By default, the JMX (mx4j) console is exposed on all installations (all components) via HTTP with only basic authentication, for ease of debugging purposes.
Default login/password for the console is nolio/nolio respectively. You can access either of them via:
For the server side:
For the agent side:
For some customers, we will find this is not acceptable in their environments due to security policies within their organization and will want to disable this.
For the Management Server side:
It can be disabled on version 4.5.x-5.0.2 by removing the httpAdaptorMgr management bean from wrapperContext.xml :
<bean name="httpAdaptorMgr" class="com.nolio.platform.server.dataservices.services.jmx.HttpAdaptorMgr"
For the Execution Server side:
It can be disabled on version 4.5.x-5.0.2 by removing the exporter management bean from execution-servlet.xml :
<bean id="exporter" class="com.nolio.platform.server.dataservices.services.jmx.HttpAdaptorMgr" depends-on="propertyConfigurer"/>
2. Remove the bean definitions that are marked in bold at the above snippets.
3. Restart the NolioServer service (Management Server and Execution Server) on Windows(run->services.msc), or Linux (via %RA_HOME%/nolio_server.sh restart) for this change to take effect.
For the Agent side:
Unfortunately there is no definitive user configurable method for achieving this until 5.5.1, whether it be in config files or otherwise. Our options here workaround wise in the interim are:
Modify $AGENT_HOME/conf/nolio.jmx.properties, set 'DeployerJMXPort=0', restart the agent service. (preferred)
Remove the HttpAdaptor MBean via WS GET call to JMX console, eg:
It has been suggested to insert the above call into the agent startup scripts as a method to have this survive an agent restart.
It is not recommended. We should try to avoid updating executable scripts on customer sites.
Add a simple FW rule on either windows(Windows firewall, etc) or Linux(iptables, etc) to filter incoming TCP traffic dst port 8282.