1 Reply Latest reply: Sep 13, 2010 9:35 AM by 843798 RSS

    JMX Configuration on a windows maschine

    843798
      Hi everyone,

      I try to run my tomcat (6.0.29) with an enabled JMX port on a windows machine as a service (I ran the tomcat installer for windows services). On top of that I want it to be password secured.

      First of all I ran this configuration:

      -Dcatalina.home=C:\opt\Tomcat\Tomcat6
      -Dcatalina.base=C:\opt\Tomcat\Tomcat6
      -Djava.endorsed.dirs=C:\opt\Tomcat\Tomcat6\endorsed
      -Djava.io.tmpdir=C:\opt\Tomcat\Tomcat6\temp
      -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
      -Djava.util.logging.config.file=C:\opt\Tomcat\Tomcat6\conf\logging.properties
      -Djava.rmi.server.hostname=+IP+
      -Dcom.sun.management.jmxremote=true
      -Dcom.sun.management.jmxremote.port=8999
      -Dcom.sun.management.jmxremote.authenticate=false
      -Dcom.sun.management.jmxremote.ssl=false

      This works perfectly fine.

      Now I run this one:

      -Dcatalina.home=C:\opt\Tomcat\Tomcat6
      -Dcatalina.base=C:\opt\Tomcat\Tomcat6
      -Djava.endorsed.dirs=C:\opt\Tomcat\Tomcat6\endorsed
      -Djava.io.tmpdir=C:\opt\Tomcat\Tomcat6\temp
      -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
      -Djava.util.logging.config.file=C:\opt\Tomcat\Tomcat6\conf\logging.properties
      -Djava.rmi.server.hostname=+IP+
      -Dcom.sun.management.jmxremote=true
      -Dcom.sun.management.jmxremote.port=8999
      -Dcom.sun.management.jmxremote.authenticate=true
      -Dcom.sun.management.jmxremote.ssl=false
      -Dcom.sun.management.jmxremote.password.file=C:\opt\Tomcat\Tomcat6\conf\jmxremote.password
      -Dcom.sun.management.jmxremote.access.file=C:\opt\Tomcat\Tomcat6\conf\jmxremote.access

      Which won't let me start the tomcat at all.

      What I tried so far:

      1. I set the permission to both the password and access file to full access for every user. I know this is highly insecure, but at the moment I just want the tomcat to start at all. But this may already been the problem here.
      2. I am not sure if I have to mask the backslashes in the path, but I tried this as well which didn't work.

      Does anyone have another idea what might be wrong?
        • 1. Re: JMX Configuration on a windows maschine
          843798
          Hi,

          The password file and access file MUST be readable by the owner of the JVM process ONLY.
          You will probably have to use 'cacls' or something similar to revoke authorisation for the other users...

          See at the end of this page for instructions:
          [http://download.oracle.com/javase/6/docs/technotes/guides/management/security-windows.html|http://download.oracle.com/javase/6/docs/technotes/guides/management/security-windows.html]

          regards,

          -- daniel
          [http://blogs.sun.com/jmxetc|http://blogs.sun.com/jmxetc]

          Edited by: dfuchs on Sep 13, 2010 4:34 PM

          Oh, and by the way it's a bad idea to use passwords without SSL...