behind a firewall. Only these ports are configured via the listener. The
remainder of the configuration is via the standard system properties for
configuring JMX. For further information on configuring JMX see
- <a href="http://java.sun.com/j2se/1.6.0/docs/guide/management/agent.html">
+ <a href="http://java.sun.com/javase/6/docs/technotes/guides/management/agent.html">
Monitoring and Management Using JMX</a> included with the Java SDK
documentation.</p>
</source>
with the following system properties set (e.g. in setenv.sh):
<source>
--Dcom.sun.management.jmxremote.password.file=${catalina.base}/conf/jmxremote.password
--Dcom.sun.management.jmxremote.access.file=${catalina.base}/conf/jmxremote.access
+-Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
+-Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access
+-Dcom.sun.management.jmxremote.ssl=false
+</source>
+ $CATALINA_BASE/conf/jmxremote.password containing:
+<source>
+admin letmein
+</source>
+ $CATALINA_BASE/conf/jmxremote.access containing:
+<source>
+admin readwrite
</source>
then opening ports 10001 (RMI Registry) and 10002 (JMX/RMI Server) in your
firewall would enable jconsole to connect to a Tomcat instance running
- behind a firewall.
+ behind a firewall using a connection string of the form:
+<source>
+service:jmx:rmi://<hostname>:10002/jndi/rmi://<hostname>:10001/jmxrmi
+</source>
+ with a user name of <code>admin</code> and a password of
+ <code>letmein</code>.
</p>
- <p><strong>JMX access should be considered equivalent to administrative
- access and secured accordingly.</strong></p>
+ <p><strong>Note that the example above does not use SSL. JMX access should
+ be considered equivalent to administrative access and secured accordingly.
+ </strong></p>
<p>This listener must only be nested within a <a href="server.html">Server</a>
element.</p>
projects / tomcat7.0 / commitdiff