You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Shawn Jiang (JIRA)" <ji...@apache.org> on 2009/02/10 08:11:00 UTC

[jira] Issue Comment Edited: (GERONIMO-4534) Can't secure connect to JMX with JConsole.

    [ https://issues.apache.org/jira/browse/GERONIMO-4534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12672183#action_12672183 ] 

genspring edited comment on GERONIMO-4534 at 2/9/09 11:10 PM:
----------------------------------------------------------------

update to major from blocker and some investigation result here:

This defect is caused by a recent change in class JMXSecureConnector to use org.apache.geronimo.kernel.rmi.GeronimoSslRMIClientSocketFactory to replace javax.rmi.ssl.SslRMIClientSocketFactory.

JConsole need the client socket factory class locally to connect to the JMX server.  That's why this defect happened.  Two possible solutions.

* 1, Put the geronimo-kernel-2.1.4-SNAPSHOT.jar to the classpath when starting the jconsole so that jconsole could find org.apache.geronimo.kernel.rmi.GeronimoSslRMIClientSocketFactory.

* 2, Revert the client socket factory to javax.rmi.ssl.SslRMIClientSocketFactory.


Solution #1 just needs to update the document.  But it has a limitation that user can't use jconsole at a machine without the geronimo-kernel-2.1.4-SNAPSHOT.jar to connect to the JMX server.

Solution #2 needs review because there's no JIRA related to the client socket factory replacement in the svn commit.
* path: https://svn.apache.org/repos/asf/geronimo/server/branches/2.1/framework/modules/geronimo-kernel/
* revision 727268.
* log: "RMI client socket factories that set socket timeouts - should prevent automatic builds from getting stuck"






      was (Author: genspring):
    update to major from blocker and some investigation result here:

This defect is caused by a recent change in class JMXSecureConnector to use org.apache.geronimo.kernel.rmi.GeronimoSslRMIClientSocketFactory to replace javax.rmi.ssl.SslRMIClientSocketFactory.

JConsole need the client socket factory class locally to connect to the JMX server.  That's why this defect happened.  Two possible solutions.

* 1, Put the geronimo-kernel-2.1.4-SNAPSHOT.jar to the classpath when starting the jconsole so that jconsole could find org.apache.geronimo.kernel.rmi.GeronimoSslRMIClientSocketFactory.

* 2, Revert the client socket factory to javax.rmi.ssl.SslRMIClientSocketFactory.


Solution #1 just needs to update the document.  But it has a limitation when user can't use jconsole at a machine without the geronimo-kernel-2.1.4-SNAPSHOT.jar to connect to the JMX server.

Solution #2 needs review because there's no JIRA related to the client socket factory replacement in the svn commit.
* path: https://svn.apache.org/repos/asf/geronimo/server/branches/2.1/framework/modules/geronimo-kernel/
* revision 727268.
* log: "RMI client socket factories that set socket timeouts - should prevent automatic builds from getting stuck"





  
> Can't secure connect to JMX with JConsole.
> ------------------------------------------
>
>                 Key: GERONIMO-4534
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4534
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: management
>    Affects Versions: 2.1.4, 2.2
>         Environment: Windows XP 
> Sun JDK 1.5
> geronimo_tomcat6_2.1.4_snapshot/20090209/
>            Reporter: Shawn Jiang
>
> I'm trying to use jconsole to securely connect to the JMX server of geronimo 2.1.4 snapshot according to the guide here:
> http://cewiki.cn.ibm.com:7080/confluence/display/V21Docs/Working+with+the+secure+JMX+server
> * 1, Change the config.xml and start the server.
> * 2, use "jconsole -J-Djavax.net.ssl.keyStore=%GERONMO_HOME%\var\security\keystores\geronimo-default -J-Djavax.net.ssl.keyStorePassword=secret -J-Djavax.net.ssl.trustStore=%GERONMO_HOME%\var\security\keystores\geronimo-default -J-Djavax.net.ssl.trustStorePassword=secret " start the jconsole.
> * 3, in the jconsole interface->advanced, input:
> JMX URL:   service:jmx:rmi:///jndi/rmi://localhost:1099/JMXSecureConnector
> user name: system
> password: manager
> * 4, click the connect button.
> expected result: could connect to the JMX server.
> actual result:  CAN NOT connect to the JMX server.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.