Enable JMX Port in Tomcat with authentication

What is JMX ?

Java provides a technology called JMX that supplies tools for monitoring and managing applications, system objects, devices and service-oriented networks. Those resources are represented by objects called Managed Bean (MBeans)

Enable JMX port in Tomcat

To monitor Heap Memory, Threads, CPU Usage, Classes, and configure various MBeans at remote we need to enable a JMX port in tomcat.

Step 1: Go to path where you have Tomcat installed
 $ cd /usr/share/tomcat7/bin

Step 2: Make setenv.sh file and give it the read, execute and access permission
$ chmod 755 setevn.sh

Step 3: Edit the setenv.sh file and paste the following lines
export JAVA_OPTS="-Dcom.sun.management.jmxremote=true \
-Dcom.sun.management.jmxremote.port=9999\
-Dcom.sun.management.jmxremote.authenticate=false\
-Dcom.sun.management.jmxremote.ssl=false \
-Djava.rmi.server.hostname=192.168.x.x"

 1. enables jmxremote
 2. specifies the port
 3. says that we don’t need to use ssl
 4. says to leave it wide open and not use any type of authentication
 5. specifies the ip address of the server where you are running Tomcat. (paste your server IP address)


Step 4: Now open any profiling tool at your localhost. in this case I am using JvisualVM
$jvisualvm

Then Right click on appropriate tab and add jmx connection. Once the connection established successfully then your tomcat pid will shown

Enable authentication

Step1: Add two extra jvm parameter in setevn.sh file as
-Dcom.sun.management.jmxremote.password.file=
/var/lib/tomcat7/conf/jmxremote.password
-Dcom.sun.management.jmxremote.access.file=
/var/lib/tomcat7/conf/jmxremote.access
Step 2: Create two file in $CATALINA_BASE/conf/.  named as jmxremote.access and jmxremote.password

Edit the access file $CATALINA_BASE/conf/jmxremote.access and paste the line below
user-one readonly
user-two readwrite
Here we add two users named as user-one and user-two and mentioned their
access rights.

Now edit the password file $CATALINA_BASE/conf/jmxremote.password and set the password for the given users
user-one tomcatUser
user-two tomcatAdmin

Now if you try to run this setup, you will probably see something like this error in your catalina.out file
Error: Password file read access must be restricted: 
    /var/lib/tomcat7/conf/jmxremote.password
To fix this we need to make sure that both files are owned by the tomcat7 user:
$sudo chown tomcat7:tomcat7  $CATALINA_BASE/conf/jmxremote.*
Then we need to make sure that the tomcat7 user is the only user who has read access.
$sudo chmod 600  $CATALINA_BASE/conf/jmxremote.*

Comments

Popular Posts

Java Conversion Types and Conversion Contexts

Load Balancing usign HAProxy for Openfire