HomeDocumentation > User's guide > Administration > Administrative Tasks > Administering the Apache Geronimo Server > Configure secure JMX server
Apache Geronimo v2.1
Configure secure JMX server
Edit Page   Browse Space   Add Page   Add News

Starting with Geronimo 2.1.2, Geronimo has a secure JMX server. However, the JMX server is not started by default. To start the secure JMX server start the org.apache.geronimo.framework/jmx-security//car module using the Admin Console or the deployer tool. For example:

<geronimo_home>/bin/deploy -u system -p manager start jmx-security

The secure JMX server will be running on port 9998.

The deployer tool, the GShell deployer commands, and other command line tools can be configured to use the secure JMX server. Please see Tools and commands for more information.

Disable non-secure JMX server

The insecure JMX server can be turned off by modifying the <geronimo_home>/var/config/config.xml configuration file. Edit the <geronimo_home>/var/config/config.xml configuration file and add load="false" attribute to the following entires:

  1. <gbean name="JMXService">
  2. <module name="org.apache.geronimo.configs/clustering//car">
  3. <module name="org.apache.geronimo.configs/tomcat6-clustering-builder-wadi//car">

    Adding load="false" attribute to the second entry will disable the clustering support in Geronimo. Right now, the clustering support requires the insecure JMX server to be running. If you need the clustering support, the insecure JMX server cannot be disabled.

Connect the Geronimo with JConsole

JConsole is a Java Management eXtension (JMX) compliant GUI tool that can be used to connect to a running Geronimo server instance. In JConsole, you will be able to monitor the JVM memory usage, threads stack trace, loaded classes and VM information as well as Geronimo MBeans. To securely connect to the JMX server on local Geronimo, do as followed:

  1. Startup the server with updated config.xml file;
  2. export GERONIMO_HOME with actual value;
  3. Start JConsole with following command line: 
     	jconsole -J-Djavax.net.ssl.keyStore=$GERONIMO_HOME/var/security/keystores/geronimo-default
 	-J-Djavax.net.ssl.keyStorePassword=secret
 	-J-Djavax.net.ssl.trustStore=$GERONIMO_HOME/var/security/keystores/geronimo-default
 	-J-Djavax.net.ssl.trustStorePassword=secret
  4. In the New Connection dialog, enter the JMX URL as service:jmx:rmi:///jndi/rmi://localhost:1099/JMXSecureConnector, Username as system and Password as manager. Click Connect. See Configuring SSL client authentication about instructions for Geronimo 2.1.5.

   Delicious Bookmark this on Delicious    Digg! Digg this    Privacy Policy  -   Copyright © 2003-2011, The Apache Software Foundation, Licensed under ASL 2.0.