You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Robert Gemmell (JIRA)" <qp...@incubator.apache.org> on 2008/11/22 17:00:44 UTC
[jira] Updated: (QPID-794) Management Console can't connect using
authentication
[ https://issues.apache.org/jira/browse/QPID-794?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Gemmell updated QPID-794:
--------------------------------
Attachment: QPID-794_22nov2008.patch
The above exception is the result of the broker running with the optional JMXMP Connector (as found in jmxremote_optional.jar) from the JMX Remote API, but the management console still attempting to connect to it using the standard RMI connector.
The reason for this is that the instructions found at http://cwiki.apache.org/qpid/management-console-security.html are incomplete, examining the management console code shows that it also requires an additional property in order to enable it to use security. There is a requirement to also set the 'jmxconnector' property in order to provide the name of the class which should be used to create the JMXConnector used to connect to the server. Setting this property to "javax.management.remote.jmxmp.JMXMPConnector" results in the loading of the JMXMPCconnector when security is requested so long as the jmxremote_optional.jar file is available on the classpath, or an exception being caught and reported as an error dialog by the console with message "cause: javax.management.remote.jmxmp.JMXMPConnector" if it is not available.
The authentication system for the management console is designed to use the JMXXMP protocol (which is the only protocol designed around the optional JMX Remote GenericConnector, giving the JMXMPConnector reference implementation) and it seems unlikely there would be a need to develop a new JMXConnector around the GenericConnector class for use in the management console, so I have created a patch to remove the need for specifying this property and instead have the console automatically attempt to use the "javax.management.remote.jmxmp.JMXMPConnector" class.
Additionally, the patch also changes the method through which the class is used and instead of directly instantiating a JMXMPConnector instance and using it, relies on the JMXConnectorFactory to open the connection, which will perform those functions itself when presented with a JMXServiceUrl specifying the jmxmp protocol. Having both normal/rmi and security/jmxmp server connections created based on a JMXServiceUrl opens the opportunity in future to use the same code to connect to either type of server, instead of forcing an all-servers-use-security or no-servers-use-security choice on users as at present.
Finally, if used in conjunction with my patch for QPID-1481 this allows the user to simply place the jmxremote_optional.jar in the jmxremote.sasl plugin's folder ($QPIDMC_HOME/eclipse/plugins/jmxremote.sasl_1.0.1) and it will be picked up automatically without having to modify the classpath.
As a note, the Sun webpage linked to on the wiki for the jmxremote_optional.jar download is a bit outdated and no longer provides usable links to the source code for the reference implementations (it doesnt even offer one for the latest version). The JMXMPConnector is part of the Java Dynamic Management Kit which is now open source as the OpenDMK project at https://opendmk.dev.java.net. Their binary (covered by the 'Binary License for Project OpenDMK' https://opendmk.dev.java.net/legal_notices/LICENSE_BINARY.txt) and source downloads include the jmxremote_optional jar/src so it might be an idea to list it too, it certainly proved mighty helpful in getting the above working, and another issue im about to log.
> Management Console can't connect using authentication
> -----------------------------------------------------
>
> Key: QPID-794
> URL: https://issues.apache.org/jira/browse/QPID-794
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker, Java Management : JMX Console
> Reporter: Aidan Skinner
> Assignee: Aidan Skinner
> Attachments: QPID-794_22nov2008.patch
>
>
> It is not possible to connect the management console to the broker using jmx authentication, it makes the broker throw the following exception:
> GenericConnectorServer ClientCreation.run
> WARNING: Failed to open connection: java.io.StreamCorruptedException: invalid stream header
> java.io.StreamCorruptedException: invalid stream header
> at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:764)
> at java.io.ObjectInputStream.<init>(ObjectInputStream.java:277)
> at com.sun.jmx.remote.socket.SocketConnection$ObjectInputStreamWithLoader.<init>(SocketConnection.java:354)
> at com.sun.jmx.remote.socket.SocketConnection.readMessage(SocketConnection.java:204)
> at com.sun.jmx.remote.opt.security.AdminServer.connectionOpen(AdminServer.java:76)
> at com.sun.jmx.remote.generic.ServerSynchroMessageConnectionImpl.connect(ServerSynchroMessageConnectionImpl.java:58)
> at javax.management.remote.generic.GenericConnectorServer$ClientCreation.run(GenericConnectorServer.java:405)
> at com.sun.jmx.remote.opt.util.ThreadService$ThreadServiceJob.run(ThreadService.java:208)
> at com.sun.jmx.remote.opt.util.JobExecutor.run(JobExecutor.java:59)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.