0 Replies Latest reply: Apr 19, 2012 2:22 PM by 931908 RSS

    Unable to run JMX example for Simple Security

    931908
      Hello,

      I'm trying to learn about JMX by following the Java Management Extensions (JMX) Technology Tutorial. I got stuck in the *[chapter on security|http://docs.oracle.com/javase/7/docs/technotes/guides/jmx/tutorial/security.html]*.

      I followed exactly the steps listed in *[Running the RMI Connector Example With Simple Security|http://docs.oracle.com/javase/7/docs/technotes/guides/jmx/tutorial/security.html#wp997110]* but could not get it to work. My Java is jdk1.6.0_22.

      If I run it as described:

      server: java -classpath server:mbeans -Djavax.net.ssl.keyStore=config/keystore -Djavax.net.ssl.keyStorePassword=password Server &
      client: java -classpath client:server:mbeans -Djavax.net.ssl.trustStore=config/truststore -Djavax.net.ssl.trustStorePassword=trustword Client

      I get the following error when starting the client:

      Create SimpleStandard MBean...
      java.lang.SecurityException: Access denied! Invalid access level for requested MBeanServer operation.
      at com.sun.jmx.remote.security.MBeanServerFileAccessController.checkAccess(MBeanServerFileAccessController.java:325)

      I did not change anything in the property files or the code so inside access.properties there still is username readwrite entry.

      -----

      But the commands don't look right. Why do I have to specify key stores? However, when I stripped the commands from what seemed to me like unnecessary properties I didn't get much further:

      Create an RMI connector client and connect it to the RMI connector server
      java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
      javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

      was the result of each of the following:

      -----

      server: java -classpath server:mbeans Server &
      client: java -classpath client:server:mbeans Client

      -----

      server: java -classpath server:mbeans -Dcom.sun.management.jmxremote.ssl.need.client.auth=false Server &
      client: java -classpath client:server:mbeans Client

      -----

      server: java -classpath server:mbeans -Dcom.sun.management.jmxremote.ssl.need.client.auth=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false Server &
      client: java -classpath client:server:mbeans Client

      -----

      replaced in the client:
      //JMXConnector jmxc = JMXConnectorFactory.connect(url,env);
      JMXConnector jmxc = JMXConnectorFactory.connect(url);

      server: java -classpath server:mbeans -Dcom.sun.management.jmxremote.ssl.need.client.auth=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false Server &
      client: java -classpath client:server:mbeans Client

      -----
      -----

      Also when I run Server on its own with the following command:

      java -classpath server:mbeans -Djavax.net.debug=ssl,handshake Server &

      I get:

      RMI TCP Connection(1)-172.20.111.29, SEND TLSv1 ALERT: fatal, description = handshake_failure
      RMI TCP Connection(1)-172.20.111.29, WRITE: TLSv1 Alert, length = 2
      RMI TCP Connection(1)-172.20.111.29, called closeSocket()
      RMI TCP Connection(1)-172.20.111.29, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
      RMI TCP Connection(1)-172.20.111.29, called close()
      RMI TCP Connection(1)-172.20.111.29, called closeInternal(true)

      I don't know if I should worry about that.

      -----

      Can anyone help?