Jconsole cannot connect with tomcat running with security option on AWS EC2

Question

I am able to connect jconsole with tomcat on Amazon EC2 instance started without security option with following CATALINA_OPTS

CATALINA_OPTS="-Dcom.sun.management.jmxremote=true -Djava.net.preferIPv4Stack=true -Dcom.sun.management.jmxremote.port=15000 -Dcom.sun.management.jmxremote.rmi.port=15001 -Djava.rmi.server.hostname=X.Y.Z.M -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=$CATALINA_HOME/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=$CATALINA_HOME/conf/jmxremote.access -Xms150M -Xmx350M"

But when I start tomcat with Security option I am not able to connect jconsole with it from remote machine.

I have added following permissions in catalina.policy for JMX from below oracle link: https://docs.oracle.com/javase/8/docs/technotes/guides/jmx/examples/Security/fine_grained/config/java.policy

Please help me if i am missing out some permissions regarding jmx in catalina.policy, If yes please comment.

Java version on the machine: java version "1.7.0_65"

OpenJDK Runtime Environment (IcedTea 2.5.3) (7u71-2.5.3-0ubuntu0.14.04.1) OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode)

Tomcat version : tomcat-6.0.36

Answer 1

Here it what it worked for me 1)I choose 1005 as jmx port and my setenv.sh is like:

CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=10005 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.local.only=false -Djava.rmi.server.hostname=localhost"

2) redirect using ssh the jmx port and the rmi

3) Run Jconsole using the following uri: service:jmx:rmi:///jndi/rmi://localhost:10005/jmxrmi

If you need more information have a look to this post: http://ignaciosuay.com/how-to-connect-a-java-profiler-like-visualvm-or-jconsole-to-a-remote-tomcat-running-on-amazon-ec2/