Aha... i didnt realise that i needed to supply the credentials from the client. I thought Tomcat would get those from the password files. Ok im off to the documentation now. :)
On Thu, Jan 13, 2011 at 1:31 PM, André Warnier <a...@ice-sa.com> wrote: > Ok, what I was trying to say is this : > > By using the jmxremote.password.file etc.. on the JVM which runs Tomcat, > you let this JVM know which remote user-id's can connect, and what password > they should use. > > Now, from the client side, when you connect, you have to provide such a > valid user-id and password, to "login" to the server. > > If you try the jconsole utility as a client, you will see this on the > connection box. > > I have no idea how you supply these credentials programmatically from > /your/ client, but that is what you have to find out. > > > > > > > Ziggy wrote: > >> Ok i am stuck now - here is the full configuration >> >> $CATALINA_BASE/setenv.sh >> --------------------------- >> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070 >> >> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password >> -Dcom.sun.management.jmxremote.ssl=false >> -Dcom.sun.management.jmxremote.authenticate=true >> >> -Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access" >> export CATALINA_OPTS >> >> $CATALINA_BASE/conf/jmxremote.password >> --------------------------------------- >> monitorRole monitorpass >> controlRole controlpass >> >> $CATALINA_BASE/conf/jmxremote.access >> --------------------------------------- >> monitorRole readonly >> controlRole readwrite >> >> The client tool i am using to access the Tomcat JMX server is running on >> the >> same machine as the Tomcat instance. when i start tomcat i can see that >> there is something listening at port 18070 but when i try to connect i get >> the following error >> >> Exception in thread "main" java.lang.SecurityException: >> Authentication failed! Credentials required >> at >> >> com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticationFailure(JMXPluggableAuthenticator.java:193) >> at >> >> com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticate(JMXPluggableAuthenticator.java:145) >> at >> >> sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(ConnectorBootstrap.java:185) >> at >> >> javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:213) >> >> >> I connect using the following bit of code >> >> >> try { >> url = new >> JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:18070/jmxrmi"); >> jmxc = JMXConnectorFactory.connect(url,null); >> mbsc = jmxc.getMBeanServerConnection(); >> } catch (MalformedURLException e) { >> throw new Exception(methodName + ":" + e); >> } catch (IOException e) { >> throw new Exception(methodName + ":" + "Failed to >> connect to the Tomcat Server " + e); >> } >> >> It works fine if i set com.sun.management.jmxremote.authenticate=true to >> false. Other than that it just fails. The client tool is running on the >> same >> machine as the tomcat instance so there should not be any issues with the >> firewall. Any clues >> >> On Thu, Jan 13, 2011 at 1:20 PM, André Warnier <a...@ice-sa.com> wrote: >> >> Ziggy wrote: >>> >>> Tomcat JMX connection - Authentication failed. >>>> >>>> I am having some problems setting up Tomcat for JMX. I added the >>>> following >>>> properties to CATALINA_OPTS >>>> >>>> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070 >>>> >>>> >>>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password >>>> -Dcom.sun >>>> .management.jmxremote.ssl=false" >>>> >>>> And have added the jmxremote.password file in to the conf directory. I >>>> wrote >>>> a client tool that connects to the JMX server running on port 18070. >>>> When >>>> i >>>> run the client program i get the following error. >>>> >>>> Exception in thread "main" java.lang.SecurityException: Authentication >>>> failed! Credentials required >>>> at >>>> >>>> ... >>> >>> Ok, so how does your client provide a username and password to the >>> server's >>> JMX interface, when it connects ? >>> >>> >>> >>> If i change the CATALINA_OPTS properties to >>>> >>>> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070 >>>> >>>> >>>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password >>>> -Dcom.sun >>>> .management.jmxremote.ssl=false >>>> -Dcom.sun.management.jmxremote.authenticate=false" >>>> >>>> Then it works fine. >>>> >>>> Of course, since then there is no authentication required. >>> >>> >>> >>> I think what i am confused of is what is classed as >>> >>> remote access. I am running the client program away from the Tomcat >>>> instance >>>> but both Tomcat and the client tool are on the same machine (i.e. >>>> different >>>> virtual machines but same environemnt). I thought i had to configure the >>>> remote authentication if i access the JMX server remotely from a >>>> different >>>> machine. >>>> >>>> By remote access do they mean accessing the JMX server from any VM >>>> either >>>> locally on the same machine or remotely from a different machine? >>>> >>>> I believe that in this context, "remote" just means "via a TCP/IP >>>> >>> connection". >>> It does not matter if your client is on the same host or not. If it >>> accesses the "server" via TCP/IP, then it counts as remote. >>> >>> There is another way to connect, limited to local processes running on >>> the >>> same host, but I forget how it is called or how it works. >>> You can see the distinction pretty clearly by using the "jconsole" >>> application, which is included in the JDK. >>> >>> Note : for the "remote" kind of access, there is another (second) TCP >>> connection used, separate from the port which you indicate with the >>> jmxremote.port parameter. >>> If you are on the same host, it does not matter, but if you really need >>> to >>> connect from another host through a firewall or so, it may. >>> You may want to have a look here for more info : >>> >>> >>> http://download.oracle.com/javase/6/docs/technotes/guides/management/agent.html#gdevo >>> (see the section : Monitoring Applications through a Firewall) >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >