm.com:7080/confluence/display/V21Docs/Working+with+the+secure+JMX+server
> * 1, Change the config.xml and start the server.
> * 2, use "jconsole -J-Djavax.net.ssl.keyStore=%GERONMO_HOME%\var\security\keystores\geronimo-default -J-Djavax.net.ssl.keyStorePassword=secret -J-Djavax.net.ssl.trustStore=%GERONMO_HOME%\var\security\keystores\geronimo-default -J-Djavax.net.ssl.trustStorePassword=secret " start the jconsole.
> * 3, in the jconsole interface->advanced, input:
> JMX URL: service:jmx:rmi:///jndi/rmi://localhost:1099/JMXSecureConnector
> user name: system
> password: manager
> * 4, click the connect button.
> expected result: could connect to the JMX server.
> actual result: CAN NOT connect to the JMX server.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.