Versions Compared

Old Version 5

changes.mady.by.user Runhua Chi

Saved on

compared with

New Version 6

changes.mady.by.user Runhua Chi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Excerpt

Starting with Geronimo 2.1.2, Geronimo has a secure JMX server.

However, the JMX server is not started by default. To start the secure JMX server start the org.apache.geronimo.framework/jmx-security//car module using the Admin Console or the deployer tool. For example:

<geronimo_home>/bin/deploy -u system -p manager start jmx-security

The secure JMX server will be running on port 9998.

The deployer tool, the GShell deployer commands, and other command line tools can be configured to use the secure JMX server. Please see Tools and commands for more information.

Disable non-secure JMX server

The insecure JMX server can be turned off by modifying the <geronimo_home>/var/config/config.xml configuration file. Edit the <geronimo_home>/var/config/config.xml configuration file and add load="false" attribute to the following entires:

, for example connecting the Geronimo with Jconsole, you have to follow the steps below:

Table of Contents

Disable non-secure JMX server

  1. Because the JMX server is not started by default, you have to disable the non-secure JMX connector first before starting jmx-security module. To achieve this, stop the Geronimo server if it has been started, and modify the config.xml file in the <Geronimo_HOME>/var/config directory, where <Geronimo_HOME> is the installation directory of your Geronimo server.
  2. Exclude the following items from the modules pre-configured to get started by adding load="false" to the elements:
    No Format
    
<gbean name="JMXService" load="false">
...
<module
  3. <gbean name="JMXService">
  4. <module 
    name="org.apache.geronimo.configs/clustering//car" load="false">
    
...
<module name="org.apache.geronimo.configs/tomcat6-clustering-builder-wadi//car" load="false">
Note

Adding load="false" attribute to the second entry will disable the clustering support in Geronimo. Right now, the clustering support requires the insecure JMX server to be running. If you need the clustering support, the insecure JMX server cannot be disabled.

Start the secure JMX server

start the org.apache.geronimo.framework/jmx-security//car module using the Admin Console or the deployer tool. For example:

<geronimo_home>/bin/deploy -u system -p manager start jmx-security

The secure JMX server will be running on port 9998.

The deployer tool, the GShell deployer commands, and other command line tools can be configured to use the secure JMX server. Look into Tools and Commands for more information.

Connect the Geronimo with JConsole

  • Startup the server with updated config.xml file;
  • export GERONIMO_HOME with actual value;
  • Start JConsole with following command line: code
    Panel
    borderStyle
    dashed

    jconsole

    -J-Djavax.net.ssl.keyStore=$GERONIMO_HOME/var/security/keystores/geronimo-default


    -J-Djavax.net.ssl.keyStorePassword=secret


    -J-Djavax.net.ssl.trustStore=$GERONIMO_HOME/var/security/keystores/geronimo-default


    -J-Djavax.net.ssl.trustStorePassword=secret

    where <Geronimo_HOME> is the installation directory of the Geronimo server, geronimo-default and secret are the file name and password of the key store and the trust store.
  • In the New Connection dialog, enter the JMX URL as service:jmx:rmi:///jndi/rmi://localhost:1099/JMXSecureConnector, Username as system and Password as manager. Click OK