Clever Geek Handbook

How to set credentials for JMX in spring boot?

I have included JMX

in my application spring boot

. I can set / get properties on use Jconsole

. I want to add authentication

(username / password) to connect to MBeanServer

. I prefer annotation if possible.

Here's mine JMXBean

.

@ManagedResource(objectName = "Examples:type=JMX,name=Resource")
public class Resource {
    List<String> items = new ArrayList<>();

    @ManagedAttribute
    public String getLastItem() {
        return items.get(getSize()-1);
    }

    @ManagedAttribute
    public int getSize() {
        return items.size();
    }

    @ManagedOperation
    public void addItem(String item) {
        items.add(item);
    }

    @ManagedOperation
    public String getItem(int pos) {
        return items.get(pos);
    }

    @ManagedOperation
    public List<String> getItems() {
        return items;
    }


}

I currently have no configuration XML

.

I have a bean initialized in my config

@Configuration
@EnableAutoConfiguration
@ComponentScan
public class Application extends SpringBootServletInitializer {

    public static void main(final String[] args) {
        SpringApplication.run(Application.class, args);
    }

    @Override
    protected final SpringApplicationBuilder configure(final SpringApplicationBuilder application) {
        return application.sources(Application.class);
    }

    @Bean
    public Resource jmxResource() {
        return new Resource();
    }
}
+3


source to share


1 answer


To enable JMX remote access , you need to start your Spring Boot application with the following JVM parameter:

-Dcom.sun.management.jmxremote.port=<port>

To configure file-based password authentication, add the following parameter:

-Dcom.sun.management.jmxremote.password.file=<file>


There are two predefined users: monitorRole

and controlRole

. By default, the former has read-only access, the latter can also write (see $JRE_HOME/lib/management/jmxremote.access

). Use jmxremote.password.template

c $JRE_HOME/lib/management

as a template for a password file and stick to these usernames. For example:

monitorRole <password>
controlRole <password>

Log in using any of these usernames and the password you provided.

Please note that when using this method, passwords are stored in plain text and are not recommended for production purposes. See the documentation on how to configure authentication using SSL clients or LDAP certificates.

+3


source






More articles:


All Articles