tomcat jmx穿防火墙

JMX Remote Lifecycle Listener (org.apache.catalina.mbeans.JmxRemoteLifecycleListener)

This listener requires catalina-jmx-remote.jar to be placed in $CATALINA_HOME/lib. This jar may be found in the extras directory of the binary download area.

The JMX Remote Lifecycle Listener fixes the ports used by the JMX/RMI Server making things much simpler if you need to connect jconsole or a similar tool to a remote Tomcat instance that is running behind a firewall. Only these ports are configured via the listener. The remainder of the configuration is via the standard system properties for configuring JMX. For further information on configuring JMX seeMonitoring and Management Using JMX included with the Java SDK documentation.

If this listener was configured in server.xml as:

<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"          rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" />

with the following system properties set (e.g. in setenv.sh):

-Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password-Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access-Dcom.sun.management.jmxremote.ssl=false

$CATALINA_BASE/conf/jmxremote.password containing:

admin letmein

$CATALINA_BASE/conf/jmxremote.access containing:

admin readwrite

then opening ports 10001 (RMI Registry) and 10002 (JMX/RMI Server) in your firewall would enable jconsole to connect to a Tomcat instance running behind a firewall using a connection string of the form:

service:jmx:rmi://<hostname>:10002/jndi/rmi://<hostname>:10001/jmxrmi

with a user name of admin and a password of letmein.

Note that the example above does not use SSL. JMX access should be considered equivalent to administrative access and secured accordingly.

This listener must only be nested within a Server element.

The following additional attributes are supported by the JMX Remote Lifecycle Listener:

AttributeDescriptionrmiRegistryPortPlatform

The port to be used by the JMX/RMI registry for the Platform MBeans. The replaces the use of thecom.sun.management.jmxremote.port system property that should not be set when using this valve.

rmiServerPortPlatform

The port to be used by the Platform JMX/RMI server.

useLocalPorts

Should any clients using these ports be forced to use local ports to connect to the the JMX/RMI server. This is useful when tunnelling connections over SSH or similar. Defaults tofalse.