Re: Tomcat JMX connection - Authentication failed.

Ziggy Thu, 13 Jan 2011 07:15:40 -0800

Aha... i didnt realise that i needed to supply the credentials from the
client. I thought Tomcat would get those from the password files. Ok im off
to the documentation now. :)


On Thu, Jan 13, 2011 at 1:31 PM, André Warnier <a...@ice-sa.com> wrote:

> Ok, what I was trying to say is this :
>
> By using the jmxremote.password.file etc.. on the JVM which runs Tomcat,
> you let this JVM know which remote user-id's can connect, and what password
> they should use.
>
> Now, from the client side, when you connect, you have to provide such a
> valid user-id and password, to "login" to the server.
>
> If you try the jconsole utility as a client, you will see this on the
> connection box.
>
> I have no idea how you supply these credentials programmatically from
> /your/ client, but that is what you have to find out.
>
>
>
>
>
>
> Ziggy wrote:
>
>> Ok i am stuck now - here is the full configuration
>>
>> $CATALINA_BASE/setenv.sh
>> ---------------------------
>>        CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
>>
>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
>> -Dcom.sun.management.jmxremote.ssl=false
>> -Dcom.sun.management.jmxremote.authenticate=true
>>
>> -Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access"
>>        export CATALINA_OPTS
>>
>> $CATALINA_BASE/conf/jmxremote.password
>> ---------------------------------------
>>        monitorRole monitorpass
>>        controlRole controlpass
>>
>> $CATALINA_BASE/conf/jmxremote.access
>> ---------------------------------------
>>        monitorRole readonly
>>        controlRole readwrite
>>
>> The client tool i am using to access the Tomcat JMX server is running on
>> the
>> same machine as the Tomcat instance. when i start tomcat i can see that
>> there is something listening at port 18070 but when i try to connect i get
>> the following error
>>
>>        Exception in thread "main" java.lang.SecurityException:
>> Authentication failed! Credentials required
>>                at
>>
>> com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticationFailure(JMXPluggableAuthenticator.java:193)
>>                at
>>
>> com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticate(JMXPluggableAuthenticator.java:145)
>>                at
>>
>> sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(ConnectorBootstrap.java:185)
>>                at
>>
>> javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:213)
>>
>>
>> I connect using the following bit of code
>>
>>
>>                try {
>>                    url = new
>> JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:18070/jmxrmi");
>>                    jmxc = JMXConnectorFactory.connect(url,null);
>>                    mbsc = jmxc.getMBeanServerConnection();
>>                } catch (MalformedURLException e) {
>>                    throw new Exception(methodName + ":" + e);
>>                } catch (IOException e) {
>>                    throw new Exception(methodName + ":" + "Failed to
>> connect to the Tomcat Server " + e);
>>                }
>>
>> It works fine if i set com.sun.management.jmxremote.authenticate=true to
>> false. Other than that it just fails. The client tool is running on the
>> same
>> machine as the tomcat instance so there should not be any issues with the
>> firewall. Any clues
>>
>> On Thu, Jan 13, 2011 at 1:20 PM, André Warnier <a...@ice-sa.com> wrote:
>>
>>  Ziggy wrote:
>>>
>>>  Tomcat JMX connection - Authentication failed.
>>>>
>>>> I am having some problems setting up Tomcat for JMX. I added the
>>>> following
>>>> properties to CATALINA_OPTS
>>>>
>>>> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
>>>>
>>>>
>>>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
>>>> -Dcom.sun
>>>> .management.jmxremote.ssl=false"
>>>>
>>>> And have added the jmxremote.password file in to the conf directory. I
>>>> wrote
>>>> a client tool that connects to the JMX server running on port 18070.
>>>> When
>>>> i
>>>> run the client program i get the following error.
>>>>
>>>> Exception in thread "main" java.lang.SecurityException: Authentication
>>>> failed! Credentials required
>>>>       at
>>>>
>>>>  ...
>>>
>>> Ok, so how does your client provide a username and password to the
>>> server's
>>> JMX interface, when it connects ?
>>>
>>>
>>>
>>>  If i change the CATALINA_OPTS properties to
>>>>
>>>> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
>>>>
>>>>
>>>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
>>>> -Dcom.sun
>>>> .management.jmxremote.ssl=false
>>>> -Dcom.sun.management.jmxremote.authenticate=false"
>>>>
>>>> Then it works fine.
>>>>
>>>>  Of course, since then there is no authentication required.
>>>
>>>
>>>
>>>  I think what i am confused of is what is classed as
>>>
>>>  remote access. I am running the client program away from the Tomcat
>>>> instance
>>>> but both Tomcat and the client tool are on the same machine (i.e.
>>>> different
>>>> virtual machines but same environemnt). I thought i had to configure the
>>>> remote authentication if i access the JMX server remotely from a
>>>> different
>>>> machine.
>>>>
>>>> By remote access do they mean accessing the JMX server from any VM
>>>> either
>>>> locally on the same machine or remotely from a different machine?
>>>>
>>>>  I believe that in this context, "remote" just means "via a TCP/IP
>>>>
>>> connection".
>>> It does not matter if your client is on the same host or not.  If it
>>> accesses the "server" via TCP/IP, then it counts as remote.
>>>
>>> There is another way to connect, limited to local processes running on
>>> the
>>> same host, but I forget how it is called or how it works.
>>> You can see the distinction pretty clearly by using the "jconsole"
>>> application, which is included in the JDK.
>>>
>>> Note : for the "remote" kind of access, there is another (second) TCP
>>> connection used, separate from the port which you indicate with the
>>> jmxremote.port parameter.
>>> If you are on the same host, it does not matter, but if you really need
>>> to
>>> connect from another host through a firewall or so, it may.
>>> You may want to have a look here for more info :
>>>
>>>
>>> http://download.oracle.com/javase/6/docs/technotes/guides/management/agent.html#gdevo
>>> (see the section :  Monitoring Applications through a Firewall)
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat JMX connection - Authentication failed.

Reply via email to