7

I wrote a batch Java 7 application that should be controlled by a JMX client. The JMX service is up and running, and I can connect to it using jConsole from my machine.

I set the option -Dcom.sun.management.jmxremote.local.only=true to avoid any incoming connection except from 127.0.0.1.

But... when I tried to connect from another computer, my connection wasn't filtered out, and I was able to access to JMX remotely.

Here it is java invocation:

java -Dcom.sun.management.jmxremote ^
 -Dcom.sun.management.jmxremote.port=7000 ^
 -Dcom.sun.management.jmxremote.local.only=true ^
 -Dcom.sun.management.jmxremote.authenticate=false ^
 -Dcom.sun.management.jmxremote.ssl=false ^
 -cp lib/*;hns-consumer.jar it.andrearota.com.Main %1

Looks like that the option haven't been considered.

Any help?

Ameba Spugnosa
  • 1,204
  • 2
  • 11
  • 25
  • What is the behavior if you omit the option? According to the documentation, the default is `true`, allowing local connections only, so the option shouldn't be needed in the first place. – Dominik Sandjaja Oct 08 '12 at 10:08
  • 1
    I think setting the port may be triggered 'remote' operation – Brian Agnew Oct 08 '12 at 10:10
  • agree with @DaDaDom, the default value of this option should be `true`, see http://www.oracle.com/technetwork/java/javase/compatibility-417013.html – turtledove Oct 08 '12 at 10:14
  • @BrianAgnew according to http://docs.oracle.com/javase/1.5.0/docs/guide/management/agent.html#remote you are right: `... setting this property publishes an additional RMI connector in a private read-only registry at the specified port using a well known name, "jmxrmi".` – Dominik Sandjaja Oct 08 '12 at 10:19
  • @BrianAgnew I had to set the port, because I want to see JMX registry exposed on a well known port. – Ameba Spugnosa Oct 08 '12 at 10:26
  • @DaDaDom Right now I am developing using JDK 7, but in production we still have Java 6. So if I omit that flag from my BAT's, I am going to have the JMX exposed remotely on production. – Ameba Spugnosa Oct 08 '12 at 10:26
  • JDK 15 seems to have the same issue for me. Hmm... perhaps this bug: https://support.oracle.com/knowledge/Middleware/1641501_1.html – rogerdpack Jan 14 '21 at 18:23

1 Answers1

0

I was looking for a way to restrict JMX server to accept requests only on localhost and stumbled into this question. It is possible now using the flag -Dcom.sun.management.jmxremote.host=localhost. Refer to this comment on a similar question.

Arjan Singh Bal
  • 133
  • 1
  • 8