[
https://issues.apache.org/jira/browse/TOMEE-2294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17136682#comment-17136682
]
Frans commented on TOMEE-2294:
------------------------------
Just tried it again to confirm that I am not going crazy and the TomEE version
I'm working in is actually 7.1.3. It definitely is
Here it is with the system property commented out:
16-Jun-2020 22:17:22.916 INFO [localhost-startStop-1]
org.apache.openejb.assembler.classic.Assembler.startEjbs Started
Ejb(deployment-id=X, ejb-name=X, container=MessageDrivenContainer)
16-Jun-2020 22:17:22.919 INFO [localhost-startStop-1]
org.apache.openejb.assembler.classic.Assembler.createApplication Deployed
Application(path=C:localserver\webapps\ROOT)
16-Jun-2020 22:17:22.951 WARNING [JmsResourceAdapter-worker- - 2]
org.apache.activemq.broker.BrokerService.checkMemorySystemUsageLimits Memory
Usage for the Broker (1024mb) is more than the maximum available for the JVM:
981 mb - resetting to 70% of maximum available: 687 mb
16-Jun-2020 22:17:22.963 INFO [JmsResourceAdapter-worker- - 2]
org.apache.activemq.broker.BrokerService.doStartPersistenceAdapter Using
Persistence Adapter:
KahaDBPersistenceAdapter[C:localserver\conf\activemq-data\broker\KahaDB]
16-Jun-2020 22:17:22.979 INFO [JMX connector]
org.apache.activemq.broker.jmx.ManagementContext$1.run JMX consoles can connect
to service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi
16-Jun-2020 22:17:23.003 INFO [JmsResourceAdapter-worker- - 2]
org.apache.activemq.store.kahadb.MessageDatabase$Metadata.read KahaDB is
version 6
Uncommenting the property, the issue went away again.
16-Jun-2020 22:19:27.312 INFO [localhost-startStop-1]
org.apache.openejb.assembler.classic.Assembler.startEjbs Started
Ejb(deployment-id=X, ejb-name=X, container=MessageDrivenContainer)
16-Jun-2020 22:19:27.314 INFO [localhost-startStop-1]
org.apache.openejb.assembler.classic.Assembler.createApplication Deployed
Application(path=C:\localserver\webapps\ROOT)
16-Jun-2020 22:19:27.350 WARNING [JmsResourceAdapter-worker- - 1]
org.apache.activemq.broker.BrokerService.checkMemorySystemUsageLimits Memory
Usage for the Broker (1024mb) is more than the maximum available for the JVM:
981 mb - resetting to 70% of maximum available: 687 mb
16-Jun-2020 22:19:27.359 INFO [JmsResourceAdapter-worker- - 1]
org.apache.activemq.broker.BrokerService.doStartPersistenceAdapter Using
Persistence Adapter:
KahaDBPersistenceAdapter[C:\localserver\conf\activemq-data\broker\KahaDB]
16-Jun-2020 22:19:27.400 INFO [JmsResourceAdapter-worker- - 1]
org.apache.activemq.store.kahadb.MessageDatabase$Metadata.read KahaDB is
version 6
Setting the log level to FINEST and searching for that INFO text shows that
createConnector is first called just after
org.apache.activemq.broker.BrokerService.checkMemorySystemUsageLimits
Decompiling that class and following back the references to cMSUL shows that
the isUseJmx() property is checked just afterwards. I'm guessing this isn't set
by ?useJmx=
{code}
@Override
public void start() throws Exception {
if (stopped.get() || !started.compareAndSet(false, true)) {
// lets just ignore redundant start() calls
// as its way too easy to not be completely sure if start() has been
// called or not with the gazillion of different configuration
// mechanisms
// throw new IllegalStateException("Already started.");
return;
}
setStartException(null);
stopping.set(false);
preShutdownHooksInvoked.set(false);
startDate = new Date();
MDC.put("activemq.broker", brokerName);
try {
checkMemorySystemUsageLimits();
if (systemExitOnShutdown && useShutdownHook) {
throw new ConfigurationException("'useShutdownHook' property cannot be be used
with 'systemExitOnShutdown', please turn it off (useShutdownHook=false)");
}
processHelperProperties();
if (isUseJmx()) {
// need to remove MDC during starting JMX, as that would otherwise causes
leaks, as spawned threads inheirt the MDC and
// we cannot cleanup clear that during shutdown of the broker.
MDC.remove("activemq.broker");
try {
startManagementContext();
for (NetworkConnector connector : getNetworkConnectors()) {
registerNetworkConnectorMBean(connector);
}
} finally {
MDC.put("activemq.broker", brokerName);
}
}
// in jvm master slave, lets not publish over existing broker till we get the
lock
final BrokerRegistry brokerRegistry = BrokerRegistry.getInstance();
if (brokerRegistry.lookup(getBrokerName()) == null) {
brokerRegistry.bind(getBrokerName(), BrokerService.this);
}
startPersistenceAdapter(startAsync);
startBroker(startAsync);
brokerRegistry.bind(getBrokerName(), BrokerService.this);
} catch (Exception e) {
LOG.error("Failed to start Apache ActiveMQ ({}, {})", getBrokerName(),
brokerId, e);
try {
if (!stopped.get()) {
stop();
}
} catch (Exception ex) {
LOG.warn("Failed to stop broker after failure in start. This exception will be
ignored.", ex);
}
throw e;
} finally {
MDC.remove("activemq.broker");
}
}
{code}
startManagementContext() calls ManagementContext.start(), which brings us back
to startConnector()
Looking at the commit to ActiveMQ5Factory, I'm seeing this line of logging
{code}
Logger.getInstance(LogCategory.OPENEJB_STARTUP,
ActiveMQ5Factory.class).getChildLogger("service").info("ActiveMQ5Factory
creating broker");
{code}
So, searching for 1099|ActiveMQ5Factory in the startup logs I get
{code}
78 16-Jun-2020 23:56:54.728 INFO [main]
org.apache.openejb.resource.activemq.ActiveMQ5Factory.createBroker
ActiveMQ5Factory creating broker
80 16-Jun-2020 23:56:55.018 INFO [main]
org.apache.openejb.resource.activemq.ActiveMQ5Factory.createBroker Using
ActiveMQ startup timeout of 10000ms
81 16-Jun-2020 23:56:55.019 INFO [ActiveMQFactory start and checkpoint]
org.apache.openejb.resource.activemq.ActiveMQ5Factory$1.run Starting ActiveMQ
BrokerService
89 16-Jun-2020 23:56:55.184 INFO [ActiveMQFactory start and checkpoint]
org.apache.openejb.resource.activemq.ActiveMQ5Factory$1.run Starting ActiveMQ
checkpoint
90 16-Jun-2020 23:56:55.184 INFO [main]
org.apache.openejb.resource.activemq.ActiveMQ5Factory.createBroker ActiveMQ
broker started
205 16-Jun-2020 23:56:57.592 INFO [JMX connector]
org.apache.activemq.broker.jmx.ManagementContext$1.run JMX consoles can connect
to service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi
{code}
The log line for broker started is definitely after setCreateConnector(false)
in GitHub
Decompiling org.apache.openejb.resource.activemq.AActiveMQ5Factory.class in
openejb-core.jar from my compile time references shows the code present
{code}
final ManagementContext managementContext = new ManagementContext();
managementContext.setCreateConnector(false);
broker.setManagementContext(managementContext);
{code}
Decompiling the same class from my tomee install's lib/openejb-core-7.1.3.jar
similarly shows it present
{code}
/* 189 */ ManagementContext managementContext = new ManagementContext();
/* 190 */ managementContext.setCreateConnector(false);
/* 191 */ broker.setManagementContext(managementContext);
{code}
Might be time to go to call it a night and try again tomorrow.
Thank you so much for all your help, and for maintaining this wonderful
framework. I really don't know what I'd do without it. You guys are brilliant.
Cheers,
Frans
> Can't disable unauthenticated JMX on 1099
> -----------------------------------------
>
> Key: TOMEE-2294
> URL: https://issues.apache.org/jira/browse/TOMEE-2294
> Project: TomEE
> Issue Type: Bug
> Components: TomEE Core Server
> Reporter: Frans
> Priority: Major
> Fix For: 8.0.3
>
>
> ActiveMQ comes bundled with a JMX host that is default on unauthenticated on
> port 1099.
> {code:java}
> <Resource id="JmsResourceAdapter" type="ActiveMQResourceAdapter">
> BrokerXmlConfig = broker:(vm://broker)?useJmx=false
> ServerUrl = vm://broker
> </Resource>{code}
> Tomee's resource configuration doesn't allow this to be disabled. The above
> doesn't work.
> This can be disabled by inspecting an activemq jar's manifest, pulling down
> the same version of activemq-all, and putting that in the tomee/lib
> directory, at which point this works:
> {code:java}
> <Resource id="JmsResourceAdapter" type="ActiveMQResourceAdapter">
> BrokerXmlConfig = xbean:file:activemq.xml
> ServerUrl = vm://broker
> </Resource>
> {code}
> {code:java}
> <broker xmlns="http://activemq.apache.org/schema/core";
> useJmx="false"
> brokerName="broker"
> useShutdownHook="false"
> persistent="true"
> start="true"
> schedulerSupport="false"
> enableStatistics="false"
> offlineDurableSubscriberTimeout="259200000"
> offlineDurableSubscriberTaskSchedule="3600000">
> {code}
> However, convincing the guy hosting the server to inspect JAR manifests, pull
> down specific jars, and maintain a second configuration file seems like a lot
> of effort to go to just to have the ability to disable unauthenticated access
> to every MBean in the VM
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
