Support for JMXRP
wsargent opened this issue · comments
Will Sargent commented
It'd be nice if there were out of the box support for JMXRP in addition to RMI. TLS / SASL support might be annoying to work in, but it looks like the RMI server has mostly the same code as this example JMXRP code:
package com.example;
import javax.management.MBeanServerConnection;
import javax.management.ObjectName;
import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXServiceURL;
import javax.net.ssl.*;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Dumps info about the specified MBean from the JMXConnectorServer at
* the specified URL.
*/
public class ConnectorClient {
static KeyStore trustStore(String type, String name, char[] password) throws Exception {
KeyStore anchors = KeyStore.getInstance(type);
anchors.load(new FileInputStream(name), password);
return anchors;
}
static KeyStore.Builder keystore(String type, String filename, char[] password) {
return KeyStore.Builder.newInstance(type, null, new File(filename), new KeyStore.PasswordProtection(password));
}
static KeyManagerFactory keyManagerFactory(KeyStore.Builder... keystores) throws Exception {
KeyStoreBuilderParameters ksParams = new KeyStoreBuilderParameters(Arrays.asList(keystores));
KeyManagerFactory factory = KeyManagerFactory.getInstance("NewSunX509");
factory.init(ksParams);
return factory;
}
static TrustManagerFactory trustManagerFactory(KeyStore anckors) throws Exception {
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(anckors);
return tmf;
}
static SSLSocketFactory socketFactory(KeyManagerFactory kmf, TrustManagerFactory tmf) throws Exception {
SSLParameters sslParams = new SSLParameters();
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLSocketFactory ssf = ctx.getSocketFactory();
return ssf;
}
static MBeanServerConnection mbsc = null;
static public void main(String[] sa) throws Exception {
String urlString = "service:jmx:jmxmp://localhost:9999";
String beanId = "com.example:type=Hello";
KeyManagerFactory kmf = keyManagerFactory(keystore("JKS", "src/universal/conf/certs/client.jks", "changeit".toCharArray()));
TrustManagerFactory tmf = trustManagerFactory(trustStore("JKS", "src/universal/conf/certs/exampletrust.jks", "changeit".toCharArray()));
SSLSocketFactory socketFactory = socketFactory(kmf, tmf);
Map env = new HashMap();
env.put("jmx.remote.profiles", "TLS");
env.put("jmx.remote.tls.enabled.protocols", "TLSv1.2");
env.put("jmx.remote.tls.enabled.cipher.suites", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
env.put("jmx.remote.tls.socket.factory", socketFactory);
JMXConnector c =
JMXConnectorFactory.connect(new JMXServiceURL(urlString), env);
// If you aren't setting a profile or any other options, you can use
// null for the second connect() parameter, instead of an empty list.
try {
mbsc = c.getMBeanServerConnection();
// For this example, I chose to not expose the Adaptor as an
// MBean, which is sometimes a good thing to do for security.
// Therefore, I use it as a normal Java Object.
System.err.println("Info on '" + beanId + "' is:");
javax.management.MBeanAttributeInfo[] aa =
mbsc.getMBeanInfo(new ObjectName(beanId)).getAttributes();
for (int i = 0; i < aa.length; i++)
System.err.println(aa[i].getName());
} finally {
if (c != null) c.close();
}
System.exit(0);
}
}
https://www.javaworld.com/article/2072256/remote-jmx--connectors-and-adapters.html?page=2