How to retrieve data from your remote tomcat service using JMX
This post describes how to configure your Tomcat so you can remotely retrieve information from service using JMX.
New Files
First, you need to have two files, a 'password file' and an 'access file':
The Password file (jmxremote.password) should look like the following:
# A password entry consists of a role name and an associated # password. The role name is any string that does not itself contain # spaces or tabs. The password is again any string that does not # contain spaces or tabs. Note that passwords appear in the clear in # this file, so it is a good idea not to use valuable passwords. name password
The Access file (jmxremote.access) should have the following structure:
name(must match a user from the password file) access(readonly|readwrite)
There are different things you need to do with those files in Linux and Windows:
Linux changes:
- The new files: jmxremote.password and jmxremote.access should have read/write permissions for only the user that runs the ‘tomcat’ (should be set by: chmod go-rwx). The files should be located together in a directory.
- Additions to the JAVA_OPTS environment variable:
- –Dcom.sun.management.jmxremote
- –Dcom.sun.management.jmxremote.port=<Your Tomcat's listening port number>
- –Dcom.sun.management.jmxremote.authenticate=true
- –Dcom.sun.management.jmxremote.password=true
- –Dcom.sun.management.jmxremote.password.file=<full path to your password file>
- –Dcom.sun.management.jmxremote.access.file=<full path to your access file>
- –Dcom.sun.management.jmxremote.ssl=false
Windows changes:
- The new files: jmxremote.password and jmxremote.access should be located in the service's directory (under the %\tomcat\ directory, note that you need to make sure that the directory and the new files are under the ownership of the user that runs the service that you with to access. To do that you will need to:
- Right click on the directory.
- Select the ‘Security’ tab and there the ‘Advanced’ button.
- Choose the ‘Owner’ tab.
- Make sure that the owner is correct, otherwise press ‘Edit’
- Select the owner that you need and select the checkbox ‘Replace users on subcontainers and objects’ and then press ‘OK’.
- Back on the ‘Security’ tab, if there are other users that can reach the file (in the ‘Groups or user names’ window), select the ‘Edit…’ button
- Select un-needed users and press the ‘Remove’ button.
- Press ‘OK’ and leave the dialog box.
- Open tomcat service control panel, Java tab: and add the following options:
- –Dcom.sun.management.jmxremote
- –Dcom.sun.management.jmxremote.port=<Your Tomcat's listening port number>
- –Dcom.sun.management.jmxremote.authenticate=true
- –Dcom.sun.management.jmxremote.password=true
- –Dcom.sun.management.jmxremote.password.file=<full path to your password file>
- –Dcom.sun.management.jmxremote.access.file=<full path to your access file>
- –Dcom.sun.management.jmxremote.ssl=false
No comments:
Post a Comment