-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Rémy,
On 11/14/19 07:39, r...@apache.org wrote: > This is an automated email from the ASF dual-hosted git > repository. > > remm pushed a commit to branch master in repository > https://gitbox.apache.org/repos/asf/tomcat.git > > > The following commit(s) were added to refs/heads/master by this > push: new 1fc9f58 Refactor JMX remote RMI registry creation > 1fc9f58 is described below > > commit 1fc9f589dbdd8295cf313b2667ab041c425f99c3 Author: remm > <r...@apache.org> AuthorDate: Thu Nov 14 13:39:31 2019 +0100 > > Refactor JMX remote RMI registry creation I think modern JVMs do everything the JmxRemoteLifecycleListener has been doing for us for a while. Maybe it's time to remove it? It's version-dependent (and everyone I know is still stuck on 1.8 or lower), but perhaps we should just get rid of all this cruft and replace it with JVM-supported configuration, at least in newer versions of Tomcat. -Dcom.sun.management.jmxremote.port -Dcom.sun.management.jmxremote.rmi.port Source: https://docs.oracle.com/javase/9/management/monitoring-and-management-us ing-jmx-technology.htm#JSMGM-GUID-F08985BB-629A-4FBF-A0CB-8762DF7590E0 If that anchor doesn't work after a while, or for other versions of Java, it's the section titled "Remote Monitoring and Management". This handles the ports. If you need to use a hostname other than 127.0.0.1 or whatever "localhost" ends up being on the server (say, because you are connecting through an encrypted tunnel), then you can se t: -Djava.rmi.server.hostname This basically re-writes the hostname put into the RMI stubs sent to the JMX client. Note that whatever you use is JVM-wide and so it must make sense to both clients operating on the server AND on the remote-client (which may be tricky). This is one of many reasons I always recommend against using JMX directly for monitoring. It's much, much easier to use the JMXProxyServlet to traverse firewalls, etc. It's nice to see that JVMs are now supporting real authentication systems (e.g. LADP, client-TLS-cert, etc.) but it's a little too late for that IMHO. You can also set the binding interface with: -Dcom.sun.management.jmxremote.host That should accept anything you can give to InetAddress.getByName()[1]. This isn't documented anywhere in the "Monitoring and Management Using JMX Technology" page for some reason, but it's there in the code. Note that: -Dcom.sun.management.jmxremote ... is no longer necessary (Note that I haven't actually tried any of this myself yet.) Am I correct that modern JVMs no longer require the JmxRemoteLivecycleListener? - -chris [1] I had a bear of a time finding this: https://bugs.openjdk.java.net/browse/JDK-6425769 http://mail.openjdk.java.net/pipermail/hotspot-dev/2015-November/020717. html > --- .../mbeans/JmxRemoteLifecycleListener.java | 65 > ++++++++++++++++------ webapps/docs/changelog.xml > | 7 +++ 2 files changed, 56 insertions(+), 16 deletions(-) > > diff --git > a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java > b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java > index 3e472d0..77a785d 100644 --- > a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java > +++ > b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java > @@ -25,10 +25,11 @@ import java.net.MalformedURLException; import > java.net.ServerSocket; import java.net.Socket; import > java.net.UnknownHostException; +import java.rmi.AccessException; > import java.rmi.AlreadyBoundException; +import > java.rmi.NotBoundException; +import java.rmi.Remote; import > java.rmi.RemoteException; -import > java.rmi.registry.LocateRegistry; -import > java.rmi.registry.Registry; import > java.rmi.server.RMIClientSocketFactory; import > java.rmi.server.RMIServerSocketFactory; import java.util.HashMap; > @@ -417,18 +418,6 @@ public class JmxRemoteLifecycleListener > extends SSLHostConfig implements Lifecyc RMIClientSocketFactory > registryCsf, RMIServerSocketFactory registrySsf, > RMIClientSocketFactory serverCsf, RMIServerSocketFactory serverSsf) > { > > - // Create the RMI registry - Registry registry; - > try { - registry = LocateRegistry.createRegistry( - > theRmiRegistryPort, registryCsf, registrySsf); - } catch > (RemoteException e) { - log.error(sm.getString( - > "jmxRemoteLifecycleListener.createRegistryFailed", - > serverName, Integer.toString(theRmiRegistryPort)), e); - > return null; - } - if (bindAddress == null) { bindAddress = > "localhost"; } @@ -449,11 +438,20 @@ public class > JmxRemoteLifecycleListener extends SSLHostConfig implements > Lifecyc cs = new RMIConnectorServer(serviceUrl, theEnv, server, > ManagementFactory.getPlatformMBeanServer()); cs.start(); - > registry.bind("jmxrmi", server.toStub()); + Remote > jmxServer = server.toStub(); + // Create the RMI > registry + try { + new > JmxRegistry(theRmiRegistryPort, registryCsf, registrySsf, "jmxrmi", > jmxServer); + } catch (RemoteException e) { + > log.error(sm.getString( + > "jmxRemoteLifecycleListener.createRegistryFailed", + > serverName, Integer.toString(theRmiRegistryPort)), e); + > return null; + } > log.info(sm.getString("jmxRemoteLifecycleListener.start", > Integer.toString(theRmiRegistryPort), > Integer.toString(theRmiServerPort), serverName)); - } catch > (IOException | AlreadyBoundException e) { + } catch > (IOException e) { log.error(sm.getString( > "jmxRemoteLifecycleListener.createServerFailed", serverName), e); > @@ -589,4 +587,39 @@ public class JmxRemoteLifecycleListener > extends SSLHostConfig implements Lifecyc return true; } } + + + > private static class JmxRegistry extends > sun.rmi.registry.RegistryImpl { + private static final long > serialVersionUID = -3772054804656428217L; + private final > String jmxName; + private final Remote jmxServer; + > public JmxRegistry(int port, RMIClientSocketFactory csf, + > RMIServerSocketFactory ssf, String jmxName, Remote jmxServer) > throws RemoteException { + super(port, csf, ssf); + > this.jmxName = jmxName; + this.jmxServer = jmxServer; + > } + @Override + public Remote lookup(String name) + > throws RemoteException, NotBoundException { + return > (jmxName.equals(name)) ? jmxServer : null; + } + > @Override + public void bind(String name, Remote obj) + > throws RemoteException, AlreadyBoundException, AccessException { + > } + @Override + public void unbind(String name) + > throws RemoteException, NotBoundException, AccessException { + > } + @Override + public void rebind(String name, > Remote obj) + throws RemoteException, > AccessException { + } + @Override + public > String[] list() throws RemoteException { + return new > String[] { jmxName }; + } + } + } diff --git > a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index > efc0ab6..9bbff4c 100644 --- a/webapps/docs/changelog.xml +++ > b/webapps/docs/changelog.xml @@ -45,6 +45,13 @@ issues do not "pop > up" wrt. others). --> <section name="Tomcat 9.0.29 (markt)" > rtext="in development"> + <subsection name="Catalina"> + > <changelog> + <fix> + Refactor JMX remote RMI registry > creation. (remm) + </fix> + </changelog> + </subsection> > </section> <section name="Tomcat 9.0.28 (markt)" rtext="release in > progress"> <subsection name="Catalina"> > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl35REwACgkQHPApP6U8 pFgalg/+KXEqkcGk2sNSWOHch6VgmoSXTX/380xBc24c1nnN8o+JfMaBbvarRvGB DHw8IbAs/h9yq1fw3Ym7yffh2ZJN9o6TZt38cDdfxWphB+Vr1cqr1UrgLaj2QTm2 22UOqlKYnHvGSo9fvNwQ+r8rT7Dz6YabSrrCec+ukaMvK848173+vpQN2mZ/+uLk ++/HnK0qhWAxzvfHe1/V5HbeQlhxBTHHPc21JaEIDxSFFp9dnBjvnz+tm60OHL0n 44XskeV7nAdWgdvtjeSzkJaCFAwQPvM0UbxH9pJMKs2K1W8EXsaGbM0Q4Jf5RoK8 4BqFA2VaH0y+w1nyH/Q9tsEcSLDxRu8mIyCPk9FjdQWGpCKK4zU2DntrlDqZY4aw HEMjrCViBFeEwaUjEBb+7ScJtLVadTWW+j1a6VdonSHYyGn5LTsENDVIiNU0KGCu VW1ce6We1nW2bqsbocAQosReCLPzjFCztW/A9fqsgk7liXHBGpqWqF/Jst1crL1x JQSfFSX6No/GNGqi+Hv1BHsCBjU+iZ0u+3nil8Sh2SN9R4ewsliGidC30wxW7v1V iOqGmqBCy/UMsZ4XDMaCWCKFDGHYtKhnTYwng7UpBEkeyEfIIbHdd3xIBo5sCvt6 olHHKPguC3ANm8d9QH2AWpbRTystFZsA7eGV652jxopvNNnxL/Q= =ZkwZ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
