Tomcat Keep Listening to tcp 1099 port - McMap

About

Tomcat Keep Listening to tcp 1099 port

Asked 28/4, 2021 at 9:7 Answered 28/4, 2021 at 9:7

java tomcat tomcat8 rmi jmx

E

0

0

I have application deployed on tomcat 8.5.63 version and Java 1.8 version. Whenever I am deploying the application tomcat is opening up tcp port 1099 for JMX rmi by default. And to which I am able to connect without any authentication from remote client using jvisualvm tool. I don't want that port to get opened up by default. I have tried changing the various jvm arguments based on other solution in SO but no luck. Given below are the recent configuration which I have tried.

CATALINA_OPTS="-Xms512m -Xmx1024m -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=16105 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.login.config=Tomcat -Djava.security.auth.login.config=$CATALINA_HOME/login.config -Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access -Dcom.sun.management.jmxremote.rmi.port=16106

I have specifically mentioned the -Dcom.sun.management.jmxremote.rmi.port=16106 to be used for JMX rmi but not able to understand why it still listening to port 1099. Please advise.

Note: I did saw some answers mentioning to pass XX:+DisableAttachMechanism as jvm argument to block jxm. But what if we want to have have jxm also enabled and default port(1099) should not be used.

Emmyemmye answered 28/4, 2021 at 9:7 Comment(13)

How do you start Tomcat? Through the catalina.sh/startup.sh scripts or in a different way? – Girdle 28/4, 2021 at 10:11

Using start Script only. – Emmyemmye 28/4, 2021 at 10:19

Then check if any of the scripts contains other com.sun.management properties (except those you gave in your question) and whether the default management.properties file (in the JRE installation folder) does not provide the port 1099. There is no default port for JMX. – Girdle 28/4, 2021 at 10:26

I checked there are no other properties other than mentioned in question. Also I verified management.properties file as well, it does not provide 1099. And yes JMX does not have default port but for RMI 1099 port is default If I am not wrong. – Emmyemmye 28/4, 2021 at 10:48

By default the RMI port is 0, i.e. random. You can add logProps="true" to the <VersionLoggerListener> in your server.xml to check what are the actual system properties values when Tomcat starts. – Girdle 28/4, 2021 at 11:15

Possible duplicate of #65323867 – Motherly 28/4, 2021 at 21:27

@ChristopherSchultz: I did check your answer there but even when I am passing -Dcom.sun.management.jmxremote.rmi.port=16106 the port 1099 is still open. Also I tried to pass XX:+DisableAttachMechanism as well but still the same issue. Please advise. – Emmyemmye 29/4, 2021 at 7:4

Did you try directing Tomcat to set the port for you? – Motherly 29/4, 2021 at 19:30

So is this question answered yet? I have same issue. Port 1099 is unauthenticated. It is clearly security vulnerability. Whats the point of defining "-Dcom.sun.management.jmxremote.port" and enabling authentication on it, when you can simply connect on port 1099. 1099 is wide open, which shouldnt be. – Doerr 15/6, 2021 at 5:3

Correct even I am still facing the same issue. There is no answer yet for this. – Emmyemmye 16/6, 2021 at 12:26

@GauravParek Did you find any solution for this ? I am facing same issue ? – Pagurian 21/1, 2022 at 15:10

@Yogi_NE Did you find any solution for this ? I am facing same issue ? – Pagurian 21/1, 2022 at 15:11

No, this question is still open. – Doerr 26/1, 2022 at 16:51

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.