1

I have configured my Java application to require authentication but not SSL

JVM args:

-Djavax.management.builder.initial= -Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=localIpAddress

management.properties:

com.sun.management.jmxremote.rmi.port=39998
com.sun.management.jmxremote.port=39999
com.sun.management.jmxremote.authenticate=true
com.sun.management.jmxremote.ssl=false

jmxremote.access

monitorRole readonly
dev readwrite
tester readwrite

jmxremote.password

monitorRole guest
dev dev
tester test

However, I am able to access this application without having to enter any credentials.

jconsole ipOfApplication:39998

I get direct access, without any password prompts. How do I make sure that I get prompted to login?

NOTE: Even after enabling SSL, the same behavior occurs.

sworded
  • 2,419
  • 4
  • 31
  • 48
  • Any special reason for using the custom RMI Agent? IMO, the problem is caused by the agent. The out-of-the-box configuration works as expected (tested on JDK7u45, JDK8b115) – JB- Nov 18 '13 at 11:19
  • I am unable to access the JMX application without the Custom RMI agent – sworded Nov 18 '13 at 15:06
  • I suppose you need to route the JMX traffic through a firewall, right? – JB- Nov 19 '13 at 09:04
  • Yes, according to the answer in this post, by default, a wide range of ports must be opened for a remote connection to work. http://stackoverflow.com/questions/151238/has-anyone-ever-got-a-remote-jmx-jconsole-to-work – sworded Nov 20 '13 at 15:15
  • Actually, since JDK7u4 you can specify the RMI registry port - and that's the part that was causing the problems - see here http://stackoverflow.com/questions/19442719/remote-jmx-technology/19528077#19528077 – JB- Nov 21 '13 at 14:14
  • I have verified that property works for me, so I don't have to use a custom agent. However, I still face the same issue as before: access is allowed without authentication. – sworded Nov 21 '13 at 17:16
  • Could you please post the content of jmxremote.password.file, jmxremote.access.file and your JVM parameters for JMX? – vzamanillo Dec 10 '13 at 15:51
  • I posted the requested info. – sworded Dec 10 '13 at 17:13
  • Are you running the right JVM? maybe you have more than one JVM in your OS and you are running a JVM with a wrong management.properties file, check your Java home (alternatives or PATH env variable in Windows) and edit java/jre/lib/management/management.properties file to ensure that it is ok. – vzamanillo Dec 10 '13 at 21:08
  • I double checked that by changing the ports and trying to connect. It is the correct file. – sworded Dec 10 '13 at 22:24
  • From docs.oracle.com " Note - The com.sun.management.jmxremote.* properties could have been specified in a management.properties file instead of passing them at the command line. In that case, the system property -Dcom.sun.management.config.file=management.properties would be required to specify the location of the management.properties file." – vzamanillo Dec 11 '13 at 00:34

1 Answers1

0

You can use the following configuration:

-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=6002
-Dcom.sun.management.jmxremote.rmi.port=6003
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false

and open ports 6002, 6003 on your FW for the JMX traffic. This will enable you to access JMX server remotely without introducing any custom RMI agent.

JB-
  • 2,615
  • 18
  • 17
  • I have verified that property works for me, so I don't have to use a custom agent. However, I still face the same issue as before: access is allowed without authentication. I want to make sure all access is authenticated. – sworded Nov 21 '13 at 17:17