activemq 用jmx监控时的security配置
按照上篇文章的配置你在/bin/activemq中配置了
ACTIVEMQ_SUNJMX_START="-Dcom.sun.management.jmxremote.port=11099 "
你用jmx去监控activemq的时候,会出现这种情况:当你的服务器的防火墙全开的时候,你是可以正常的监控activemq的,但是当你开启防火墙的时候,并且你把11099端口打开的时候会发现还是不能正常监控activemq,而且你telnet 11099这个端口的时候也是通的,出现这个问题的原因可以看这里:http://blog.sina.com.cn/s/blog_5dc29fcc01012c6i.html
这篇文章并没有给出在activemq中如何解决这个问题的办法,不过还是可以学习一下
下面我写一下我的解决办法:
1.在/bin/activemq中只保留
ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Djava.rmi.server.hostname=$服务器的ip"
这句话 另外的全部还原
2.修改/conf/activemq.xml
把 managementContext 菜单项改成:
<managementContext>
<managementContext createConnector="true" connectorPort="11099" rmiServerPort="12099">
<property xmlns="http://www.springframework.org/schema/beans" name="environment">
<map xmlns="http://www.springframework.org/schema/beans">
<entry xmlns="http://www.springframework.org/schema/beans"
key="jmx.remote.x.password.file"
value="${activemq.base}/conf/jmx.password"/>
<entry xmlns="http://www.springframework.org/schema/beans"
key="jmx.remote.x.access.file"
value="${activemq.base}/conf/jmx.access"/>
</map>
</property>
</managementContext>
</managementContext>
两个端口一个是jmx的 一个是rmi的
其实这就是为什么你之前开了防火墙之后连不上,因为你只是开了jmx的端口,但是你并没有开rmi的端口,如果你按照前一篇文章来配置的话,rmi的端口是随机之指定的,而且sun的jdk并没有专门的运行期属性来配置这个端口。
---------------------------------------- 下面为反编译的源码,可以了解如何创建JMXService
private void createConnector(MBeanServer mbeanServer) throws MalformedObjectNameException, IOException { try { if (this.registry == null) { LOG.debug("Creating RMIRegistry on port {}", Integer.valueOf(this.connectorPort)); this.registry = LocateRegistry.createRegistry(this.connectorPort); } this.namingServiceObjectName = ObjectName.getInstance("naming:type=rmiregistry"); Class cl = Class.forName("mx4j.tools.naming.NamingService"); mbeanServer.registerMBean(cl.newInstance(), this.namingServiceObjectName); Attribute attr = new Attribute("Port", Integer.valueOf(this.connectorPort)); mbeanServer.setAttribute(this.namingServiceObjectName, attr); } catch (ClassNotFoundException e) { LOG.debug("Probably not using JRE 1.4: {}", e.getLocalizedMessage()); } catch (Throwable e) { LOG.debug("Failed to create local registry. This exception will be ignored.", e); } String rmiServer = ""; if (this.rmiServerPort != 0) { rmiServer = "" + getConnectorHost() + ":" + this.rmiServerPort; } String serviceURL = "service:jmx:rmi://" + rmiServer + "/jndi/rmi://" + getConnectorHost() + ":" + this.connectorPort + this.connectorPath; JMXServiceURL url = new JMXServiceURL(serviceURL); this.connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(url, this.environment, mbeanServer); LOG.debug("Created JMXConnectorServer {}", this.connectorServer); }
-------------------下面有ManagementContext的主要属性
public class ManagementContext implements Service { public static final String DEFAULT_DOMAIN = "org.apache.activemq"; private static final Logger LOG = LoggerFactory.getLogger(ManagementContext.class); private MBeanServer beanServer; private String jmxDomainName; private boolean useMBeanServer; private boolean createMBeanServer; private boolean locallyCreateMBeanServer; private boolean createConnector; private boolean findTigerMbeanServer; private String connectorHost; private int connectorPort; private Map<String, ?> environment; private int rmiServerPort; private String connectorPath; private final AtomicBoolean started; private final AtomicBoolean connectorStarting; private JMXConnectorServer connectorServer; private ObjectName namingServiceObjectName; private Registry registry; private final Map<ObjectName, ObjectName> registeredMBeanNames; private boolean allowRemoteAddressInMBeanNames; private String brokerName; public ManagementContext() { this(null); } public ManagementContext(MBeanServer server) { this.jmxDomainName = "org.apache.activemq"; this.useMBeanServer = true; this.createMBeanServer = true; this.createConnector = true; this.findTigerMbeanServer = true; this.connectorHost = "localhost"; this.connectorPort = 1099; this.connectorPath = "/jmxrmi"; this.started = new AtomicBoolean(false); this.connectorStarting = new AtomicBoolean(false); this.registeredMBeanNames = new ConcurrentHashMap(); this.allowRemoteAddressInMBeanNames = true; this.beanServer = server; }