You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2014/01/20 21:33:46 UTC
[Bug 56039] New: JmxRemoteLifecycleListener does not work with SSL
https://issues.apache.org/bugzilla/show_bug.cgi?id=56039
Bug ID: 56039
Summary: JmxRemoteLifecycleListener does not work with SSL
Product: Tomcat 7
Version: 7.0.50
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: esengstrom@gmail.com
Created attachment 31242
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31242&action=edit
Patch against http://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk
Using JmxRemoteLifecycleListener with SSL results in the following error on
startup:
Jan 16, 2014 4:34:20 PM org.apache.catalina.mbeans.JmxRemoteLifecycleListener
createServer
SEVERE: The JMX connector server could not be created or failed to start for
the Platform server
java.io.IOException: Cannot bind to URL [rmi://localhost:1900/jmxrmi]:
javax.naming.CommunicationException [Root exception is
java.rmi.ConnectIOException: non-JRMP server at remote endpoint]
at
javax.management.remote.rmi.RMIConnectorServer.newIOException(Unknown Source)
at javax.management.remote.rmi.RMIConnectorServer.start(Unknown Source)
at
org.apache.catalina.mbeans.JmxRemoteLifecycleListener.createServer(JmxRemoteLifecycleListener.java:304)
at
org.apache.catalina.mbeans.JmxRemoteLifecycleListener.lifecycleEvent(JmxRemoteLifecycleListener.java:258)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
at
org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:347)
at
org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:725)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.startup.Catalina.start(Catalina.java:691)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:322)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:243)
Caused by: javax.naming.CommunicationException [Root exception is
java.rmi.ConnectIOException: non-JRMP server at remote endpoint]
at com.sun.jndi.rmi.registry.RegistryContext.bind(Unknown Source)
at com.sun.jndi.toolkit.url.GenericURLContext.bind(Unknown Source)
at javax.naming.InitialContext.bind(Unknown Source)
at javax.management.remote.rmi.RMIConnectorServer.bind(Unknown Source)
... 20 more
Caused by: java.rmi.ConnectIOException: non-JRMP server at remote endpoint
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.newCall(Unknown Source)
at sun.rmi.registry.RegistryImpl_Stub.bind(Unknown Source)
... 24 more
The relevant configuration from server.xml:
<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
rmiRegistryPortPlatform="1900" rmiServerPortPlatform="11900" />
and java properties:
-Djavax.net.ssl.keyStore=$KEYSTORE -Djavax.net.ssl.keyStorePassword=$KEY_PASS
-Dcom.sun.management.jmxremote.ssl.need.client.auth=true
-Djavax.net.ssl.trustStore=$TRUSTSTORE
-Djavax.net.ssl.trustStorePassword=$TRUST_PASS
-Dcom.sun.management.jmxremote.registry.ssl=true -Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.authenticate=false
-Djava.rmi.server.hostname=$HOST_IP -Dcom.sun.management.jmxremote.ssl=true
If com.sun.management.jmxremote.ssl is changed to false everything works as
expected except without SSL.
Looking at the source code, I there is a property missing from the environment:
env.put("com.sun.jndi.rmi.factory.socket", csf);
Adding this to JmxRemoteLifecycleListener allows SSL to work properly.
Patch attatched.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 56039] JmxRemoteLifecycleListener does not work with SSL
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56039
esengstrom@gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |esengstrom@gmail.com
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 56039] JmxRemoteLifecycleListener does not work with SSL
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56039
Ravi Sanwal <rs...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rsanwal@gmail.com
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 56039] JmxRemoteLifecycleListener does not work with SSL
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56039
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Thanks for the report and the patch. The patch has been applied to 8.0.x for
8.0.0 onwards and to 7.0.x for 7.0.51 onwards.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org