The JVM option jmxremote.local.only=true does not work properly

About

Asked 8/10, 2012 at 10:0 Answered 27/1, 2022 at 11:11

I wrote a batch Java 7 application that should be controlled by a JMX client. The JMX service is up and running, and I can connect to it using jConsole from my machine.

I set the option -Dcom.sun.management.jmxremote.local.only=true to avoid any incoming connection except from 127.0.0.1.

But... when I tried to connect from another computer, my connection wasn't filtered out, and I was able to access to JMX remotely.

Here it is java invocation:

java -Dcom.sun.management.jmxremote ^
 -Dcom.sun.management.jmxremote.port=7000 ^
 -Dcom.sun.management.jmxremote.local.only=true ^
 -Dcom.sun.management.jmxremote.authenticate=false ^
 -Dcom.sun.management.jmxremote.ssl=false ^
 -cp lib/*;hns-consumer.jar it.andrearota.com.Main %1

Looks like that the option haven't been considered.

Any help?

Strohben answered 8/10, 2012 at 10:0 Comment(7)

What is the behavior if you omit the option? According to the documentation, the default is true, allowing local connections only, so the option shouldn't be needed in the first place. – Gabriellagabrielle 8/10, 2012 at 10:8

I think setting the port may be triggered 'remote' operation – Maigre 8/10, 2012 at 10:10

agree with @DaDaDom, the default value of this option should be true, see oracle.com/technetwork/java/javase/compatibility-417013.html – Journalism 8/10, 2012 at 10:14

@BrianAgnew according to docs.oracle.com/javase/1.5.0/docs/guide/management/… you are right:

... setting this property publishes an additional RMI connector in a private read-only registry at the specified port using a well known name, "jmxrmi".

– Gabriellagabrielle 8/10, 2012 at 10:19

@BrianAgnew I had to set the port, because I want to see JMX registry exposed on a well known port. – Strohben 8/10, 2012 at 10:26

@DaDaDom Right now I am developing using JDK 7, but in production we still have Java 6. So if I omit that flag from my BAT's, I am going to have the JMX exposed remotely on production. – Strohben 8/10, 2012 at 10:26

JDK 15 seems to have the same issue for me. Hmm... perhaps this bug: support.oracle.com/knowledge/Middleware/1641501_1.html – Prevot 14/1, 2021 at 18:23

I was looking for a way to restrict JMX server to accept requests only on localhost and stumbled into this question. It is possible now using the flag -Dcom.sun.management.jmxremote.host=localhost. Refer to this comment on a similar question.

Melisenda answered 27/1, 2022 at 11:11 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags