SSL encrypted RMI (0.5 and above)
Current versions of the broker make use of SSL encryption to secure their RMI based JMX ConnectorServer for security purposes.
JMXMP (M4 and previous)
In previous releases of Qpid (M4 and below) the broker, can make use of Sun's Java Management Extensions Messaging Protocol (JMXMP) to provide encryption of the JMX connection, offering increased security over the default unencryted RMI based JMX connection.
Download and Install
This is possible by adding the jmxremote_optional.jar as provided by Sun. This jar is covered by the Sun Binary Code License and is not compatible with the Apache License which is why this component is not bundled with Qpid.
Download the JMX Remote API 1.0.1_04 Reference Implementation from here. The included 'jmxremote-1_0_1-bin\lib\jmxremote_optional.jar' file must be added to the broker classpath:
First set your classpath to something like this:
CLASSPATH=jmxremote_optional.jar
Then, run qpid-server passing the following additional flag:
qpid-server -run:external-classpath=first
Following this the configuration option can be updated to enabled use of the JMXMP based JMXConnectorServer.
Configuring
To enabled this security option change the security-enabled value in your broker configuration file.
<management> <security-enabled>true</security-enabled> </management>
User Accounts & Access Rights
In order to access the management operations via JMX, users must have an account and have been assigned appropriate access rights. See Configuring Management Users