This content has been marked as final.
Show 3 replies
-
1. Re: how to set Tomcat context valve for jmx-console?
sviluppatorefico Mar 3, 2005 6:06 PM (in response to hany_bee)hi...
in jboss is recomended to use jaas or securityInterceptors about security. With jaas you must write a module that allows or deny by IP address. With Interceptors you can to extend RemoteAddrValve class and transform it in a interceptor because i've seen that class uses a kind of reflection. After you've done it, modify in server_root/deploy/jmx-invoker-service.xml :<mbean code="org.jboss.invocation.jrmp.server.JRMPProxyFactory" name="jboss.jmx:type=adaptor,name=Invoker,protocol=jrmp,service=proxyFactory"> - <!-- Use the standard JRMPInvoker from conf/jboss-service.xxml --> <depends optional-attribute-name="InvokerName">jboss:service=invoker,type=jrmp</depends> - <!-- The target MBean is the InvokerAdaptorService configured below --> <depends optional-attribute-name="TargetName">jboss.jmx:type=adaptor,name=Invoker</depends> <!-- Where to bind the RMIAdaptor proxy --> <attribute name="JndiName">jmx/invoker/RMIAdaptor</attribute> <!-- The RMI compabitle MBeanServer interface --> - <attribute name="ExportedInterfaces"> org.jboss.jmx.adaptor.rmi.RMIAdaptor, org.jboss.jmx.adaptor.rmi.RMIAdaptorExt </attribute> - <attribute name="ClientInterceptors"> - <interceptors> <interceptor>org.jboss.proxy.ClientMethodInterceptor</interceptor> <interceptor allows="192.168.10.10,192.168.10.15">your.package.RemoteAddrValveInterceptor</interceptor><interceptor>org.jboss.proxy.SecurityInterceptor</interceptor> - <interceptor> org.jboss.jmx.connector.invoker.client.InvokerAdaptorClientInterceptor </interceptor> <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor> </interceptors> </attribute> </mbean>
so, you ,any time a jmx component is invoked throws jrmp, control the access by IP -
2. Re: how to set Tomcat context valve for jmx-console?
hany_bee Mar 10, 2005 11:48 PM (in response to hany_bee)Thanks for replying. I'm going to try that, if there's no simpler way.
What I don't understand is, since all http requests are handled by Tomcat first, why would JBoss prevent Tomcat from using the valve correctly?
This seems like a useless overhead to me. -
3. Re: how to set Tomcat context valve for jmx-console?
ricardoarguello Mar 11, 2005 7:51 AM (in response to hany_bee)Don't edit the server.xml file. Create a WEB-INF/context.xml file instead, and define the valve there.
Ricardo Arguello