java.lang.SecurityException when JMX monitor Tomcat from JConsole

 

The scenario is simple. I'm trying to monitor from my local workstation (Mac OS 10.9) a remote server (Ubuntu 12.04) that's running Tomcat 7.0.54 where my Spring Java app is deployed.

JVM hotspot 64bit "1.7.0_51" is used in both server and workstation.

THE STEPS

  • Configure Tomcat's JmxRemoteLifecycleListener to fix ports (server.xml) 

    <Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
  rmiRegistryPortPlatform="9940" rmiServerPortPlatform="9941" />

  • Copy catalina-jmx-remote.jar into CATALINA_HOME/lib

  • Open ports sudo iptables -L 

    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9940
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9941

  • setenv.sh 

    IP=`ifconfig eth0  | grep 'inet '| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`;

export CATALINA_OPTS="$CATALINA_OPTS
-Dcom.sun.management.local.only=false 
-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.authenticate=true 
-Djava.rmi.server.hostname=$IP 
-Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password 
-Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access 
-Dcom.sun.management.jmxremote.ssl=false"

    IP gets resolved to host's internal ip address, say 10.239.94.133.

  • Start Tomcat and check netstat -nap | grep java 

    tcp6  0  0 :::9940 :::*  LISTEN      6538/java       
tcp6  0  0 :::9941 :::*  LISTEN      6538/java

    Up to here it all seems to indicate the setup is correct. I can telnet my remote host to both ports and I can see Tomcat(6538) listening to those ports.

  • From my local host jconsole -debug and connect to remote process 

     service:jmx:rmi://PUBLIC-IP:9941/jndi/rmi://PUBLIC-IP:9940/jmxrmi

    • THE PROBLEM 

        java.lang.SecurityException: Expecting a javax.rmi.ssl.SslRMIClientSocketFactory RMI client socket factory in stub!
    at javax.management.remote.rmi.RMIConnector.checkStub(RMIConnector.java:1881)
    at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:295)
    at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:268)
    at sun.tools.jconsole.ProxyClient.tryConnect(ProxyClient.java:370)
    at sun.tools.jconsole.ProxyClient.connect(ProxyClient.java:313)
    at sun.tools.jconsole.VMPanel$2.run(VMPanel.java:292)

    Is there anything I've missed? I'm running in circles with this :-/ Thanks for your help.

    IP gets resolved to host's internal ip address, say 10.239.94.133.

    That was the problem. The fix is actually to set 

    -Djava.rmi.server.hostname=server.public.ip.address

    You still get the same error in JConsole (with -debug option) but disregard it and click on 'insecure' button to continue and your are in :)

    链接地址: http://www.djcxy.com/p/59716.html

    上一篇: JMXmonitor Web应用程序

    下一篇: JMX从JConsole监视Tomcat时发生java.lang.SecurityException