From a29e18e3b5ce49c47596ad642212d838026d8e5d Mon Sep 17 00:00:00 2001
From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Mon, 10 Aug 2009 12:57:09 +0000
Subject: [PATCH] Improve the JMX remote docs before proposing a backport

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@802774 13f79535-47bb-0310-9956-ffa450edef68
---
 webapps/docs/config/listeners.xml | 27 +++++++++++++++++++++------
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/webapps/docs/config/listeners.xml b/webapps/docs/config/listeners.xml
index eee29ceec..128555691 100644
--- a/webapps/docs/config/listeners.xml
+++ b/webapps/docs/config/listeners.xml
@@ -154,7 +154,7 @@
     behind a firewall. Only these ports are configured via the listener. The
     remainder of the configuration is via the standard system properties for
     configuring JMX. For further information on configuring JMX see
-    <a href="http://java.sun.com/j2se/1.6.0/docs/guide/management/agent.html">
+    <a href="http://java.sun.com/javase/6/docs/technotes/guides/management/agent.html">
     Monitoring and Management Using JMX</a> included with the Java SDK
     documentation.</p>
 
@@ -165,16 +165,31 @@
 </source>
     with the following system properties set (e.g. in setenv.sh):
 <source>
--Dcom.sun.management.jmxremote.password.file=${catalina.base}/conf/jmxremote.password
--Dcom.sun.management.jmxremote.access.file=${catalina.base}/conf/jmxremote.access
+-Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
+-Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access
+-Dcom.sun.management.jmxremote.ssl=false
+</source>
+    $CATALINA_BASE/conf/jmxremote.password containing:
+<source>
+admin letmein
+</source>
+    $CATALINA_BASE/conf/jmxremote.access containing:
+<source>
+admin readwrite
 </source>
     then opening ports 10001 (RMI Registry) and 10002 (JMX/RMI Server) in your
     firewall would enable jconsole to connect to a Tomcat instance running
-    behind a firewall.
+    behind a firewall using a connection string of the form:
+<source>
+service:jmx:rmi://&lt;hostname&gt;:10002/jndi/rmi://&lt;hostname&gt;:10001/jmxrmi
+</source>
+    with a user name of <code>admin</code> and a password of
+    <code>letmein</code>.
     </p>
     
-    <p><strong>JMX access should be considered equivalent to administrative
-    access and secured accordingly.</strong></p>
+    <p><strong>Note that the example above does not use SSL. JMX access should
+    be considered equivalent to administrative access and secured accordingly.
+    </strong></p>
 
     <p>This listener must only be nested within a <a href="server.html">Server</a>
     element.</p>
-- 
2.11.0