You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2009/09/07 16:01:33 UTC
svn commit: r812143 - in /tomcat/tc6.0.x/trunk: ./
java/org/apache/catalina/mbeans/ webapps/docs/ webapps/docs/config/
Author: markt
Date: Mon Sep 7 14:01:32 2009
New Revision: 812143
URL: http://svn.apache.org/viewvc?rev=812143&view=rev
Log:
Add the JmxRemoteLifecycleListener that fixes ports used by JMX, making firewall configuration simpler.
Added:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/Constants.java (with props)
tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java (with props)
tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/LocalStrings.properties (with props)
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/build.xml
tomcat/tc6.0.x/trunk/extras.xml
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/config/listeners.xml
Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Sep 7 14:01:32 2009
@@ -1 +1 @@
-/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,673796,673820,677910,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,753039,757335,757774,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,770809,770876,776921,776924,776935,776945,77
7464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,797168,797425,797596,797607,802727,805153,812125
+/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,673796,673820,677910,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,753039,757335,757774,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,770809,770876,776921,776924,776935,776945,77
7464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,797168,797425,797596,797607,802727,805153,812125,812137
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=812143&r1=812142&r2=812143&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Sep 7 14:01:32 2009
@@ -190,18 +190,6 @@
+1: markt
-1:
-* Add remote JMX listener. Enables JMX to be configured so that it can be used
- with fixed ports. Useful when connecting through a firewall as normally JMX
- uses one fixed and one random port.
- Needs the platform MBean server fix above to be really useful
- http://people.apache.org/~markt/patches/2009-08-12-jmx-remote.patch
- +1: markt, funkman, rjung
- -1:
- rjung: The docs page contains a typo: rmiRegsitryPortPlatform -> rmiRegistryPortPlatform
- There are also some hidden defaults (password and access file) which might make
- sense to be added to the docs. Directory for those default files is
- CATALINA_BASE and not CATALINA_BASE/conf?
-
* Make context deployment error message more meaningful
http://svn.apache.org/viewvc?rev=802940&view=rev
+1: markt, kkolinko, funkman
Modified: tomcat/tc6.0.x/trunk/build.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/build.xml?rev=812143&r1=812142&r2=812143&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/build.xml (original)
+++ tomcat/tc6.0.x/trunk/build.xml Mon Sep 7 14:01:32 2009
@@ -202,6 +202,7 @@
<exclude name="org/apache/catalina/ant/**" />
<exclude name="org/apache/catalina/cluster/**" />
<exclude name="org/apache/catalina/ha/**" />
+ <exclude name="org/apache/catalina/mbeans/JmxRemote*" />
<exclude name="org/apache/catalina/tribes/**" />
<exclude name="org/apache/catalina/launcher/**" />
<exclude name="org/apache/catalina/storeconfig/**" />
Modified: tomcat/tc6.0.x/trunk/extras.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/extras.xml?rev=812143&r1=812142&r2=812143&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/extras.xml (original)
+++ tomcat/tc6.0.x/trunk/extras.xml Mon Sep 7 14:01:32 2009
@@ -85,7 +85,9 @@
<property name="tomcat-juli.jar" value="${tomcat.extras}/tomcat-juli.jar"/>
<property name="tomcat-juli-adapters.jar" value="${tomcat.extras}/tomcat-juli-adapters.jar"/>
<property name="catalina-ws.jar" value="${tomcat.extras}/catalina-ws.jar"/>
-
+
+ <property name="catalina-jmx-remote.jar" value="${tomcat.extras}/catalina-jmx-remote.jar"/>
+
<!-- Classpath -->
<path id="tomcat.classpath">
<pathelement location="${tomcat.classes}"/>
@@ -232,7 +234,20 @@
</target>
- <target name="extras" depends="prepare,commons-logging,webservices">
+ <target name="jmx-remote" >
+ <!-- Create the JAR file -->
+ <jar jarfile="${catalina-jmx-remote.jar}">
+ <fileset dir="${tomcat.classes}">
+ <include name="org/apache/catalina/mbeans/JmxRemote*" />
+ </fileset>
+ </jar>
+ <checksum file="${catalina-jmx-remote.jar}"
+ forceOverwrite="yes"
+ fileext=".md5" />
+ </target>
+
+ <target name="extras"
+ depends="prepare,commons-logging,webservices,jmx-remote">
</target>
<!-- Download and dependency building -->
Added: tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/Constants.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/Constants.java?rev=812143&view=auto
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/Constants.java (added)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/Constants.java Mon Sep 7 14:01:32 2009
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+package org.apache.catalina.mbeans;
+
+
+public class Constants {
+
+ public static final String Package = "org.apache.catalina.mbeans";
+
+}
+
Propchange: tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/Constants.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/Constants.java
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision
Added: tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java?rev=812143&view=auto
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java (added)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java Mon Sep 7 14:01:32 2009
@@ -0,0 +1,305 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.catalina.mbeans;
+
+import java.io.IOException;
+import java.io.Serializable;
+import java.lang.management.ManagementFactory;
+import java.net.MalformedURLException;
+import java.net.Socket;
+import java.rmi.RemoteException;
+import java.rmi.registry.LocateRegistry;
+import java.rmi.server.RMIClientSocketFactory;
+import java.rmi.server.RMIServerSocketFactory;
+import java.util.HashMap;
+
+import javax.management.MBeanServer;
+import javax.management.remote.JMXConnectorServer;
+import javax.management.remote.JMXConnectorServerFactory;
+import javax.management.remote.JMXServiceURL;
+import javax.management.remote.rmi.RMIConnectorServer;
+import javax.rmi.ssl.SslRMIClientSocketFactory;
+import javax.rmi.ssl.SslRMIServerSocketFactory;
+
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.tomcat.util.res.StringManager;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+
+/**
+ * This listener fixes the port used by JMX/RMI Server making things much
+ * simpler if you need to connect jconsole or similar to a remote Tomcat
+ * instance that is running behind a firewall. Only the ports are configured via
+ * the listener. The remainder of the configuration is via the standard system
+ * properties for configuring JMX.
+ */
+public class JmxRemoteLifecycleListener implements LifecycleListener {
+
+ private static Log log =
+ LogFactory.getLog(JmxRemoteLifecycleListener.class);
+
+ /**
+ * The string resources for this package.
+ */
+ protected static final StringManager sm =
+ StringManager.getManager(Constants.Package);
+
+ protected int rmiRegistryPortPlatform = -1;
+ protected int rmiServerPortPlatform = -1;
+ protected boolean rmiSSL = true;
+ protected String ciphers[] = null;
+ protected String protocols[] = null;
+ protected boolean clientAuth = true;
+ protected boolean authenticate = true;
+ protected String passwordFile = null;
+ protected String accessFile = null;
+ protected boolean useLocalPorts = false;
+
+ protected JMXConnectorServer csPlatform = null;
+
+ /**
+ * Get the port on which the Platform RMI server is exported. This is the
+ * port that is normally chosen by the RMI stack.
+ * @returns The port number
+ */
+ public int getRmiServerPortPlatform() {
+ return rmiServerPortPlatform;
+ }
+
+ /**
+ * Set the port on which the Platform RMI server is exported. This is the
+ * port that is normally chosen by the RMI stack.
+ * @param theRmiServerPortPlatform The port number
+ */
+ public void setRmiServerPortPlatform(int theRmiServerPortPlatform) {
+ rmiServerPortPlatform = theRmiServerPortPlatform;
+ }
+
+ /**
+ * Get the port on which the Platform RMI registry is exported.
+ * @returns The port number
+ */
+ public int getRmiRegistryPortPlatform() {
+ return rmiRegistryPortPlatform;
+ }
+
+ /**
+ * Set the port on which the Platform RMI registry is exported.
+ * @param theRmiRegistryPortPlatform The port number
+ */
+ public void setRmiRegistryPortPlatform(int theRmiRegistryPortPlatform) {
+ rmiRegistryPortPlatform = theRmiRegistryPortPlatform;
+ }
+
+ /**
+ * Get the flag that indicates that local ports should be used for all
+ * connections. If using SSH tunnels, or similar, this should be set to
+ * true to ensure the RMI client uses the tunnel.
+ * @returns <code>true</code> if local ports should be used
+ */
+ public boolean getUseLocalPorts() {
+ return useLocalPorts;
+ }
+
+ /**
+ * Set the flag that indicates that local ports should be used for all
+ * connections. If using SSH tunnels, or similar, this should be set to
+ * true to ensure the RMI client uses the tunnel.
+ * @param useLocalPorts Set to <code>true</code> if local ports should be
+ * used
+ */
+ public void setUseLocalPorts(boolean useLocalPorts) {
+ this.useLocalPorts = useLocalPorts;
+ }
+
+ private void init() {
+ // Get all the other parameters required from the standard system
+ // properties. Only need to get the parameters that affect the creation
+ // of the server port.
+ String rmiSSLValue = System.getProperty(
+ "com.sun.management.jmxremote.ssl", "true");
+ rmiSSL = Boolean.parseBoolean(rmiSSLValue);
+
+ String protocolsValue = System.getProperty(
+ "com.sun.management.jmxremote.ssl.enabled.protocols");
+ if (protocolsValue != null) {
+ protocols = protocolsValue.split(",");
+ }
+
+ String ciphersValue = System.getProperty(
+ "com.sun.management.jmxremote.ssl.enabled.cipher.suites");
+ if (ciphersValue != null) {
+ ciphers = ciphersValue.split(",");
+ }
+
+ String clientAuthValue = System.getProperty(
+ "com.sun.management.jmxremote.ssl.need.client.auth", "true");
+ clientAuth = Boolean.parseBoolean(clientAuthValue);
+
+ String authenticateValue = System.getProperty(
+ "com.sun.management.jmxremote.authenticate", "true");
+ authenticate = Boolean.parseBoolean(authenticateValue);
+
+ passwordFile = System.getProperty(
+ "com.sun.management.jmxremote.password.file",
+ "jmxremote.password");
+
+ accessFile = System.getProperty(
+ "com.sun.management.jmxremote.access.file",
+ "jmxremote.access");
+ }
+
+
+ public void lifecycleEvent(LifecycleEvent event) {
+ // When the server starts, configure JMX/RMI
+ if (Lifecycle.START_EVENT == event.getType()) {
+ // Configure using standard jmx system properties
+ init();
+
+ // Prevent an attacker guessing the RMI object ID
+ System.setProperty("java.rmi.server.randomIDs", "true");
+
+ // Create the environment
+ HashMap<String,Object> env = new HashMap<String,Object>();
+
+ RMIClientSocketFactory csf = null;
+ RMIServerSocketFactory ssf = null;
+
+ // Configure SSL for RMI connection if required
+ if (rmiSSL) {
+ csf = new SslRMIClientSocketFactory();
+ ssf = new SslRMIServerSocketFactory(ciphers, protocols,
+ clientAuth);
+ }
+
+ // Force the use of local ports if required
+ if (useLocalPorts) {
+ csf = new RmiClientLocalhostSocketFactory(csf);
+ }
+
+ // Populate the env properties used to create the server
+ if (csf != null) {
+ env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE,
+ csf);
+ }
+ if (ssf != null) {
+ env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE,
+ ssf);
+ }
+
+ // Configure authentication
+ if (authenticate) {
+ env.put("jmx.remote.x.password.file", passwordFile);
+ env.put("jmx.remote.x.access.file", accessFile);
+ }
+
+
+ // Create the Platform server
+ csPlatform = createServer("Platform", rmiRegistryPortPlatform,
+ rmiServerPortPlatform, env,
+ ManagementFactory.getPlatformMBeanServer());
+
+ } else if (Lifecycle.STOP_EVENT == event.getType()) {
+ destroyServer("Platform", csPlatform);
+ }
+ }
+
+ private JMXConnectorServer createServer(String serverName,
+ int theRmiRegistryPort, int theRmiServerPort,
+ HashMap<String,Object> theEnv, MBeanServer theMBeanServer) {
+
+ // Create the RMI registry
+ try {
+ LocateRegistry.createRegistry(theRmiRegistryPort);
+ } catch (RemoteException e) {
+ log.error(sm.getString(
+ "jmxRemoteLifecycleListener.createRegistryFailed",
+ serverName, Integer.toString(theRmiRegistryPort)), e);
+ return null;
+ }
+
+ // Build the connection string with fixed ports
+ StringBuffer url = new StringBuffer();
+ url.append("service:jmx:rmi://localhost:");
+ url.append(theRmiServerPort);
+ url.append("/jndi/rmi://localhost:");
+ url.append(theRmiRegistryPort);
+ url.append("/jmxrmi");
+ JMXServiceURL serviceUrl;
+ try {
+ serviceUrl = new JMXServiceURL(url.toString());
+ } catch (MalformedURLException e) {
+ log.error(sm.getString(
+ "jmxRemoteLifecycleListener.invalidURL",
+ serverName, url.toString()), e);
+ return null;
+ }
+
+ // Start the JMX server with the connection string
+ JMXConnectorServer cs = null;
+ try {
+ cs = JMXConnectorServerFactory.newJMXConnectorServer(
+ serviceUrl, theEnv, theMBeanServer);
+ cs.start();
+ log.info(sm.getString("jmxRemoteLifecycleListener.start",
+ Integer.valueOf(theRmiRegistryPort),
+ Integer.valueOf(theRmiServerPort), serverName));
+ } catch (IOException e) {
+ log.error(sm.getString(
+ "jmxRemoteLifecycleListener.createServerFailed",
+ serverName), e);
+ }
+ return cs;
+ }
+
+ private void destroyServer(String serverName,
+ JMXConnectorServer theConnectorServer) {
+ if (theConnectorServer != null) {
+ try {
+ theConnectorServer.stop();
+ } catch (IOException e) {
+ log.error(sm.getString(
+ "jmxRemoteLifecycleListener.destroyServerFailed",
+ serverName),e);
+ }
+ }
+ }
+
+ public static class RmiClientLocalhostSocketFactory
+ implements RMIClientSocketFactory, Serializable {
+ private static final String FORCED_HOST = "localhost";
+
+ private RMIClientSocketFactory factory = null;
+
+ public RmiClientLocalhostSocketFactory(RMIClientSocketFactory theFactory) {
+ factory = theFactory;
+ }
+
+ public Socket createSocket(String host, int port) throws IOException {
+ if (factory == null) {
+ return new Socket(FORCED_HOST, port);
+ } else {
+ return factory.createSocket(FORCED_HOST, port);
+ }
+ }
+
+
+ }
+}
Propchange: tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision
Added: tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/LocalStrings.properties?rev=812143&view=auto
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/LocalStrings.properties (added)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/LocalStrings.properties Mon Sep 7 14:01:32 2009
@@ -0,0 +1,20 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+jmxRemoteLifecycleListener.createRegistryFailed=Unable to create the RMI registry for the {0} server using port {1}
+jmxRemoteLifecycleListener.createServerFailed=The JMX connector server could not be created or failed to start for the {0} server
+jmxRemoteLifecycleListener.destroyServerFailed=The JMX connector server could not be stopped for the {0} server
+jmxRemoteLifecycleListener.invalidURL=The JMX Service URL requested for the {0} server, "{1}", was invalid
+jmxRemoteLifecycleListener.start=The JMX Remote Listener has configured the registry on port {0} and the server on port {1} for the {2} server
Propchange: tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/LocalStrings.properties
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: tomcat/tc6.0.x/trunk/java/org/apache/catalina/mbeans/LocalStrings.properties
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=812143&r1=812142&r2=812143&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon Sep 7 14:01:32 2009
@@ -169,6 +169,11 @@
registered by Tomcat will be exposed via JMX (eg via JConsole) without
requiring any additional configuration. (markt)
</update>
+ <add>
+ The JMX Remote Lifecycle Listener allows the ports used by JMX to be
+ fixed, making it easier to configure firewalls to all JMX traffic to
+ pass through. Part of the extras package. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Coyote">
Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/listeners.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/listeners.xml?rev=812143&r1=812142&r2=812143&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/listeners.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/listeners.xml Mon Sep 7 14:01:32 2009
@@ -141,6 +141,83 @@
<p>No additional attributes are support by the <strong>Global Resources
Lifecycle Listener</strong>.</p>
+ <h3>JMX Remote Lifecycle Listener
+ (org.apache.catalina.mbeans.JmxRemoteLifecycleListener)</h3>
+
+ <p>This listener requires <code>catalina-jmx-remote.jar</code> to be placed
+ in <code>$CATALINA_HOME/lib</code>. This jar may be found in the extras
+ directory of the binary download area.</p>
+
+ <p>The <strong>JMX Remote Lifecycle Listener</strong> fixes the ports used by
+ the JMX/RMI Server making things much simpler if you need to connect
+ jconsole or a similar tool to a remote Tomcat instance that is running
+ behind a firewall. Only these ports are configured via the listener. The
+ remainder of the configuration is via the standard system properties for
+ configuring JMX. For further information on configuring JMX see
+ <a href="http://java.sun.com/javase/6/docs/technotes/guides/management/agent.html">
+ Monitoring and Management Using JMX</a> included with the Java SDK
+ documentation.</p>
+
+ <p>If this listener was configured in server.xml as:
+<source>
+<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
+ rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" />
+</source>
+ with the following system properties set (e.g. in setenv.sh):
+<source>
+-Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
+-Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access
+-Dcom.sun.management.jmxremote.ssl=false
+</source>
+ $CATALINA_BASE/conf/jmxremote.password containing:
+<source>
+admin letmein
+</source>
+ $CATALINA_BASE/conf/jmxremote.access containing:
+<source>
+admin readwrite
+</source>
+ then opening ports 10001 (RMI Registry) and 10002 (JMX/RMI Server) in your
+ firewall would enable jconsole to connect to a Tomcat instance running
+ behind a firewall using a connection string of the form:
+<source>
+service:jmx:rmi://<hostname>:10002/jndi/rmi://<hostname>:10001/jmxrmi
+</source>
+ with a user name of <code>admin</code> and a password of
+ <code>letmein</code>.
+ </p>
+
+ <p><strong>Note that the example above does not use SSL. JMX access should
+ be considered equivalent to administrative access and secured accordingly.
+ </strong></p>
+
+ <p>This listener must only be nested within a <a href="server.html">Server</a>
+ element.</p>
+
+ <p>The following additional attributes are support by the <strong>JMX Remote
+ Lifecycle Listener</strong>:</p>
+
+ <attributes>
+
+ <attribute name="rmiRegistryPortPlatform" required="true">
+ <p>The port to be used by the JMX/RMI registry for the Platform MBeans.
+ The replaces the use of the
+ <code>com.sun.management.jmxremote.port</code> system property that
+ should not be set when using this valve.</p>
+ </attribute>
+
+ <attribute name="rmiServerPortPlatform" required="true">
+ <p>The port to be used by the Platform JMX/RMI server.</p>
+ </attribute>
+
+ <attribute name="useLocalPorts" required="false">
+ <p>Should any clients using these ports be forced to use local ports to
+ connect to the the JMX/RMI server. This is useful when tunnelling
+ connections over SSH or similar. Defaults to <code>false</code>.</p>
+ </attribute>
+
+ </attributes>
+
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org