activemq 用jmx监控时的security配置

按照上篇文章的配置你在/bin/activemq中配置了

ACTIVEMQ_SUNJMX_START="-Dcom.sun.management.jmxremote.port=11099 "

你用jmx去监控activemq的时候,会出现这种情况:当你的服务器的防火墙全开的时候,你是可以正常的监控activemq的,但是当你开启防火墙的时候,并且你把11099端口打开的时候会发现还是不能正常监控activemq,而且你telnet 11099这个端口的时候也是通的,出现这个问题的原因可以看这里:http://blog.sina.com.cn/s/blog_5dc29fcc01012c6i.html

这篇文章并没有给出在activemq中如何解决这个问题的办法,不过还是可以学习一下

下面我写一下我的解决办法:

1.在/bin/activemq中只保留

ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Djava.rmi.server.hostname=$服务器的ip"

这句话 另外的全部还原

2.修改/conf/activemq.xml

把 managementContext 菜单项改成:

<managementContext>
            <managementContext createConnector="true" connectorPort="11099" rmiServerPort="12099">
                <property xmlns="http://www.springframework.org/schema/beans" name="environment">
                        <map xmlns="http://www.springframework.org/schema/beans">
                                <entry xmlns="http://www.springframework.org/schema/beans"
                                        key="jmx.remote.x.password.file"
                                        value="${activemq.base}/conf/jmx.password"/>
                                <entry xmlns="http://www.springframework.org/schema/beans"
                                        key="jmx.remote.x.access.file"
                                        value="${activemq.base}/conf/jmx.access"/>
                        </map>
                 </property>
            </managementContext>
        </managementContext>

两个端口一个是jmx的 一个是rmi的 

其实这就是为什么你之前开了防火墙之后连不上,因为你只是开了jmx的端口,但是你并没有开rmi的端口,如果你按照前一篇文章来配置的话,rmi的端口是随机之指定的,而且sun的jdk并没有专门的运行期属性来配置这个端口。

---------------------------------------- 下面为反编译的源码,可以了解如何创建JMXService

private void createConnector(MBeanServer mbeanServer)
    throws MalformedObjectNameException, IOException
  {
    try
    {
      if (this.registry == null) {
        LOG.debug("Creating RMIRegistry on port {}", Integer.valueOf(this.connectorPort));
        this.registry = LocateRegistry.createRegistry(this.connectorPort);
      }
      this.namingServiceObjectName = ObjectName.getInstance("naming:type=rmiregistry");

      Class cl = Class.forName("mx4j.tools.naming.NamingService");
      mbeanServer.registerMBean(cl.newInstance(), this.namingServiceObjectName);

      Attribute attr = new Attribute("Port", Integer.valueOf(this.connectorPort));
      mbeanServer.setAttribute(this.namingServiceObjectName, attr);
    } catch (ClassNotFoundException e) {
      LOG.debug("Probably not using JRE 1.4: {}", e.getLocalizedMessage());
    } catch (Throwable e) {
      LOG.debug("Failed to create local registry. This exception will be ignored.", e);
    }

    String rmiServer = "";
    if (this.rmiServerPort != 0)
    {
      rmiServer = "" + getConnectorHost() + ":" + this.rmiServerPort;
    }
    String serviceURL = "service:jmx:rmi://" + rmiServer + "/jndi/rmi://" + getConnectorHost() + ":" + this.connectorPort + this.connectorPath;
    JMXServiceURL url = new JMXServiceURL(serviceURL);
    this.connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(url, this.environment, mbeanServer);

    LOG.debug("Created JMXConnectorServer {}", this.connectorServer);
  }

 -------------------下面有ManagementContext的主要属性

public class ManagementContext
  implements Service
{
  public static final String DEFAULT_DOMAIN = "org.apache.activemq";
  private static final Logger LOG = LoggerFactory.getLogger(ManagementContext.class);
  private MBeanServer beanServer;
  private String jmxDomainName;
  private boolean useMBeanServer;
  private boolean createMBeanServer;
  private boolean locallyCreateMBeanServer;
  private boolean createConnector;
  private boolean findTigerMbeanServer;
  private String connectorHost;
  private int connectorPort;
  private Map<String, ?> environment;
  private int rmiServerPort;
  private String connectorPath;
  private final AtomicBoolean started;
  private final AtomicBoolean connectorStarting;
  private JMXConnectorServer connectorServer;
  private ObjectName namingServiceObjectName;
  private Registry registry;
  private final Map<ObjectName, ObjectName> registeredMBeanNames;
  private boolean allowRemoteAddressInMBeanNames;
  private String brokerName;

  public ManagementContext()
  {
    this(null);
  }

  public ManagementContext(MBeanServer server)
  {
    this.jmxDomainName = "org.apache.activemq";
    this.useMBeanServer = true;
    this.createMBeanServer = true;

    this.createConnector = true;
    this.findTigerMbeanServer = true;
    this.connectorHost = "localhost";
    this.connectorPort = 1099;

    this.connectorPath = "/jmxrmi";
    this.started = new AtomicBoolean(false);
    this.connectorStarting = new AtomicBoolean(false);

    this.registeredMBeanNames = new ConcurrentHashMap();
    this.allowRemoteAddressInMBeanNames = true;

    this.beanServer = server;
  }

相关推荐