Versions Compared

Old Version 5

changes.mady.by.user Runhua Chi

Saved on

compared with

New Version Current

changes.mady.by.user Runhua Chi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

Password authentication over secure sockets layer (SSL) can be used to ensure that unauthorized persons cannot control or monitor your server. Before connecting to the secure JMX server in JConsole, you have to make a few configuration steps to disable the non-secure JMX server and start the jmx-security module.

  1. In directory of <Geronimo_HOME>/var/config, you can find the file config.xml. Take Geronimo 3.0 as an example, make modifications listed below.

    Elements by default

    Elements modified

    <gbean name="JMXService">

    <gbean name="JMXService" load="false">

    <module name="org.apache.geronimo.framework/jmx-security/3.0/car" load="false">

    <module name="org.apache.geronimo.framework/jmx-security/3.0/car">

  2. Save the changes, and start the server with the Enable JMX-security module loaded. (After the configuration of secure JMX server, the JMX-security module will be loaded at server start time automatically.)the Geronimo server.
  3. Then, open a command window and set environment variable.
    indent
    0
    0
    * On a Windows system
    No Format
    set GERONIMO_HOME=<Geronimo_HOME>
    indent
    0
    0
    * On a Linux system
    No Format
    export GERONIMO_HOME=<Geronimo_HOME>
    where <Geronimo_HOME> is the installation directory of the Geronimo server
  4. Run <JDK_HOME>/bin/jconsole via the following command. Note that the command has been split across several lines for readability. The command must be typed on a single line.
    indent
    0
    0
    * On a Windows system
    No Format
    jconsole \-J-D-Dorg.apache.geronimo.keyStoreTrustStorePasswordFile=%myDir%/KeystoreTrustSotrePasswordFile.key
    indent
    0
    0
    * On a Linux system
    No Format
    jconsole \-J-D-Dorg.apache.geronimo.keyStoreTrustStorePasswordFile=$myDir/KeystoreTrustSotrePasswordFile.key
    indent
    1
    1
    Where
    indent
    1
    1

    indent
    0
    0
    _myDir_ is the location of your trusted keystore file. By default, the content of file is from /var/config/config-substitutions.properties file. See Creating your keystorefile for SSL authentication for more details.
  5. In the dialog Connect to Agent of JConsole, click Advanced, and input the information: 
    • JMX URL: service:jmx:rmi:///jndi/rmi://<ipaddr>:1099/JMXSecureConnector
    • User Name: system (or user name you set)
    • Password: manager (or password you set)
       where 
      • <ipaddr> can be localhost if you are monitoring the local server, and can be host name if the monitoring remote machine can access the Geronimo server via ping command.
      • 1099 is the default naming port for Geronimo.
  6. Then click OK. JConsole will connect to Geronimo MBeans management interface. Switch to Means tab for server-wide information. In this case, tabs other than MBeans are inactive. Note that information may vary when you are using IBM SDK or Sun SDK.