Securing Jconsole To Application Server Connection - Sun Microsystems GlassFish Enterprise Server 2.1 Administration Manual

Hide thumbs Also See for GlassFish Enterprise Server 2.1:

Tuning manual (128 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

page of 256

/ 256
Contents
Table of Contents
Bookmarks

Table of Contents

Using JConsole

To view all the MBeans, Enterprise Server provides a configuration of the Standard JMX

Connector Server called System JMX Connector Server. As part of Enterprise Server startup, an

instance of this JMX Connector Server is started. Any compliant JMX connector client can

connect to the server using this Connector Server.

Java SE also provides tools to connect to an MBean Server and view MBeans registered with it.

JConsole is one such popular JMX Connector Client and is available as part of the standard Java

SE distribution. For more information on JConsole, see

http://java.sun.com/javase/6/docs/technotes/guides/management/jconsole.html

When you configure JConsole with Enterprise Server, Enterprise Server becomes the JMX

Connector's server end and JConsole becomes the JMX Connector's preferred client end.

"Connecting JConsole to Application Server" on page

connection .

Securing JConsole to Application Server Connection

There are subtle differences in how to connect to Enterprise Server, or any JMX Connector

Server end, based on the transport layer security of the connection. If the server end is secure

(guarantees transport layer security), there is a little more configuration to be performed on the

client end.

■

When you install a developer profile domain on a machine such as appserver.sun.com, you

will see the following in the Domain Administration Server (DAS) domain.xml file:

<!- – The JSR 160 "system-jmx-connector" – –>

<jmx-connector accept-all="false" address="0.0.0.0"

auth-realm-name="admin-realm" enabled="true" name="system" port="8686"

protocol="rmi_jrmp" security-enabled="false"/>

<!- – The JSR 160 "system-jmx-connector" – –>

210

Sun GlassFish Enterprise Server 2.1 Administration Guide • December 2008

By default, the developer profile of Enterprise Server is configured with a non-secure System

JMX Connector Server.

By default, cluster and enterprise profiles of Enterprise Server are configured with a secure

System JMX Connector Server.

The protocol used for communication is RMI/JRMP. If security is enabled for the JMX

Connector, the protocol used is RMI/JRMP over SSL.

RMI over SSL does not provide additional checks to ensure that the client is talking to

Note –

the intended server. Thus, there is always a possibility, while using JConsole, that you are

sending the user name and password to a malicious host. It is completely up to the

administrator to make sure that security is not compromised.

211shows how to make a successful

Table of Contents

Chapters

Table of Contents

Securing Jconsole To Application Server Connection - Sun Microsystems GlassFish Enterprise Server 2.1 Administration Manual

Securing JConsole to Application Server Connection

Chapters

Related Manuals for Sun Microsystems GlassFish Enterprise Server 2.1

Related Content for Sun Microsystems GlassFish Enterprise Server 2.1

Table of Contents