Reputation: 1079
java.lang.SecurityException when JMX monitor Tomcat from JConsole
The scenario is simple. I'm trying to monitor from my local workstation (Mac OS 10.9) a remote server (Ubuntu 12.04) that's running Tomcat 7.0.54 where my Spring Java app is deployed.
JVM hotspot 64bit "1.7.0_51" is used in both server and workstation.
THE STEPS
Configure Tomcat's JmxRemoteLifecycleListener to fix ports (server.xml)
<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="9940" rmiServerPortPlatform="9941" />Copy catalina-jmx-remote.jar into CATALINA_HOME/lib
Open ports sudo iptables -L
ACCEPT tcp -- anywhere anywhere tcp dpt:9940 ACCEPT tcp -- anywhere anywhere tcp dpt:9941setenv.sh
IP=`ifconfig eth0 | grep 'inet '| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`; export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.local.only=false -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.authenticate=true -Djava.rmi.server.hostname=$IP -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access -Dcom.sun.management.jmxremote.ssl=false"IP gets resolved to host's internal ip address, say 10.239.94.133.
Start Tomcat and check netstat -nap | grep java
tcp6 0 0 :::9940 :::* LISTEN 6538/java tcp6 0 0 :::9941 :::* LISTEN 6538/javaUp to here it all seems to indicate the setup is correct. I can telnet my remote host to both ports and I can see Tomcat(6538) listening to those ports.
From my local host jconsole -debug and connect to remote process
service:jmx:rmi://PUBLIC-IP:9941/jndi/rmi://PUBLIC-IP:9940/jmxrmi
THE PROBLEM
java.lang.SecurityException: Expecting a javax.rmi.ssl.SslRMIClientSocketFactory RMI client socket factory in stub!
at javax.management.remote.rmi.RMIConnector.checkStub(RMIConnector.java:1881)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:295)
at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:268)
at sun.tools.jconsole.ProxyClient.tryConnect(ProxyClient.java:370)
at sun.tools.jconsole.ProxyClient.connect(ProxyClient.java:313)
at sun.tools.jconsole.VMPanel$2.run(VMPanel.java:292)
Is there anything I've missed? I'm running in circles with this :-/ Thanks for your help.
Upvotes: 1
Views: 2488
Answers (1)
Reputation: 1079
IP gets resolved to host's internal ip address, say 10.239.94.133.
That was the problem. The fix is actually to set
-Djava.rmi.server.hostname=server.public.ip.address
You still get the same error in JConsole (with -debug option) but disregard it and click on 'insecure' button to continue and your are in :)
Upvotes: 3
Related Questions
- org.apache.tomcat.jdbc.pool.jmx.JmxUtil.registerJmx Jmx registration failed
- java.lang.SecurityException on add JMXConnection in jvisulavm
- j_security_check on Tomcat
- Connecting remote tomcat JMX instance using jConsole
- Jconsole cannot connect with tomcat running with security option on AWS EC2
- Can't start Tomcat with -Dcom.sun.management.jmxremote.authenticate=true
- Unable to use JConsole with Tomcat running as windows service
- Java JCE Security Error on Desknow Application
- Tomcat 7 fails to start due to absence of jmxremote.access file while JMX authentication is disabled
- Tomcat JMX connection - Authentication failed