3 Replies Latest reply: Jun 28, 2010 1:16 AM by 843798 RSS

    JMX with simple security


      I'm a new developer, and I need to create JMX client + server with security with Java 1.5.
      I used the following link: http://java.sun.com/j2se/1.5.0/docs/guide/jmx/tutorial/security.html and created my own example (based on the example in the "simple security" of this link).
      The server's side code:
      public class JMXServer{
           private static final String PROP_FILE = "myConfig.properties";
           public MBeanServer mbs = null;
           public String password;
           public String access;
           public int port;
           JMXConnectorServer cs;
           public JMXServer(){
                try {
                System.out.println("Create the MBean server");
      mbs = MBeanServerFactory.createMBeanServer();
                } catch (Exception e) {

      private void registerServerMBeans() {
           try {
                     //InternalA MBean
                     ObjectName nameA = new ObjectName("TEST:type=InternalA");
                     InternalA mbeanA = new InternalA();
           mbs.registerMBean(mbeanA, nameA);
                     //ExternalB MBean
                     ObjectName nameB = new ObjectName("TEST:type=ExternalB");
                     ExternalB mbeanB = new ExternalB();
           mbs.registerMBean(mbeanB, nameB);      

      private void startServer() throws AlreadyBoundException, Exception {       
      try {
      // Hashmap for the security objects
           HashMap<String, Object> env = new HashMap<String, Object>();
      // Secure RMI client socket factory
      SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
      // Secure RMI server socket factory
      SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory();
      // Put the RMI client socket factory in the hashmap
      // Put the RMI server socket factory in the hashmap
      env.put("jmx.remote.x.password.file", password);
      // Put the access file in the hashmap
      env.put("jmx.remote.x.access.file", access);
      // Create RMI registry on port 1099
      System.out.println("create registry on port: " + port);
      // Create JMX service url
      System.out.println("create jmx service url");
      JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:" + port + "/server");
                System.out.println("The url is: " + url);
                // Create a secured JMX connector server
                System.out.println("Create an RMI connector server");
                cs = JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs);
                // Start the RMI connector server
                System.out.println("Start the RMI connector server");
                System.out.println("RMI connector server successfully started");
                     } catch () {

      private void performInternalMBeansOperations(){
           System.out.println("internal mbeans communications with security restrictions");

      public void readPropertiesFile(){ 
      InputStream is = JMXServer.class.getResourceAsStream(PROP_FILE);
      Properties prop = new Properties();
      password = prop.getProperty("PASSWORD_DIR");
      access = prop.getProperty("ACEESS_DIR");
      String portFromFile = prop.getProperty("PORT");
      port = Integer.valueOf(portFromFile);
      System.out.println("The password file path is: " + password);
      System.out.println("The access file path is: " + access);
      System.out.println("The port is: " + port);
      }catch(Exception e){  
      System.out.println("Failed to read from " + PROP_FILE + " file");
      * main
      * @param args
      * @throws Exception
      public static void main(String[] args) throws Exception {
           JMXServer srv = new JMXServer();
        • 1. Continue -  JMX with simple security
          The Client's side is:

          public class RemoteClient {
               * The MBean server connection
               public MBeanServerConnection mbsc;
               * The remote client listener
               public RemoteClientListener listener;
               * Construct a new RemoteClient object
               public RemoteClient() {
               * Connect with the server
               public void connectWithServer() {
          System.out.println("Create an RMI connector client");
          try {
               // Hashmap for the security objects
               HashMap<String, Object> env = new HashMap<String, Object>();
               // The credentials that the server expect to receive
          String[] credentials = new String[] { "admin" , "password" };
          env.put("jmx.remote.credentials", credentials);
          // Create JMX service url
          JMXServiceURL url = new JMXServiceURL(
          // Use a secured RMI connector client to connect to the RMI connector server
                    System.out.println ("Connecting the connector client to the RMI connector server");
                    JMXConnector jmxConnector = JMXConnectorFactory.connect(url, env);
                    // Create client listener
                    listener = new RemoteClientListener();
                    // Get an MBeanServerConnection
                    System.out.println("Get an MBeanServerConnection");
                    mbsc = jmxConnector.getMBeanServerConnection();
                    // Get domains from MBeanServer
               System.out.println("The Domains of the MBean server are: ");
                    String domains[] = mbsc.getDomains();
                    for (int i = 0; i < domains.length; i++) {
                         System.out.println("Domain[" + i + "] = " + domains);

                    // Get MBeanServer's default domain
                    String domain = mbsc.getDefaultDomain();
                    System.out.println("Default Domain = " + domain);
                    // Get the number of the MBeans that are registered to the MBean server
                    System.out.println("MBean count = " + mbsc.getMBeanCount());

                    // Get the names of the MBeans controlled by the MBean server
                    System.out.println("The MBeans controlled by the MBean server are:");
                    Set names = mbsc.queryNames(null, null);
                    for (Iterator i = names.iterator(); i.hasNext(); ) {
                                   System.out.println("ObjectName = " + (ObjectName) i.next());
                         } catch () {
               * Use internalA MBean
               public void useInternalA(){
                    //Create Proxy for the MBeans
                    try {
                         ObjectName internalAName = new ObjectName("TEST:type=InternalA");
                         InternalAMBean internalAProxy = (InternalAMBean)
                         MBeanServerInvocationHandler.newProxyInstance(mbsc, internalAName,
                                   InternalAMBean.class, true);

                         // Add notification listener
                         mbsc.addNotificationListener(internalAName, listener, null, null);

          int cnt = 0;
                         cnt = internalAProxy.getCounter();
                         System.out.println("The initial MBean counter is: " + cnt);
                         System.out.println("InternalA Mbean counter = "+cnt);
                         System.out.println("Trying to perform count operation on internalA MBean");
                         cnt = internalAProxy.getCounter();
                         System.out.println("InternalA Mbean updated counter = "+cnt);

               * Use ExternalB MBean
               public void useExternalB(){
                    //Create Proxy for the MBeans
                    try {
                         ObjectName externalBName = new ObjectName("TEST:type=ExternalB");

                         ExternalBMBean externalBProxy = (ExternalBMBean)
                         MBeanServerInvocationHandler.newProxyInstance(mbsc, externalBName,
                                   ExternalBMBean.class, true);

                         // Add notification listener
                         mbsc.addNotificationListener(externalBName, listener, null, null);

          int cnt = 0;
                         cnt = externalBProxy.getCounter();
                         System.out.println("ExternalB Mbean counter = "+cnt);
                         cnt = externalBProxy.getCounter();
                         System.out.println("ExternalB Mbean updated counter = "+cnt);

               * main
               * @param args
          public static void main(String[] args) {
               RemoteClient rClient = new RemoteClient();

          I created the keystore and truststore files using the following instructions (including importing the certification):

          Now, I'm running the server's side with the following:
          -Djavax.net.ssl.keyStore="C:\newkeys\jmxkeystore" -Djavax.net.ssl.keyStorePassword=password -Djavax.net.debug=ssl
          and the client with:
          -Djavax.net.ssl.trustStore="C:\newkeys\jmxtruststore" -Djavax.net.ssl.trustStorePassword=trustword -Djavax.net.debug=ssl

          When I'm running the server (without running the client yet), I'm getting the following:
          RMI TCP Connection(8)- handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
          RMI TCP Connection(8)-called close()
          Any idea why?

          Additional problem that I have is that when I run wireshark (network sniffer), I'm not seeing anything related to SSL. only TCP.
          Is this correct? what exactly should I see?

          Any help is appreciated!
          • 2. Re: Continue -  JMX with simple security

            You might want to try out Luis Miguel example:


            -- daniel
            • 3. Re: Continue -  JMX with simple security
              Thanks for the advice, I tried it and it worked but I have a question regarding this example:
              The example includes both server and client's authentication.
              How should I customize it to be only server's authentication (without the client's authentication)?

              I highly appreciate your help!
              Thanks again!