4 Replies Latest reply on Sep 17, 2009 1:33 PM by sriram_imshriram

Disable usage of JMX?

dacapoalfine May 4, 2009 3:30 AM

Hi all,

I want to use FUSE ESB (3.3.1.10) in a stand-alone mode. My problem is that Servicemix by default opens a number of ports, for one thing the transport connector port 61616 and also a RMI port 1099 for JMX.

For security reasons, I would like to keep things absolutely simple, so I want to by default disable any entrance point into the ESB. I do not want to connect several message brokers, so I don't need the 61616 port (and the default settings are not very safe, since anyone could connect and present itself as a broker). I've figured out how to disable it, by setting activemq.url = vm://transport

in servicemix.properties.

What remains is the RMI port at 1099 and the JMX stuff. I wonder if it is possible to run servicemix without it, and in that case how. I do not want the JVM to be open to connections from e.g. JConsole. Alternately, at the very least, the connection must be safely password protected.

Anyone know how to do this? Any help would be appreciated!

/David

1. Re: Disable usage of JMX?

jgoodyea May 4, 2009 9:31 AM (in response to dacapoalfine)

Hi,

You can enable Jaas authentication for the JMX port via configuring the following files:

/conf/jmx/xml,
/conf/login.properties,
/conf/groups.properties,
/conf/users-credentials.properties, and
/conf/users-passwords.properties

Normally the default username and password are already configured for this, I would check to see if this feature had been disabled in the configuration files.

See the below references for more detail.

Overview of FUSE ESB Container's Configuration File:
http://fusesource.com/docs/esb/3.3/deploy_guide/DeployESBConfigSyntax.html

Using a JMX Console with ServiceMix
http://servicemix.apache.org/jmx-console.html

Related docs:

Changing the RMI Port and the JMX URL
http://fusesource.com/docs/esb/3.3/deploy_guide/DeployESBJMXConfig.html

Cheers,
Jamie

http://icodebythesea.blogspot.com/
Actions
2. Re: Disable usage of JMX?

dacapoalfine May 5, 2009 7:38 AM (in response to jgoodyea)

Hi and thanks a lot.

I would though prefer if the JMX/rmi connector could be disabled entirely, rather than just password protecting it. Do you know if this is possible?

Regards/DS
Actions
3. Re: Disable usage of JMX?

jgoodyea May 5, 2009 9:50 AM (in response to dacapoalfine)

Hi,

You can disable the JMX/RMI connector by commenting out the following conf/jmx.xml entries:





With the two above entries commented out Servicemix should boot up without opening port 1099. I've checked with my own local install with "netstat -an | grep 1099" and it appears to be running ok for the moment. I would normally run an instance with the Jaas authentication enabled however.

Cheers,
Jamie

http://icodebythesea.blogspot.com/
Actions
4. Re: Disable usage of JMX?

sriram_imshriram Sep 17, 2009 1:33 PM (in response to jgoodyea)

Thanks for the Q and A.
It helpded me.
I have disabled JMX now.

Edited by: sriram on Sep 17, 2009 5:33 PM
Actions

Go to original post