How to secure the JMX management console ?

tobias Jul 16, 2002 7:04 AM

Q: How to secure the JMX management console on port 8082 ?
Also:
(by MikeFinn)
The JMX-HTML Adaptor MBean (from Sun jmxtools.jar) does not allow the specification of a bind address - only a port, and max # of clients. There is no attribute for it, and in fact, the server socket open call uses the no-address constructor (port,backlog).

A:
(by Scott Stark) There is a replacement servlet in the varia package under src/main/org/jboss/jmx. Being just a regular war it has all the capbilities of a web application/web container including configuration of the ports, bind address, transport encryption, and role based
security.

(by Mike Finn) So you can undeploy jmx-html-adaptor.sar, and instead deploy this servlet to your Jetty/Tomcat. Neat. The bigger benefit here is that you can put your
own security constraints on it so Joe Fatfinger can't point a browser at 8082 and stop or remove running services.

(by Scott Stark) This will be the default html adaptor in the 3.0.1 default and all configs. The minimal config will keep the ri adaptor since that config has no servlet container.

1. Re: How to secure the JMX management console ?

kashpaw Aug 29, 2002 11:40 PM (in response to tobias)

The minimal configuration should also be securable via the mechanism built into the ri. There's a patch available at
http://sourceforge.net/tracker/index.php?func=detail&aid=602194&group_id=22866&atid=376687

[Edited by: Tobias on Aug 31, 2002 6:03 PM]
Actions
2. Re: How to secure the JMX management console ?

tobias Aug 31, 2002 12:18 PM (in response to tobias)

From JBoss 3.0.1 on the HTTP adaptor has been replaced with a jmx-console.war which provides a JMX management console.

Try http://localhost:8080/jmx-console/
Actions

Go to original post