Getting exported JMX beans to coexist with VM JMX

[willwright]

HI,

I have managed to get JMX up and running using spring support for a number of beans using the following code:

<!-- create rmi registry and export jmx beans to it -->
<bean id="registry"
class="org.springframework.remoting.rmi.RmiRegistr yFactoryBean">
<property name="port" value="1099" />
</bean>
<bean id="serverConnector"
class="org.springframework.jmx.support.ConnectorSe rverFactoryBean" destroy-method="destroy">
<property name="objectName" value="connector:name=rmi" />
<property name="serviceUrl" value="service:jmx:rmi://localhost/jndi/rmi://localhost:1099/djfeed" />
<property name="server" ref="mbeanServer"></property>
</bean>

I have also managed to get the VM exporting all information about itself on a different port using the args on startup as follows:

java -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.password.file=/blabla/jmxremote.password -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1199 com.blabla.Application

My problem is that if I try and set the port of the vm to 1099 so all beans appear on the same port (application beans and vm beans) I get

java.rmi.AccessException: Cannot modify this registry

when the spring rmi registry starts up. I'm guessing this has something to do with authentication but can't see what I can set to fix this (or am I on the wrong path here???). One thing I did spot are the environment settings that can be passed into the connector server factory bean e.g.

<property name="environment">
<map>
<entry key="jmx.remote.authenticator" value-ref="???????" />
</map>
</property>

Any ideas!?

[Costin Leau]

I think it is an authentication problem. I'd suggest to first try starting the server w/o any user/pass and see if you have any luck connecting to it.
See this page (http://java.sun.com/j2se/1.5.0/docs/...ent/agent.html) for the available environment properties which you can use.
You can also pass in a custom JMXAuthenticator implementation through the JMXConnectorServer.AUTHENTICATOR environment property.

[willwright]

I guess I should have mentioned this earlier but I have tried with no user/password and get exactly the same error....

Am wondering if I should be somehow setting up the vm env settings in spring as well. It seems that as the registry is created by the vm, the spring connector cannot get access to it - does this make any sense?

FYI start script now set with these params...

java -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1099 com.blabla.Application

[willwright]

Here's the stacktrace if it helps anyone...

Exception in thread "main" org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'serverConnector' defined in class path resource [applicationContext-jmx.xml]: Initialization of bean failed; nested exception is java.io.IOException: Cannot bind to URL [rmi://localhost:1099/jmxrmi]: javax.naming.NoPermissionException [Root exception is java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
java.rmi.AccessException: Cannot modify this registry]
java.io.IOException: Cannot bind to URL [rmi://localhost:1099/jmxrmi]: javax.naming.NoPermissionException [Root exception is java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
java.rmi.AccessException: Cannot modify this registry]
at javax.management.remote.rmi.RMIConnectorServer.new IOException(Unknown Source)
at javax.management.remote.rmi.RMIConnectorServer.sta rt(Unknown Source)
at org.springframework.jmx.support.ConnectorServerFac toryBean.afterPropertiesSet(ConnectorServerFactory Bean.java:183)
at org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory.invokeInitMethods(Abstr actAutowireCapableBeanFactory.java:1059)
at org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory.createBean(AbstractAuto wireCapableBeanFactory.java:363)
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:226)
at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:147)
at org.springframework.beans.factory.support.DefaultL istableBeanFactory.preInstantiateSingletons(Defaul tListableBeanFactory.java:269)
at org.springframework.context.support.AbstractApplic ationContext.refresh(AbstractApplicationContext.ja va:320)
at org.springframework.context.support.ClassPathXmlAp plicationContext.<init>(ClassPathXmlApplicationCon text.java:87)
at org.springframework.context.support.ClassPathXmlAp plicationContext.<init>(ClassPathXmlApplicationCon text.java:72)
at com.ubs.djnews.DJFeed.main(DJFeed.java:52)
Caused by: javax.naming.NoPermissionException [Root exception is java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
java.rmi.AccessException: Cannot modify this registry]
at com.sun.jndi.rmi.registry.RegistryContext.bind(Unk nown Source)
at com.sun.jndi.toolkit.url.GenericURLContext.bind(Un known Source)
at javax.naming.InitialContext.bind(Unknown Source)
at javax.management.remote.rmi.RMIConnectorServer.bin d(Unknown Source)
... 11 more
Caused by: java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
java.rmi.AccessException: Cannot modify this registry
at sun.rmi.server.UnicastServerRef.oldDispatch(Unknow n Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages( Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandl er.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.exceptionReceiv edFromServer(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.executeCall(Unk nown Source)
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
at sun.rmi.registry.RegistryImpl_Stub.bind(Unknown Source)
... 15 more
Caused by: java.rmi.AccessException: Cannot modify this registry
at sun.management.jmxremote.SingleEntryRegistry.bind( Unknown Source)
at sun.rmi.registry.RegistryImpl_Skel.dispatch(Unknow n Source)
at sun.rmi.server.UnicastServerRef.oldDispatch(Unknow n Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages( Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandl er.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

[Costin Leau]

Caused by: java.rmi.AccessException: Cannot modify this registry
at sun.management.jmxremote.SingleEntryRegistry.bind( Unknown Source)

It seems that indeed, the rmi registry is readonly - if there was a problem with the user credentials then you would have likely got a message like this one:

java.rmi.AccessException:Security Violation: user username has insufficient permission

or something similar.
Btw, have you tried running both servers on a port different the 1099?

[willwright]

Yeah - I tried on all sorts of ports but no joy

The vm certainly creates a read only registry...

The one thing that confuses me is that I've found an article demonstrating how this can be done programmatically - but I'm not sure I understand how this is possible!

http://java.sun.com/developer/JDCTec.../tt0315.html#2

[willwright]

Ok - I managed to come back to this today and have another look and found the solution... not sure I understand why this isn't better documented....

The Spring recommended way of getting the mbean server:

Code:

<bean id="mbeanServer" class="org.springframework.jmx.support.MBeanServerFactoryBean" />

won't return you the jvm mbean factory - annoyingly, so when you try to bind to the same rmi registry later you can't as it is read-only.

The solution is simply to use the ManagmentFactory that is part of 1.5:

Code:

<bean id="mbeanServer" class="java.lang.management.ManagementFactory" factory-method="getPlatformMBeanServer"/>

This returns you the one exposed by the jvm so you can skip the whole section regarding configuring your rmi registry i.e. this part...

Code:

<bean id="registry"
	class="org.springframework.remoting.rmi.RmiRegistryFactoryBean">
	<property name="port" value="4446" />
</bean>

<bean id="serverConnector"
	class="org.springframework.jmx.support.ConnectorServerFactoryBean" destroy-method="destroy">
	<property name="objectName" value="connector:name=rmi" />
        <property name="serviceUrl" value="service:jmx:rmi://localhost/jndi/rmi://localhost:4446/servername" />
       	<property name="server" ref="mbeanServer"/>
</bean>

...and just do the jmx exporter (org.springframework.jmx.export.MBeanExporter) stuff required to push you beans onto the platform server!

Remeber, to expose the jvm mbeans you need to start up the jvm with the following (or similar, this is the simplest but no security):

Code:

-Dcom.sun.management.jmxremote 
-Dcom.sun.management.jmxremote.port=4446 
-Dcom.sun.management.jmxremote.authenticate=false 
-Dcom.sun.management.jmxremote.ssl=false

and it all works - fantastic!

[Costin Leau]

Thanks for the information - I'll update the JMX docs. Jira task here: http://opensource.atlassian.com/proj...rowse/SPR-2264

[Costin Leau]

I've updated the docs to be more clear. I misunderstood your post - the Server/Client connector are used mainly to access the MBeanServer through other protocol (RMI/Burlap) - one should still use the traditional JMX API to do the registration without being aware of the underlying communication.
I have (hopefully) clarified this in the JMX docs.

A solution to your problem is :

Code:

  <bean id="mbeanServer" class="org.springframework.jmx.support.MBeanServerFactoryBean">
     <!-- indicate to first look for a server -->
     <property name="locateExistingServerIfPossible" value="true"/>
  </bean>

It will have the same effect as your
java.lang.management.ManagementFactory"
(it actually uses it underneath).

[willwright]

Thanks - you're right. I misunderstood the documents and thought it would pick up a running server by default - how annoying!