On Tue, Dec 17, 2019 at 10:10 PM Christopher Schultz < ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Rémy, > > On 11/14/19 07:39, r...@apache.org wrote: > > This is an automated email from the ASF dual-hosted git > > repository. > > > > remm pushed a commit to branch master in repository > > https://gitbox.apache.org/repos/asf/tomcat.git > > > > > > The following commit(s) were added to refs/heads/master by this > > push: new 1fc9f58 Refactor JMX remote RMI registry creation > > 1fc9f58 is described below > > > > commit 1fc9f589dbdd8295cf313b2667ab041c425f99c3 Author: remm > > <r...@apache.org> AuthorDate: Thu Nov 14 13:39:31 2019 +0100 > > > > Refactor JMX remote RMI registry creation > > I think modern JVMs do everything the JmxRemoteLifecycleListener has > been doing for us for a while. Maybe it's time to remove it? > > It's version-dependent (and everyone I know is still stuck on 1.8 or > lower), but perhaps we should just get rid of all this cruft and > replace it with JVM-supported configuration, at least in newer > versions of Tomcat. > > -Dcom.sun.management.jmxremote.port > -Dcom.sun.management.jmxremote.rmi.port > > Source: > https://docs.oracle.com/javase/9/management/monitoring-and-management-us > ing-jmx-technology.htm#JSMGM-GUID-F08985BB-629A-4FBF-A0CB-8762DF7590E0 > <https://docs.oracle.com/javase/9/management/monitoring-and-management-using-jmx-technology.htm#JSMGM-GUID-F08985BB-629A-4FBF-A0CB-8762DF7590E0> > > If that anchor doesn't work after a while, or for other versions of > Java, it's the section titled "Remote Monitoring and Management". > > This handles the ports. If you need to use a hostname other than > 127.0.0.1 or whatever "localhost" ends up being on the server (say, > because you are connecting through an encrypted tunnel), then you can se > t: > > -Djava.rmi.server.hostname > > This basically re-writes the hostname put into the RMI stubs sent to > the JMX client. Note that whatever you use is JVM-wide and so it must > make sense to both clients operating on the server AND on the > remote-client (which may be tricky). > The main usefulness of the listener was to configure the bind address, so it seems it would be covered. The SSL configuration could be nicer too, to some extent. > > This is one of many reasons I always recommend against using JMX > directly for monitoring. It's much, much easier to use the > JMXProxyServlet to traverse firewalls, etc. It's nice to see that JVMs > are now supporting real authentication systems (e.g. LADP, > client-TLS-cert, etc.) but it's a little too late for that IMHO. > Well, you have jolokia for you then ;) Rémy > > You can also set the binding interface with: > > -Dcom.sun.management.jmxremote.host > > That should accept anything you can give to > InetAddress.getByName()[1]. This isn't documented anywhere in the > "Monitoring and Management Using JMX Technology" page for some reason, > but it's there in the code. > > Note that: > > -Dcom.sun.management.jmxremote > > ... is no longer necessary > > (Note that I haven't actually tried any of this myself yet.) > > Am I correct that modern JVMs no longer require the > JmxRemoteLivecycleListener? > > - -chris > > [1] I had a bear of a time finding this: > https://bugs.openjdk.java.net/browse/JDK-6425769 > > http://mail.openjdk.java.net/pipermail/hotspot-dev/2015-November/020717. > html > <http://mail.openjdk.java.net/pipermail/hotspot-dev/2015-November/020717.html> > > > --- .../mbeans/JmxRemoteLifecycleListener.java | 65 > > ++++++++++++++++------ webapps/docs/changelog.xml > > | 7 +++ 2 files changed, 56 insertions(+), 16 deletions(-) > > > > diff --git > > a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java > > b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java > > index 3e472d0..77a785d 100644 --- > > a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java > > +++ > > b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java > > @@ -25,10 +25,11 @@ import java.net.MalformedURLException; import > > java.net.ServerSocket; import java.net.Socket; import > > java.net.UnknownHostException; +import java.rmi.AccessException; > > import java.rmi.AlreadyBoundException; +import > > java.rmi.NotBoundException; +import java.rmi.Remote; import > > java.rmi.RemoteException; -import > > java.rmi.registry.LocateRegistry; -import > > java.rmi.registry.Registry; import > > java.rmi.server.RMIClientSocketFactory; import > > java.rmi.server.RMIServerSocketFactory; import java.util.HashMap; > > @@ -417,18 +418,6 @@ public class JmxRemoteLifecycleListener > > extends SSLHostConfig implements Lifecyc RMIClientSocketFactory > > registryCsf, RMIServerSocketFactory registrySsf, > > RMIClientSocketFactory serverCsf, RMIServerSocketFactory serverSsf) > > { > > > > - // Create the RMI registry - Registry registry; - > > try { - registry = LocateRegistry.createRegistry( - > > theRmiRegistryPort, registryCsf, registrySsf); - } catch > > (RemoteException e) { - log.error(sm.getString( - > > "jmxRemoteLifecycleListener.createRegistryFailed", - > > serverName, Integer.toString(theRmiRegistryPort)), e); - > > return null; - } - if (bindAddress == null) { bindAddress = > > "localhost"; } @@ -449,11 +438,20 @@ public class > > JmxRemoteLifecycleListener extends SSLHostConfig implements > > Lifecyc cs = new RMIConnectorServer(serviceUrl, theEnv, server, > > ManagementFactory.getPlatformMBeanServer()); cs.start(); - > > registry.bind("jmxrmi", server.toStub()); + Remote > > jmxServer = server.toStub(); + // Create the RMI > > registry + try { + new > > JmxRegistry(theRmiRegistryPort, registryCsf, registrySsf, "jmxrmi", > > jmxServer); + } catch (RemoteException e) { + > > log.error(sm.getString( + > > "jmxRemoteLifecycleListener.createRegistryFailed", + > > serverName, Integer.toString(theRmiRegistryPort)), e); + > > return null; + } > > log.info(sm.getString("jmxRemoteLifecycleListener.start", > > Integer.toString(theRmiRegistryPort), > > Integer.toString(theRmiServerPort), serverName)); - } catch > > (IOException | AlreadyBoundException e) { + } catch > > (IOException e) { log.error(sm.getString( > > "jmxRemoteLifecycleListener.createServerFailed", serverName), e); > > @@ -589,4 +587,39 @@ public class JmxRemoteLifecycleListener > > extends SSLHostConfig implements Lifecyc return true; } } + + + > > private static class JmxRegistry extends > > sun.rmi.registry.RegistryImpl { + private static final long > > serialVersionUID = -3772054804656428217L; + private final > > String jmxName; + private final Remote jmxServer; + > > public JmxRegistry(int port, RMIClientSocketFactory csf, + > > RMIServerSocketFactory ssf, String jmxName, Remote jmxServer) > > throws RemoteException { + super(port, csf, ssf); + > > this.jmxName = jmxName; + this.jmxServer = jmxServer; + > > } + @Override + public Remote lookup(String name) + > > throws RemoteException, NotBoundException { + return > > (jmxName.equals(name)) ? jmxServer : null; + } + > > @Override + public void bind(String name, Remote obj) + > > throws RemoteException, AlreadyBoundException, AccessException { + > > } + @Override + public void unbind(String name) + > > throws RemoteException, NotBoundException, AccessException { + > > } + @Override + public void rebind(String name, > > Remote obj) + throws RemoteException, > > AccessException { + } + @Override + public > > String[] list() throws RemoteException { + return new > > String[] { jmxName }; + } + } + } diff --git > > a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index > > efc0ab6..9bbff4c 100644 --- a/webapps/docs/changelog.xml +++ > > b/webapps/docs/changelog.xml @@ -45,6 +45,13 @@ issues do not "pop > > up" wrt. others). --> <section name="Tomcat 9.0.29 (markt)" > > rtext="in development"> + <subsection name="Catalina"> + > > <changelog> + <fix> + Refactor JMX remote RMI registry > > creation. (remm) + </fix> + </changelog> + </subsection> > > </section> <section name="Tomcat 9.0.28 (markt)" rtext="release in > > progress"> <subsection name="Catalina"> > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: dev-h...@tomcat.apache.org > > > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl35REwACgkQHPApP6U8 > pFgalg/+KXEqkcGk2sNSWOHch6VgmoSXTX/380xBc24c1nnN8o+JfMaBbvarRvGB > DHw8IbAs/h9yq1fw3Ym7yffh2ZJN9o6TZt38cDdfxWphB+Vr1cqr1UrgLaj2QTm2 > 22UOqlKYnHvGSo9fvNwQ+r8rT7Dz6YabSrrCec+ukaMvK848173+vpQN2mZ/+uLk > ++/HnK0qhWAxzvfHe1/V5HbeQlhxBTHHPc21JaEIDxSFFp9dnBjvnz+tm60OHL0n > 44XskeV7nAdWgdvtjeSzkJaCFAwQPvM0UbxH9pJMKs2K1W8EXsaGbM0Q4Jf5RoK8 > 4BqFA2VaH0y+w1nyH/Q9tsEcSLDxRu8mIyCPk9FjdQWGpCKK4zU2DntrlDqZY4aw > HEMjrCViBFeEwaUjEBb+7ScJtLVadTWW+j1a6VdonSHYyGn5LTsENDVIiNU0KGCu > VW1ce6We1nW2bqsbocAQosReCLPzjFCztW/A9fqsgk7liXHBGpqWqF/Jst1crL1x > JQSfFSX6No/GNGqi+Hv1BHsCBjU+iZ0u+3nil8Sh2SN9R4ewsliGidC30wxW7v1V > iOqGmqBCy/UMsZ4XDMaCWCKFDGHYtKhnTYwng7UpBEkeyEfIIbHdd3xIBo5sCvt6 > olHHKPguC3ANm8d9QH2AWpbRTystFZsA7eGV652jxopvNNnxL/Q= > =ZkwZ > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
