This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 46fbf32e556f39ff10dc5bceb51ec751b10f2a12
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jan 15 09:25:18 2020 +0000
Remove the deprecated JmxRemoteLifecycleListener
---
.../mbeans/JmxRemoteLifecycleListener.java | 643 ---------------------
.../apache/catalina/mbeans/LocalStrings.properties | 9 -
.../catalina/mbeans/LocalStrings_es.properties | 16 -
.../catalina/mbeans/LocalStrings_fr.properties | 8 -
.../catalina/mbeans/LocalStrings_ja.properties | 8 -
.../catalina/mbeans/LocalStrings_ko.properties | 8 -
.../catalina/mbeans/LocalStrings_zh_CN.properties | 19 -
res/findbugs/filter-false-positives.xml | 6 -
webapps/docs/config/listeners.xml | 161 ------
9 files changed, 878 deletions(-)
diff --git a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
deleted file mode 100644
index 4256fb3..0000000
--- a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
+++ /dev/null
@@ -1,643 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.catalina.mbeans;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.lang.management.ManagementFactory;
-import java.net.InetAddress;
-import java.net.MalformedURLException;
-import java.net.ServerSocket;
-import java.net.Socket;
-import java.net.UnknownHostException;
-import java.rmi.AccessException;
-import java.rmi.AlreadyBoundException;
-import java.rmi.NotBoundException;
-import java.rmi.Remote;
-import java.rmi.RemoteException;
-import java.rmi.server.RMIClientSocketFactory;
-import java.rmi.server.RMIServerSocketFactory;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.management.remote.JMXConnectorServer;
-import javax.management.remote.JMXServiceURL;
-import javax.management.remote.rmi.RMIConnectorServer;
-import javax.management.remote.rmi.RMIJRMPServerImpl;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLServerSocket;
-import javax.net.ssl.SSLServerSocketFactory;
-import javax.net.ssl.SSLSessionContext;
-import javax.rmi.ssl.SslRMIClientSocketFactory;
-import javax.rmi.ssl.SslRMIServerSocketFactory;
-
-import org.apache.catalina.Lifecycle;
-import org.apache.catalina.LifecycleEvent;
-import org.apache.catalina.LifecycleListener;
-import org.apache.juli.logging.Log;
-import org.apache.juli.logging.LogFactory;
-import org.apache.tomcat.util.net.SSLHostConfig;
-import org.apache.tomcat.util.net.SSLHostConfigCertificate;
-import org.apache.tomcat.util.net.jsse.JSSEUtil;
-import org.apache.tomcat.util.res.StringManager;
-
-/**
- * This listener fixes the port used by JMX/RMI Server making things much
- * simpler if you need to connect jconsole or similar to a remote Tomcat
- * instance that is running behind a firewall. Only the ports are configured
via
- * the listener. The remainder of the configuration is via the standard system
- * properties for configuring JMX.
- *
- * @deprecated The features provided by this listener are now available in the
- * remote JMX capability included with the JRE.
- * This listener will be removed in Tomcat 10 and may be removed
- * from Tomcat 9.0.x some time after 2020-12-31.
- */
-@Deprecated
-public class JmxRemoteLifecycleListener extends SSLHostConfig implements
LifecycleListener {
-
- private static final long serialVersionUID = 1L;
-
- private static final Log log =
LogFactory.getLog(JmxRemoteLifecycleListener.class);
-
- protected static final StringManager sm =
- StringManager.getManager(JmxRemoteLifecycleListener.class);
-
- protected String rmiBindAddress = null;
- protected int rmiRegistryPortPlatform = -1;
- protected int rmiServerPortPlatform = -1;
- protected boolean rmiRegistrySSL = true;
- protected boolean rmiServerSSL = true;
- protected boolean authenticate = true;
- protected String passwordFile = null;
- protected String loginModuleName = null;
- protected String accessFile = null;
- protected boolean useLocalPorts = false;
-
- protected transient JMXConnectorServer csPlatform = null;
-
- /**
- * Get the inet address on which the Platform RMI server is exported.
- * @return The textual representation of inet address
- */
- public String getRmiBindAddress() {
- return rmiBindAddress;
- }
-
- /**
- * Set the inet address on which the Platform RMI server is exported.
- * @param theRmiBindAddress The textual representation of inet address
- */
- public void setRmiBindAddress(String theRmiBindAddress) {
- rmiBindAddress = theRmiBindAddress;
- }
-
- /**
- * Get the port on which the Platform RMI server is exported. This is the
- * port that is normally chosen by the RMI stack.
- * @return The port number
- */
- public int getRmiServerPortPlatform() {
- return rmiServerPortPlatform;
- }
-
- /**
- * Set the port on which the Platform RMI server is exported. This is the
- * port that is normally chosen by the RMI stack.
- * @param theRmiServerPortPlatform The port number
- */
- public void setRmiServerPortPlatform(int theRmiServerPortPlatform) {
- rmiServerPortPlatform = theRmiServerPortPlatform;
- }
-
- /**
- * Get the port on which the Platform RMI registry is exported.
- * @return The port number
- */
- public int getRmiRegistryPortPlatform() {
- return rmiRegistryPortPlatform;
- }
-
- /**
- * Set the port on which the Platform RMI registry is exported.
- * @param theRmiRegistryPortPlatform The port number
- */
- public void setRmiRegistryPortPlatform(int theRmiRegistryPortPlatform) {
- rmiRegistryPortPlatform = theRmiRegistryPortPlatform;
- }
-
- /**
- * Get the flag that indicates that local ports should be used for all
- * connections. If using SSH tunnels, or similar, this should be set to
- * true to ensure the RMI client uses the tunnel.
- * @return <code>true</code> if local ports should be used
- */
- public boolean getUseLocalPorts() {
- return useLocalPorts;
- }
-
- /**
- * Set the flag that indicates that local ports should be used for all
- * connections. If using SSH tunnels, or similar, this should be set to
- * true to ensure the RMI client uses the tunnel.
- * @param useLocalPorts Set to <code>true</code> if local ports should be
- * used
- */
- public void setUseLocalPorts(boolean useLocalPorts) {
- this.useLocalPorts = useLocalPorts;
- }
-
- /**
- * @return the rmiRegistrySSL
- */
- public boolean isRmiRegistrySSL() {
- return rmiRegistrySSL;
- }
-
- /**
- * @param rmiRegistrySSL the rmiRegistrySSL to set
- */
- public void setRmiRegistrySSL(boolean rmiRegistrySSL) {
- this.rmiRegistrySSL = rmiRegistrySSL;
- }
-
- /**
- * @return the rmiServerSSL
- */
- public boolean isRmiServerSSL() {
- return rmiServerSSL;
- }
-
- /**
- * @param rmiServerSSL the rmiServerSSL to set
- */
- public void setRmiServerSSL(boolean rmiServerSSL) {
- this.rmiServerSSL = rmiServerSSL;
- }
-
- /**
- * @return the authenticate
- */
- public boolean isAuthenticate() {
- return authenticate;
- }
-
- /**
- * @param authenticate the authenticate to set
- */
- public void setAuthenticate(boolean authenticate) {
- this.authenticate = authenticate;
- }
-
- /**
- * @return the passwordFile
- */
- public String getPasswordFile() {
- return passwordFile;
- }
-
- /**
- * @param passwordFile the passwordFile to set
- */
- public void setPasswordFile(String passwordFile) {
- this.passwordFile = passwordFile;
- }
-
- /**
- * @return the loginModuleName
- */
- public String getLoginModuleName() {
- return loginModuleName;
- }
-
- /**
- * @param loginModuleName the loginModuleName to set
- */
- public void setLoginModuleName(String loginModuleName) {
- this.loginModuleName = loginModuleName;
- }
-
- /**
- * @return the accessFile
- */
- public String getAccessFile() {
- return accessFile;
- }
-
- /**
- * @param accessFile the accessFile to set
- */
- public void setAccessFile(String accessFile) {
- this.accessFile = accessFile;
- }
-
- protected void init() {
- // Get all the other parameters required from the standard system
- // properties. Only need to get the parameters that affect the creation
- // of the server port.
- String rmiRegistrySSLValue =
System.getProperty("com.sun.management.jmxremote.registry.ssl");
- if (rmiRegistrySSLValue != null) {
- setRmiRegistrySSL(Boolean.parseBoolean(rmiRegistrySSLValue));
- }
-
- String rmiServerSSLValue =
System.getProperty("com.sun.management.jmxremote.ssl");
- if (rmiServerSSLValue != null) {
- setRmiServerSSL(Boolean.parseBoolean(rmiServerSSLValue));
- }
-
- String protocolsValue =
System.getProperty("com.sun.management.jmxremote.ssl.enabled.protocols");
- if (protocolsValue != null) {
- setEnabledProtocols(protocolsValue.split(","));
- }
-
- String ciphersValue =
System.getProperty("com.sun.management.jmxremote.ssl.enabled.cipher.suites");
- if (ciphersValue != null) {
- setCiphers(ciphersValue);
- }
-
- String clientAuthValue =
System.getProperty("com.sun.management.jmxremote.ssl.need.client.auth");
- if (clientAuthValue != null) {
- setCertificateVerification(clientAuthValue);
- }
-
- String authenticateValue =
System.getProperty("com.sun.management.jmxremote.authenticate");
- if (authenticateValue != null) {
- setAuthenticate(Boolean.parseBoolean(authenticateValue));
- }
-
- String passwordFileValue =
System.getProperty("com.sun.management.jmxremote.password.file");
- if (passwordFileValue != null) {
- setPasswordFile(passwordFileValue);
- }
-
- String accessFileValue =
System.getProperty("com.sun.management.jmxremote.access.file");
- if (accessFileValue != null) {
- setAccessFile(accessFileValue);
- }
-
- String loginModuleNameValue =
System.getProperty("com.sun.management.jmxremote.login.config");
- if (loginModuleNameValue != null) {
- setLoginModuleName(loginModuleNameValue);
- }
- }
-
-
- @Override
- public void lifecycleEvent(LifecycleEvent event) {
- if (Lifecycle.BEFORE_INIT_EVENT.equals(event.getType())) {
- log.warn(sm.getString("jmxRemoteLifecycleListener.deprecated"));
- } else if (Lifecycle.START_EVENT.equals(event.getType())) {
- // When the server starts, configure JMX/RMI
-
- // Configure using standard JMX system properties
- init();
-
- SSLContext sslContext = null;
- // Create SSL context if properties were set to define a
certificate
- if (getCertificates().size() > 0) {
- SSLHostConfigCertificate certificate =
getCertificates().iterator().next();
- // This can only support JSSE
- JSSEUtil sslUtil = new JSSEUtil(certificate);
- try {
- sslContext =
javax.net.ssl.SSLContext.getInstance(getSslProtocol());
- setEnabledProtocols(sslUtil.getEnabledProtocols());
- setEnabledCiphers(sslUtil.getEnabledCiphers());
- sslContext.init(sslUtil.getKeyManagers(),
sslUtil.getTrustManagers(), null);
- SSLSessionContext sessionContext =
sslContext.getServerSessionContext();
- if (sessionContext != null) {
- sslUtil.configureSessionContext(sessionContext);
- }
- } catch (Exception e) {
-
log.error(sm.getString("jmxRemoteLifecycleListener.invalidSSLConfiguration"),
e);
- }
- }
-
- // Prevent an attacker guessing the RMI object ID
- System.setProperty("java.rmi.server.randomIDs", "true");
-
- // Create the environment
- Map<String,Object> env = new HashMap<>();
-
- RMIClientSocketFactory registryCsf = null;
- RMIServerSocketFactory registrySsf = null;
-
- RMIClientSocketFactory serverCsf = null;
- RMIServerSocketFactory serverSsf = null;
-
- // Configure registry socket factories
- if (rmiRegistrySSL) {
- registryCsf = new SslRMIClientSocketFactory();
- if (rmiBindAddress == null) {
- registrySsf = new SslRMIServerSocketFactory(sslContext,
- getEnabledCiphers(), getEnabledProtocols(),
- getCertificateVerification() ==
CertificateVerification.REQUIRED);
- } else {
- registrySsf = new SslRmiServerBindSocketFactory(sslContext,
- getEnabledCiphers(), getEnabledProtocols(),
- getCertificateVerification() ==
CertificateVerification.REQUIRED,
- rmiBindAddress);
- }
- } else {
- if (rmiBindAddress != null) {
- registrySsf = new
RmiServerBindSocketFactory(rmiBindAddress);
- }
- }
-
- // Configure server socket factories
- if (rmiServerSSL) {
- serverCsf = new SslRMIClientSocketFactory();
- if (rmiBindAddress == null) {
- serverSsf = new SslRMIServerSocketFactory(sslContext,
- getEnabledCiphers(), getEnabledProtocols(),
- getCertificateVerification() ==
CertificateVerification.REQUIRED);
- } else {
- serverSsf = new SslRmiServerBindSocketFactory(sslContext,
- getEnabledCiphers(), getEnabledProtocols(),
- getCertificateVerification() ==
CertificateVerification.REQUIRED,
- rmiBindAddress);
- }
- } else {
- if (rmiBindAddress != null) {
- serverSsf = new RmiServerBindSocketFactory(rmiBindAddress);
- }
- }
-
- // By default, the registry will pick an address to listen on.
- // Setting this property overrides that and ensures it listens on
- // the configured address.
- if (rmiBindAddress != null) {
- System.setProperty("java.rmi.server.hostname", rmiBindAddress);
- }
-
- // Force the use of local ports if required
- if (useLocalPorts) {
- registryCsf = new RmiClientLocalhostSocketFactory(registryCsf);
- serverCsf = new RmiClientLocalhostSocketFactory(serverCsf);
- }
-
- env.put("jmx.remote.rmi.server.credential.types", new String[] {
- String[].class.getName(),
- String.class.getName() });
-
- // Populate the env properties used to create the server
- if (serverCsf != null) {
-
env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, serverCsf);
- env.put("com.sun.jndi.rmi.factory.socket", registryCsf);
- }
- if (serverSsf != null) {
-
env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, serverSsf);
- }
-
- // Configure authentication
- if (authenticate) {
- env.put("jmx.remote.x.password.file", passwordFile);
- env.put("jmx.remote.x.access.file", accessFile);
- env.put("jmx.remote.x.login.config", loginModuleName);
- }
-
- // Create the Platform server
- csPlatform = createServer("Platform", rmiBindAddress,
rmiRegistryPortPlatform,
- rmiServerPortPlatform, env, registryCsf, registrySsf,
serverCsf, serverSsf);
-
- } else if (Lifecycle.STOP_EVENT.equals(event.getType())) {
- destroyServer("Platform", csPlatform);
- }
- }
-
-
- private JMXConnectorServer createServer(String serverName,
- String bindAddress, int theRmiRegistryPort, int theRmiServerPort,
- Map<String,Object> theEnv,
- RMIClientSocketFactory registryCsf, RMIServerSocketFactory
registrySsf,
- RMIClientSocketFactory serverCsf, RMIServerSocketFactory
serverSsf) {
-
- if (bindAddress == null) {
- bindAddress = "localhost";
- }
-
- String url = "service:jmx:rmi://" + bindAddress;
- JMXServiceURL serviceUrl;
- try {
- serviceUrl = new JMXServiceURL(url);
- } catch (MalformedURLException e) {
- log.error(sm.getString("jmxRemoteLifecycleListener.invalidURL",
serverName, url), e);
- return null;
- }
-
- RMIConnectorServer cs = null;
- try {
- RMIJRMPServerImpl server = new RMIJRMPServerImpl(
- rmiServerPortPlatform, serverCsf, serverSsf, theEnv);
- cs = new RMIConnectorServer(serviceUrl, theEnv, server,
- ManagementFactory.getPlatformMBeanServer());
- cs.start();
- Remote jmxServer = server.toStub();
- // Create the RMI registry
- try {
- /*
- * JmxRegistry is registered as a side-effect of creation.
- * This object is here so we can tell the IDE it is OK for it
- * not to be used.
- */
- @SuppressWarnings("unused")
- JmxRegistry unused = new JmxRegistry(theRmiRegistryPort,
registryCsf, registrySsf, "jmxrmi", jmxServer);
- } catch (RemoteException e) {
- log.error(sm.getString(
- "jmxRemoteLifecycleListener.createRegistryFailed",
- serverName, Integer.toString(theRmiRegistryPort)), e);
- return null;
- }
- log.info(sm.getString("jmxRemoteLifecycleListener.start",
- Integer.toString(theRmiRegistryPort),
- Integer.toString(theRmiServerPort), serverName));
- } catch (IOException e) {
- log.error(sm.getString(
- "jmxRemoteLifecycleListener.createServerFailed",
- serverName), e);
- }
- return cs;
- }
-
-
- private void destroyServer(String serverName,
- JMXConnectorServer theConnectorServer) {
- if (theConnectorServer != null) {
- try {
- theConnectorServer.stop();
- } catch (IOException e) {
- log.error(sm.getString(
- "jmxRemoteLifecycleListener.destroyServerFailed",
- serverName),e);
- }
- }
- }
-
-
- public static class RmiClientLocalhostSocketFactory
- implements RMIClientSocketFactory, Serializable {
-
- private static final long serialVersionUID = 1L;
-
- private static final String FORCED_HOST = "localhost";
-
- private final RMIClientSocketFactory factory;
-
- public RmiClientLocalhostSocketFactory(RMIClientSocketFactory
theFactory) {
- factory = theFactory;
- }
-
- @Override
- public Socket createSocket(String host, int port) throws IOException {
- if (factory == null) {
- return new Socket(FORCED_HOST, port);
- } else {
- return factory.createSocket(FORCED_HOST, port);
- }
- }
- }
-
-
- public static class RmiServerBindSocketFactory implements
RMIServerSocketFactory {
-
- private final InetAddress bindAddress;
-
- public RmiServerBindSocketFactory(String address) {
- InetAddress bindAddress = null;
- try {
- bindAddress = InetAddress.getByName(address);
- } catch (UnknownHostException e) {
- log.error(sm.getString(
- "jmxRemoteLifecycleListener.invalidRmiBindAddress",
address), e);
- // bind address will be null which means any/all local
addresses
- // which should be safe
- }
- this.bindAddress = bindAddress;
- }
-
- @Override
- public ServerSocket createServerSocket(int port) throws IOException {
- return new ServerSocket(port, 0, bindAddress);
- }
- }
-
-
- public static class SslRmiServerBindSocketFactory extends
SslRMIServerSocketFactory {
-
- private final InetAddress bindAddress;
- private final SSLContext sslContext;
-
- public SslRmiServerBindSocketFactory(SSLContext sslContext, String[]
enabledCipherSuites,
- String[] enabledProtocols, boolean needClientAuth, String
address) {
- super(sslContext, enabledCipherSuites, enabledProtocols,
needClientAuth);
- this.sslContext = sslContext;
- InetAddress bindAddress = null;
- try {
- bindAddress = InetAddress.getByName(address);
- } catch (UnknownHostException e) {
- log.error(sm.getString(
- "jmxRemoteLifecycleListener.invalidRmiBindAddress",
address), e);
- // bind address will be null which means any/all local
addresses
- // which should be safe
- }
- this.bindAddress = bindAddress;
- }
-
- @Override
- public ServerSocket createServerSocket(int port) throws IOException {
- SSLServerSocketFactory sslServerSocketFactory = (sslContext ==
null)
- ? (SSLServerSocketFactory)
SSLServerSocketFactory.getDefault()
- : sslContext.getServerSocketFactory();
- SSLServerSocket sslServerSocket =
- (SSLServerSocket)
sslServerSocketFactory.createServerSocket(port, 0, bindAddress);
- if (getEnabledCipherSuites() != null) {
-
sslServerSocket.setEnabledCipherSuites(getEnabledCipherSuites());
- }
- if (getEnabledProtocols() != null) {
- sslServerSocket.setEnabledProtocols(getEnabledProtocols());
- }
- sslServerSocket.setNeedClientAuth(getNeedClientAuth());
- return sslServerSocket;
- }
-
- // Super class defines hashCode() and equals(). Probably not used in
- // Tomcat but for safety, override them here.
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = super.hashCode();
- result = prime * result + ((bindAddress == null) ? 0 :
bindAddress.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (!super.equals(obj))
- return false;
- if (getClass() != obj.getClass())
- return false;
- SslRmiServerBindSocketFactory other =
(SslRmiServerBindSocketFactory) obj;
- if (bindAddress == null) {
- if (other.bindAddress != null)
- return false;
- } else if (!bindAddress.equals(other.bindAddress))
- return false;
- return true;
- }
- }
-
-
- /*
- * Better to use the internal API than re-invent the wheel.
- */
- @SuppressWarnings("restriction")
- private static class JmxRegistry extends sun.rmi.registry.RegistryImpl {
- private static final long serialVersionUID = -3772054804656428217L;
- private final String jmxName;
- private final Remote jmxServer;
- public JmxRegistry(int port, RMIClientSocketFactory csf,
- RMIServerSocketFactory ssf, String jmxName, Remote jmxServer)
throws RemoteException {
- super(port, csf, ssf);
- this.jmxName = jmxName;
- this.jmxServer = jmxServer;
- }
- @Override
- public Remote lookup(String name)
- throws RemoteException, NotBoundException {
- return (jmxName.equals(name)) ? jmxServer : null;
- }
- @Override
- public void bind(String name, Remote obj)
- throws RemoteException, AlreadyBoundException, AccessException
{
- }
- @Override
- public void unbind(String name)
- throws RemoteException, NotBoundException, AccessException {
- }
- @Override
- public void rebind(String name, Remote obj)
- throws RemoteException, AccessException {
- }
- @Override
- public String[] list() throws RemoteException {
- return new String[] { jmxName };
- }
- }
-
-}
diff --git a/java/org/apache/catalina/mbeans/LocalStrings.properties
b/java/org/apache/catalina/mbeans/LocalStrings.properties
index 7cc32e2..b139f3d 100644
--- a/java/org/apache/catalina/mbeans/LocalStrings.properties
+++ b/java/org/apache/catalina/mbeans/LocalStrings.properties
@@ -23,15 +23,6 @@ globalResources.createError.userDatabase.user=Cannot create
User MBean for user
globalResources.noNamingContext=No global naming context defined for server
globalResources.userDatabaseCreateError=Exception creating UserDatabase MBeans
for [{0}]
-jmxRemoteLifecycleListener.createRegistryFailed=Unable to create the RMI
registry for the [{0}] server using port [{1}]
-jmxRemoteLifecycleListener.createServerFailed=The JMX connector server could
not be created or failed to start for the [{0}] server
-jmxRemoteLifecycleListener.deprecated=The JmxRemoteLifecycleListener is
deprecated as as the features it provides are now available in the remote JMX
capability included with the JRE. This listener will be removed in Tomcat 10
and may be removed from Tomcat 9 some time after 2020-12-31.
-jmxRemoteLifecycleListener.destroyServerFailed=The JMX connector server could
not be stopped for the [{0}] server
-jmxRemoteLifecycleListener.invalidRmiBindAddress=Invalid RMI bind address [{0}]
-jmxRemoteLifecycleListener.invalidSSLConfiguration=SSL configuration error
-jmxRemoteLifecycleListener.invalidURL=The JMX Service URL requested for the
[{0}] server, [{1}], was invalid
-jmxRemoteLifecycleListener.start=The JMX Remote Listener has configured the
registry on port [{0}] and the server on port [{1}] for the [{2}] server
-
mBean.attributeNotFound=Cannot find attribute [{0}]
mBean.nullAttribute=Attribute is null
mBean.nullName=Attribute name is null
diff --git a/java/org/apache/catalina/mbeans/LocalStrings_es.properties
b/java/org/apache/catalina/mbeans/LocalStrings_es.properties
deleted file mode 100644
index b09f904..0000000
--- a/java/org/apache/catalina/mbeans/LocalStrings_es.properties
+++ /dev/null
@@ -1,16 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-jmxRemoteLifecycleListener.invalidURL=LA URL del servicio JMX solicitada por
el servidor [{0}], [{1}], fue no válida
diff --git a/java/org/apache/catalina/mbeans/LocalStrings_fr.properties
b/java/org/apache/catalina/mbeans/LocalStrings_fr.properties
index 82d5eff..30cbc2d 100644
--- a/java/org/apache/catalina/mbeans/LocalStrings_fr.properties
+++ b/java/org/apache/catalina/mbeans/LocalStrings_fr.properties
@@ -23,14 +23,6 @@ globalResources.createError.userDatabase.user=Impossible de
créer un MBean User
globalResources.noNamingContext=Aucun contexte de nommage global n'a été
défini pour le serveur
globalResources.userDatabaseCreateError=Erreur lors de la création des MBeans
d''une UserDatabase pour [{0}]
-jmxRemoteLifecycleListener.createRegistryFailed=Création du répertoire RMI
impossible pour le serveur [{0}] utilisant le port [{1}]
-jmxRemoteLifecycleListener.createServerFailed=Le connecteur serveur JMX pour
le serveur [{0}] n''a pas pu être créé ou n''a pas pu démarrer
-jmxRemoteLifecycleListener.destroyServerFailed=Le connecteur serveur JMX pour
le serveur [{0}] n''a pas pu être stoppé
-jmxRemoteLifecycleListener.invalidRmiBindAddress=Adresse d''association du RMI
invalide [{0}]
-jmxRemoteLifecycleListener.invalidSSLConfiguration=Erreur de configuration SSL
-jmxRemoteLifecycleListener.invalidURL=L''URL demandée pour le serveur [{0}],
[{1}], est incorrect
-jmxRemoteLifecycleListener.start=L''écouteur distant JMX a configuré le
répertoire sur le port [{0}] et le serveur sur le port [{1}] pour le serveur
[{2}]
-
mBean.attributeNotFound=Impossible de trouver l''attribut [{0}]
mBean.nullAttribute=L'attribut est null
mBean.nullName=Le nom d'attribut est null
diff --git a/java/org/apache/catalina/mbeans/LocalStrings_ja.properties
b/java/org/apache/catalina/mbeans/LocalStrings_ja.properties
index 27a3099..c540062 100644
--- a/java/org/apache/catalina/mbeans/LocalStrings_ja.properties
+++ b/java/org/apache/catalina/mbeans/LocalStrings_ja.properties
@@ -23,14 +23,6 @@ globalResources.createError.userDatabase.user=ユーザー[{0}]のUser
MBeanを
globalResources.noNamingContext=サーバー用に定義されたグローバル・ネーミング・コンテキストがありません。
globalResources.userDatabaseCreateError=[{0}]のUserDatabase MBeanを作成する際の例外
-jmxRemoteLifecycleListener.createRegistryFailed=ポート[{1}]を使用して[{0}]サーバーのRMIレジストリを作成できません
-jmxRemoteLifecycleListener.createServerFailed=[{0}]サーバーのJMXコネクタサーバーを作成できなかったか、または開始できませんでした
-jmxRemoteLifecycleListener.destroyServerFailed=[{0}]サーバーのJMXコネクタサーバーを停止できませんでした。
-jmxRemoteLifecycleListener.invalidRmiBindAddress=無効なRMIバインドアドレス[{0}]
-jmxRemoteLifecycleListener.invalidSSLConfiguration=SSL構成エラー
-jmxRemoteLifecycleListener.invalidURL=[{0}] サーバーに不正な JMX サービスリクエスト [{1}]
が要求されました。
-jmxRemoteLifecycleListener.start=サーバー [{2}] の JMX リモートリスナーをレジストリーポート番号 [{0}]
サーバーポート番号 [{1}] で構成しました。
-
mBean.attributeNotFound=属性 [{0}] を見つけられません。
mBean.nullAttribute=属性がnullです
mBean.nullName=属性名がNulです。
diff --git a/java/org/apache/catalina/mbeans/LocalStrings_ko.properties
b/java/org/apache/catalina/mbeans/LocalStrings_ko.properties
index 4732ce0..72fec6c 100644
--- a/java/org/apache/catalina/mbeans/LocalStrings_ko.properties
+++ b/java/org/apache/catalina/mbeans/LocalStrings_ko.properties
@@ -23,14 +23,6 @@ globalResources.createError.userDatabase.user=사용자 [{0}]을(를)
위한 사
globalResources.noNamingContext=서버를 위한 글로벌 Naming 컨텍스트가 정의되지 않았습니다.
globalResources.userDatabaseCreateError=[{0}]을(를) 위한 사용자 데이터베이스 MBean들을 생성하는 중
예외 발생
-jmxRemoteLifecycleListener.createRegistryFailed=[{0}] 서버를 위한 RMI 레지스트리를, 포트 번호
[{1}]을(를) 사용하여 생성할 수 없습니다.
-jmxRemoteLifecycleListener.createServerFailed=JMX connector 서버가 생성될 수 없었거나,
[{0}] 서버를 위해 시작되지 못했습니다.
-jmxRemoteLifecycleListener.destroyServerFailed=[{0}] 서버를 위해, JMX connector 서버가
중지될 수 없었습니다.
-jmxRemoteLifecycleListener.invalidRmiBindAddress=유효하지 않은 RMI 바인딩 주소 [{0}]
-jmxRemoteLifecycleListener.invalidSSLConfiguration=SSL 설정 오류
-jmxRemoteLifecycleListener.invalidURL=[{0}] 서버에 요청하는 JMX 서비스 URL [{1}]은(는)
유효하지 않습니다.
-jmxRemoteLifecycleListener.start=[{2}] 서버를 위하여, JMX 원격 리스너가 포트 [{0}]에 레지스트리를
설정했으며, 포트 [{1}]에 서버를 설정했습니다.
-
mBean.attributeNotFound=속성 [{0}]을(를) 찾을 수 없습니다.
mBean.nullAttribute=속성이 널입니다.
mBean.nullName=속성 이름이 널입니다.
diff --git a/java/org/apache/catalina/mbeans/LocalStrings_zh_CN.properties
b/java/org/apache/catalina/mbeans/LocalStrings_zh_CN.properties
deleted file mode 100644
index 5b718d7..0000000
--- a/java/org/apache/catalina/mbeans/LocalStrings_zh_CN.properties
+++ /dev/null
@@ -1,19 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-jmxRemoteLifecycleListener.createRegistryFailed=无法使用端口[{1}]为[{0}]服务器创建RMI注册表
-jmxRemoteLifecycleListener.createServerFailed=无法为[{0}]服务器创建JMX连接器服务器或启动失败
-jmxRemoteLifecycleListener.invalidSSLConfiguration=SSL配置错误
-jmxRemoteLifecycleListener.invalidURL=为[{0}]服务器[{1}]请求的JMX服务URL无效
diff --git a/res/findbugs/filter-false-positives.xml
b/res/findbugs/filter-false-positives.xml
index b099a82..1acdd72 100644
--- a/res/findbugs/filter-false-positives.xml
+++ b/res/findbugs/filter-false-positives.xml
@@ -344,12 +344,6 @@
<Bug pattern="VO_VOLATILE_REFERENCE_TO_ARRAY" />
</Match>
<Match>
- <!-- Object is used via side-effect of creation. -->
- <Class name="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" />
- <Method name="createServer" />
- <Bug pattern="DLS_DEAD_LOCAL_STORE" />
- </Match>
- <Match>
<!-- SQL construction is safe since it is from trusted config -->
<Or>
<Class name="org.apache.catalina.realm.DataSourceRealm" />
diff --git a/webapps/docs/config/listeners.xml
b/webapps/docs/config/listeners.xml
index 25828d8..214b3ed 100644
--- a/webapps/docs/config/listeners.xml
+++ b/webapps/docs/config/listeners.xml
@@ -549,167 +549,6 @@
</subsection>
</section>
-<section name="Deprecated Implementations">
-
- <subsection name="JMX Remote Lifecycle Listener -
org.apache.catalina.mbeans.JmxRemoteLifecycleListener">
-
- <p><strong>This listener is now deprecated as the features it provides are
- now available in the remote JMX capability included with the JRE. This
- listener will be removed in Tomcat 10 and may be removed from Tomcat 9 some
- time after 2020-12-31.</strong></p>
-
- <p>The <strong>JMX Remote Lifecycle Listener</strong> fixes the ports used
by
- the JMX/RMI Server making things much simpler if you need to connect
- visualvm or a similar tool to a remote Tomcat instance that is running
- behind a firewall.</p>
-
- <p>The remainder of the configuration can be done via the standard system
- properties for configuring JMX. For further information on configuring JMX
- see
- <a
href="http://docs.oracle.com/javase/6/docs/technotes/guides/management/agent.html";>
- Monitoring and Management Using JMX</a> included with the Java SDK
- documentation.</p>
-
- <p>This listener must only be nested within a <a
href="server.html">Server</a>
- element.</p>
-
- <p>The following additional attributes are supported by the <strong>JMX
Remote
- Lifecycle Listener</strong>, in addition to the SSL related attributes
noted below
- in the "SSL Configurations" section:</p>
-
- <attributes>
-
- <attribute name="accessFile" required="false">
- <p>Defines the access file used. The attribute will be set to the
- value of the <code>com.sun.management.jmxremote.access.file</code>
- system property if it is defined.</p>
- </attribute>
-
- <attribute name="authenticate" required="false">
- <p>Defines if authentication is used. Defaults to
- <code>true</code>. The attribute will be set to the value of the
- <code>com.sun.management.jmxremote.authenticate</code> system property
- if it is defined.</p>
- </attribute>
-
- <attribute name="loginModuleName" required="false">
- <p>Defines the login module used. The attribute will be set to the
- value of the <code>com.sun.management.jmxremote.login.config</code>
- system property if it is defined.</p>
- </attribute>
-
- <attribute name="passwordFile" required="false">
- <p>Defines the password file used. The attribute will be set to the
- value of the <code>com.sun.management.jmxremote.password.file</code>
- system property if it is defined.</p>
- </attribute>
-
- <attribute name="rmiBindAddress" required="false">
- <p>The address of the interface to be used by JMX/RMI server.</p>
- </attribute>
-
- <attribute name="rmiRegistryPortPlatform" required="true">
- <p>The port to be used by the JMX/RMI registry for the Platform MBeans.
- This replaces the use of the
- <code>com.sun.management.jmxremote.port</code> system property that
- should not be set when using this listener.</p>
- </attribute>
-
- <attribute name="rmiRegistrySSL" required="false">
- <p>Defines if the RMI registry will use SSL. Defaults to
- <code>true</code>. The attribute will be set to the value of the
- <code>com.sun.management.jmxremote.registry.ssl</code> system property
- if it is defined.</p>
- </attribute>
-
- <attribute name="rmiServerPortPlatform" required="true">
- <p>The port to be used by the Platform JMX/RMI server.</p>
- </attribute>
-
- <attribute name="rmiServerSSL" required="false">
- <p>Defines if the JMX remote server will use SSL. Defaults to
- <code>true</code>. The attribute will be set to the value of the
- <code>com.sun.management.jmxremote.ssl</code> system property
- if it is defined.</p>
- </attribute>
-
- <attribute name="useLocalPorts" required="false">
- <p>Should any clients using these ports be forced to use local ports to
- connect to the JMX/RMI server. This is useful when tunnelling
- connections over SSH or similar. Defaults to <code>false</code>.</p>
- </attribute>
-
- </attributes>
-
- <h3>Using file-based Authentication and Authorisation</h3>
-
- <p>If this listener was configured in server.xml as:</p>
- <source><![CDATA[ <Listener
className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
- rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002"
/>]]></source>
- <p>with the following system properties set (e.g. in setenv.sh):</p>
- <source>
-Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
-
-Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access
- -Dcom.sun.management.jmxremote.ssl=false</source>
- <p>$CATALINA_BASE/conf/jmxremote.password containing:</p>
- <source>admin letmein</source>
- <p>$CATALINA_BASE/conf/jmxremote.access containing:</p>
- <source>admin readwrite</source>
- <p>then opening ports 10001 (RMI Registry) and 10002 (JMX/RMI Server) in
your
- firewall would enable jconsole to connect to a Tomcat instance running
- behind a firewall using a connection string of the form:</p>
-
<source>service:jmx:rmi://<hostname>:10002/jndi/rmi://<hostname>:10001/jmxrmi</source>
- <p>
- with a user name of <code>admin</code> and a password of
- <code>letmein</code>.
- </p>
-
- <h3>SSL Configurations</h3>
-
- <p>Note: SSL configuration can be done with attributes identical to those
- of <a href="http.html#SSL_Support_-_SSLHostConfig">SSLHostConfig</a> and
the
- properties of the default certificate as defined for
- <a href="http.html#SSL_Support_-_Certificate">SSLHostConfigCertificate</a>.
- This will create a JSSE SSLContext which will be given to the JMX/RMI
registry
- when creating the server socket. OpenSSL specific attributes <strong>cannot
- </strong> be used in the configuration as JMX remote can only use a regular
- SSLContext.</p>
-
- <p>A certificate can be defined for the server using a keystore:</p>
- <source><![CDATA[ <Listener
className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
- rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002"
- certificateKeystoreFile="${catalina.home}/conf/mykeystore.jks"
/>]]></source>
-
- <h3>Using JAAS</h3>
-
- <p>If we use the following system properties instead:</p>
- <source> -Dcom.sun.management.jmxremote.login.config=Tomcat
- -Djava.security.auth.login.config=$CATALINA_BASE/conf/login.config
-
-Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access
- -Dcom.sun.management.jmxremote.ssl=false</source>
- <p>$CATALINA_BASE/conf/login.config containing your choice of JAAS
LoginModule implementation, for example:</p>
- <source> Tomcat { /* should match to the
com.sun.management.jmxremote.login.config property */
-
- /* for illustration purposes only */
- com.sun.security.auth.module.LdapLoginModule REQUIRED
- userProvider="ldap://ldap-svr/ou=people,dc=example,dc=com";
- userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
- authzIdentity="admin"
- debug=true;
- };</source>
- <p>$CATALINA_BASE/conf/jmxremote.access containing:</p>
- <source>admin readwrite</source>
- <p>
- then we would need to provide LDAP credentials instead.
- </p>
-
- <p><strong>Note that the examples above do not use SSL. JMX access should
- be considered equivalent to administrative access and secured accordingly.
- </strong></p>
-
- </subsection>
-
-</section>
-
</body>
</document>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
