OK, so the culprit was that jconsole doesn't pass credentials when it connects
to a process directly (as stated in the management docs). However, I couldn't
log in at all when trying to connect via localhost:1099.
Finally, I made it work by opening the RMI connection to the world:
<connector connector-port="1099" connector-host="0.0.0.0"
rmi-registry-port="1098"/>
Perhaps it's just WSL, but this simply didn't work:
<connector connector-port="1099" connector-host="127.0.0.1"
rmi-registry-port="1098"/>
So as of now, I can finally see the attribute values, and the rest of the job
will be limiting the role capabilities.
Jan Šmucr
DevOps Engineer
Mobile +420 737 186 293
aimtecglobal.com
-----Původní zpráva-----
Od: Jan Šmucr <[email protected]>
Odesláno: úterý 17. února 2026 10:27
Komu: [email protected]
Kopie: Vilius Šumskas <[email protected]>
Předmět: RE: Adding a JMX read-only user
OK, now I see that the JMX management docs are separate from the security docs.
Sorry, the linking in the static docs version is confusing. I'll dig deeper.
Jan Šmucr
DevOps Engineer
Mobile +420 737 186 293
aimtecglobal.com
-----Původní zpráva-----
Od: Jan Šmucr <[email protected]>
Odesláno: úterý 17. února 2026 10:10
Komu: [email protected]
Kopie: Vilius Šumskas <[email protected]>
Předmět: RE: Adding a JMX read-only user
Dear Vilius,
LLMs tend to be way better in understanding text and code. If they don't
understand it, then chances are the text may be unclear to a mere human without
an additional context. Which happens to be me. I did not understand it, nor did
the LLM. Hence I ask here.
This mailing list cannot handle screenshots, so to clarify: After opening
jconsole, I can log in and see the MBeans tree. I then expand
"org.apache.activemq.artemis" and "<server name>", and click the "Attributes"
item. A table appears on the right side of the window, revealing all
server-related attributes with their values stating "Unavailable", written in
red.
Steps that I had performed were listed in the previous e-mail. Given that I can
log into the jconsole, the account has been set up properly to allow me for at
least that.
Since the documentation completely omits the basics, one of my attempts had to
be intuitive, and that is to have the new "view" share its capabilities with
the default "amq":
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <management-context
xmlns="http://activemq.apache.org/schema";>
<connector connector-port="1099"/>
<authorisation>
<allowlist>
<entry domain="hawtio"/>
</allowlist>
<default-access>
<access method="list*" roles="amq,view"/>
<access method="get*" roles="amq,view"/>
<access method="is*" roles="amq,view"/>
</default-access>
<role-access>
<match domain="org.apache.activemq.artemis">
<access method="list*" roles="amq,view"/>
<access method="get*" roles="amq,view"/>
<access method="is*" roles="amq,view"/>
<access method="set*" roles="amq,view"/>
<access method="browse*" roles="amq,view"/>
<access method="count*" roles="amq,view"/>
<access method="*" roles="amq,view"/>
</match>
</role-access>
</authorisation>
</management-context>
But not even this simple adjustment made any difference.
Jan Šmucr
DevOps Engineer
Mobile +420 737 186 293
aimtecglobal.com
-----Původní zpráva-----
Od: Vilius Šumskas via users <[email protected]>
Odesláno: úterý 17. února 2026 9:08
Komu: [email protected]
Kopie: Vilius Šumskas <[email protected]>
Předmět: RE: Adding a JMX read-only user
And that‘s why you don‘t use generative AI tools to solve a deterministic
problem.
What specifically you didn’t understand on
https://artemis.apache.org/components/artemis/documentation/latest/security.html
? Have you read the linking
https://artemis.apache.org/components/artemis/documentation/latest/management.html#configuring-jmx
? If you want help on the mailing list, you need to be more specific what
steps you tried and what was the end result (errors, screenshots, etc.)
--
Vilius
From: Jan Šmucr <[email protected]>
Sent: Tuesday, February 17, 2026 9:32 AM
To: [email protected]
Subject: Adding a JMX read-only user
Hello. I’d like to ask you for help with adding a user capable of monitoring
basic attributes exposed by an Artemis instance. I couldn’t understand the
documentation here:
https://artemis.apache.org/components/artemis/documentation/latest/security.html
I even had ChatGPT read it for me, and compose a step-by-step guide, but with
no luck either.
1. I started with creating a new instance: apache-artemis-2.51.0/bin/artemis
create '--name=test' '--host=0.0.0.0' '--http-host=0.0.0.0' '--relax-jolokia'
'--require-login' '--user=admin' '--password=test' 'test'
2. I added a new “view = zabbix” role to etc/artemis-roles.properties
3. I added a new user “zabbix = ENC(…)” to etc/artemis-users.properties
4. Now I was able to log in using the jconsole, but I didn’t see any
attribute values
5. I did many different attempts to adjust the role’s capabilities in
etc/management.xml, but none of them got me anywhere What am I missing?
TIA
Jan Šmucr
DevOps Engineer
Integration Business Unit
[cid:[email protected]]
Aimtec
U Prazdroje 2807/8, 301 00 Pilsen, Czech Republic
Reception +420 377 225 215, Support +420 377 240 400
Mobile +420 737 186 293
aimtecglobal.com <https://hubs.la/H0JdDtt0>
[cid:[email protected]]<https://www.facebook.com/aimtecCZ>[cid:[email protected]]<https://www.instagram.com/aimteclife/>
[cid:[email protected]]
<https://www.linkedin.com/company/aimtec-a-s-/>
[cid:[email protected]]
<https://www.youtube.com/channel/UCorq-8h-Q8WrTmQHo1gdD1Q>
[cid:[email protected]]<https://hubs.la/Q03vLqWF0>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected] For further
information, visit: https://activemq.apache.org/contact
�B�KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB����[��X��ܚX�K��K[XZ[
��\�\��][��X��ܚX�P�X��]�[\K�\�X��K�ܙ�B��܈�Y��]�[ۘ[����[X[�����K[XZ[
��\�\��Z�[���X��]�[\K�\�X��K�ܙ�B��܈��\���\��[��ܛX]�[ۋ���\�]
��������X��]�[\K�\�X��K�ܙ����X��B�B�
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
