I am pretty new to Java and Tomcat but we have no one else that has any clue on either one so I get to try and remedy the issue.
We are recently upgrading from Tomcat 8 to Tomcat 9. I am trying to enable authentication due to a Qualys open vulnerability of JMX RMI accessible with common credentials. I have the following settings defined in the Java Options:
-Dcom.sun.management.jmxremote.port=8080
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.password.file=C:\Program Files\Java\jre1.8.0_291\lib\management\jmxremote.password
-Dcom.sun.management.jmxremote.access.file=C:\Program Files\Java\jre1.8.0_291\lib\management\jmxremote.access
I currently have both Tomcat 8 and Tomcat 9 installed. They are both using the same Java Options. However, when I start the Tomcat 9 service, I get a error 1067 about the process terminating unexpectedly.
Tomcat 8 with the same setting starts and runs fine. If I set the option to authenticate to false, Tomcat 9 has no problems starting and running. Is there any additional Java Options that I need to add with Tomcat 9 that I did not need with Tomcat 8?
This is only needed to close the Qualys vulnerability. The server does not actually need to connect using JMX remotely.
Related
This is my situation:
Eclipse ide that i use to develop java web apps.
Tomcat from apache.
Tomcat stack from bitnami.
OS Windows 8
If i deploy and debug to the apache tomcat all work without problem.
If i try the same thing with the bitnami stack, i see the exact same output from the console, like it is starting well, but actually it doesn't and it gets to the timeout saying it was unable to start withing 45 seconds.
I tried to increase the timeout but that's not the problem.
In both cases the Server Location is set to Use Tomcat installation, and i added my project to the source, everything else in the server config is default.
I'm not an expert of tomcat and java webapp deploying, and i need to get it working with the bitnami stack.
Any hint will be appreciated.
Ok i solved it, seems more a problem from eclipse.
In the server configuration i noticed the HTTP port was not listed and it was commented in server.xml
Could this be because the bitnami stack uses port 80 instead of 8080?
Anyway setting the port 80 in server.xml solved the problem.
I am completely new to Jboss. I have seen in some tutorials after unzipping the zip file to access the JMX-console, I have to hit the url like http://localhost:8080/jmx-console. But its giving a "Page not found" exception.
Jboss - version : jboss-eap-6.3.0.Beta
OS : Windows 7 64-bit
I execute the standalone.dat and the server is running fine but not able to access the console.
Please help me ?
JMX console was a feature of JBoss AS 6 (and previous versions). From JBoss AS 7, JMX console has been dropped and replaced with a real admin console. And JBoss EAP 6 is based on JBoss AS 7 (I know, those names & version numbers are a bit confusing).
You'll find a complete explanation on how to use it in the EAP documentation. If you want a shorter version :
add a management user, with the bin/add-user.sh (or .bat) script
start JBoss
access to http://localhost:9990 and log in with the previously created credentials
I have been trying to create a JAVA PMI Client for remote monitoring of the IBM WebSphere Application server(v 6.0).
The points to condider prior to any discussions are:
1. Security has been enabled under global security.
2. I am using IBM java hopefully(downloaded the trail client from IBM).
3. Copied the certificates from remote server to my local PMI client location.
4. Ports connectivity checked.
The problem:
When trying to create the connection the error returned is:
java.lang.NoSuchMethodError: com/ibm/ws/management/AdminHelper.getPlatformHelper()Lcom/ibm/ws/util/PlatformHelper;
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.setupSslSetting(SOAPConnectorClient.java:1103)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.access$100(SOAPConnectorClient.java:94)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient$1.run(SOAPConnectorClient.java:249)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:63)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.reconnect(SOAPConnectorClient.java:247)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.(SOAPConnectorClient.java:188)
Any help would be appreciated.
Thanks and Regards,
Kunal Soni
The best way to connect to WebSphere is to use the WebSphere Application Client that comes with WebSphere itself as a separate download.
It's free to use when connecting to a remote WebSphere Application Server installation.
Also when starting your program make sure you add this parameter to the JVM arguments: -Dwas.install.root=WAS_APP_CLIENT_HOME (example: -Dwas.install.root=/opt/WebSphere6/AppClient)
I'm using WebSphere App Client version 6 for many years to connect to WebSphere 6, 7 and 8 without any issues.
Hope this helps !
Richard Levac
WasMonitor - WebSphere Data Collector and More !
The page of migration to "tomcat 8" says (http://tomcat.apache.org/migration-8.html):
"When starting Tomcat with the jpda option to enable remote debugging, Tomcat 8 listens on localhost:8000 by default. Earlier versions listened on *:8000"
1.what is the actual different between those configuration?
Thanks,
Eyal
I have filed that issue to change that to Tomcat 8. For a very good reason: If you provide *:8080, everyone who is on your network is able to hook into your VM and debug and maybe disclose sensitive data, moreover periodical Nessus scan in my company and others report that as a vulnerability. All you need to do is set the environment variable JPDA_ADDRESS to IP:PORT, ideally in your setenv.sh.
I've deployed some Managed Beans on WebSphere 6.1 and I've managed to invoke them through a standalone client, but when I try to use the application "jconsole" distributed with the standard JDK can can't make it works.
Has anyone achieved to connect the jconsole with WAS 6.1?
IBM WebSphere 6.1 it's supossed to support JSR 160 JavaTM Management Extensions (JMX) Remote API. Furthermore, it uses the MX4J implementation (http://mx4j.sourceforge.net). But I can't make it works with neither "jconsole" nor "MC4J".
I have the Classpath and the JAVA_HOME correctly setted, so the issue it's not there.
WebSphere's support for JMX is crap. Particularly, if you need to connect to any secured JMX beans. Here's an interesting tidbit, their own implementation of jConsole will not connect to their own JVM. I have had a PMR open with IBM for over a year to fix this issue, and have gotten nothing but the runaround. They clearly don't want to fix this issue.
The only way I have been able to invoke remote secured JMX beans hosted on WebSphere has been to implement a client using the "WebSphere application client". This is basically a stripped down app server used for stuff like this.
Open a PMR with IBM. Perhaps if more people report this issue, they will actually fix it.
Update: You can run your application as a WebSphere Application Client in RAD. Open the run menu, then choose "Run...". In the dialog that opens, towards the bottom on the left hand side, you will see "WebSphere v6.1 Application Client". I'm not sure how to start and Application Client outside of RAD.
IT WORKS !
http://issues.apache.org/jira/browse/GERONIMO-4534;jsessionid=FB20DD5973F01DD2D470FB9A1B45D209?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
1) Change the config.xml and start the server.
-see here how to change config.xml: http://publib.boulder.ibm.com/wasce/V2.1.0/en/working-with-jconsole.html
2) start the jconsole with : jconsole -J-Djavax.net.ssl.keyStore=%GERONIMO_HOME%\var\security\keystores\geronimo-default -J-Djavax.net.ssl.keyStorePassword=secret -J-Djavax.net.ssl.trustStore=%GERONIMO_HOME%\var\security\keystores\geronimo-default -J-Djavax.net.ssl.trustStorePassword=secret -J-Djava.class.path=%JAVA_HOME%\lib\jconsole.jar;%JAVA_HOME%\lib\tools.jar;%GERONIMO_HOME%\repository\org\apache\geronimo\framework\geronimo-kernel\2.1.4\geronimo-kernel-2.1.4.jar
[or your version of geronimo-kernel jar]
3) in the jconsole interface->advanced, input:
JMX URL: service:jmx:rmi:///jndi/rmi://localhost:1099/JMXSecureConnector
user name: system
password: manager
4) click the connect button.
If you want the WebSphere MBeans this one works for me:
The key is to configure the classpath and the security properly.
in one line:
jconsole -J-Dwas.install.root=C:/was61 -J-Djava.ext.dirs=C:/was61/plugins;C:/was61/plugins/com.ibm.ws.security.crypto_6.1.0;C:/was61/lib;C:/was61/java/jre/lib/ext -J-Dcom.ibm.SSL.ConfigURL="file:../../properties/ssl.client.props" -J-Dcom.ibm.CORBA.ConfigURL="file:../../properties/sas.client.props" service:jmx:iiop://host:port/jndi/JMXConnector
where port = bootstrap port ex: (2809)
Be careful when setting the sas and the ssl props.
Robert
I have successfully connected to ActiveMQ and ServiceMix using the JConsole. Does WAS 6.1 use Java Management Extension (JMX) technology? JMX is required for JConsole.
If your path is set correctly it should work fine. On windows you go to System Properties -> Advanced Tab -> Environment Variables. Have your JAVA_HOME System variable set to the path of your JDK or JRE and your Path variable with %JAVA_HOME%/bin added somewhere in there. Then all you need to do is go to Start->Run->JConsole. Select the correct Process Name and your done.
Where are you having problems at? I hope this helps.
Edit:
Here is the Java Doc's on JConsole.
Hmm... I know that WebSphere is kind of hard to configure. Thats part of the reason we used ServiceMix for our ESB. Maybe its not enabled by default in WebSphere and you would have to turn it on in the config somewhere.
Websphere 6.1 does not support the JConsole for some reason even though it fully implements the JMS specs. Seems to be a week area at the moment. Your best bet is to look at the Admin client to implement you own console.
You all seem to be incorrect. I am running Websphere 6.1.041 , using JDK 1.5 , and I just started up Jconsole and used the "simple connect" tab to connect to localhost with port=0 and without a username and password and it works fine.