...
Password authentication over secure sockets layer (SSL) can be used to ensure that unauthorized persons cannot control or monitor your server. Before connecting to the secure JMX server in JConsole, you have to make a few configuration steps to disable the non-secure JMX server and start the jmx-security module.
- In directory of
<Geronimo_HOME>/var/config
, you can find the fileconfig.xml
. Take Geronimo 3.0 as an example, make modifications listed below.Elements by default
Elements modified
<gbean name="JMXService">
<gbean name="JMXService" load="false">
<module name="org.apache.geronimo.framework/jmx-security/3.0/car" load="false">
<module name="org.apache.geronimo.framework/jmx-security/3.0/car">
- Save the changes, and start the server with the Enable JMX-security module loaded. (After the configuration of secure JMX server, the JMX-security module will be loaded at server start time automatically.)the Geronimo server.
- Then, open a command window and set environment variable.
indent 0 0 * On a Windows system
No Format set GERONIMO_HOME=<Geronimo_HOME>
indent 0 0 * On a Linux system
where <Geronimo_HOME> is the installation directory of the Geronimo serverNo Format export GERONIMO_HOME=<Geronimo_HOME>
- Run
<JDK_HOME>/bin/jconsole
via the following command. Note that the command has been split across several lines for readability. The command must be typed on a single line.indent 0 0 * On a Windows system
No Format jconsole \-J-D-Dorg.apache.geronimo.keyStoreTrustStorePasswordFile=%myDir%/KeystoreTrustSotrePasswordFile.key
indent 0 0 * On a Linux system
No Format jconsole \-J-D-Dorg.apache.geronimo.keyStoreTrustStorePasswordFile=$myDir/KeystoreTrustSotrePasswordFile.key
Whereindent 1 1 indent 1 1
_myDir_ is the location of your trusted keystore file. By default, the content of file is fromindent 0 0 /var/config/config-substitutions.properties
file. See Creating your keystorefile for SSL authentication for more details. - In the dialog Connect to Agent of JConsole, click Advanced, and input the information:
- JMX URL:
service:jmx:rmi:///jndi/rmi://<ipaddr>:1099/JMXSecureConnector
- User Name: system (or user name you set)
- Password: manager (or password you set)
where- <ipaddr> can be localhost if you are monitoring the local server, and can be host name if the monitoring remote machine can access the Geronimo server via
ping
command. - 1099 is the default naming port for Geronimo.
- <ipaddr> can be localhost if you are monitoring the local server, and can be host name if the monitoring remote machine can access the Geronimo server via
- JMX URL:
- Then click OK. JConsole will connect to Geronimo MBeans management interface. Switch to Means tab for server-wide information. In this case, tabs other than MBeans are inactive. Note that information may vary when you are using IBM SDK or Sun SDK.