How to enable/disable JMX console

Document ID : KB000029126
Last Modified Date : 14/02/2018
Show Technical Document Details

By default, the JMX (mx4j) console is exposed on all installations (all components) via HTTP with only basic authentication, for ease of debugging purposes.

Default login/password for the console is nolio/nolio respectively.  You can access either of them via:

For the server side:
http://hostname:20203
For the agent side:
http://hostname:8282
 

For some customers, we will find this is not acceptable in their environments due to security policies within their organization and will want to disable this. 

 

For the Management Server side:

It can be disabled on version 4.5.x-5.0.2 by removing the httpAdaptorMgr management bean from wrapperContext.xml :

 

    1. edit:

%RA_MANAGEMENT_SERVER_HOME%/webapps/datamanagement/WEB-INF/wrapperContext.xml

===================================================
<beans>
    <bean name="httpAdaptorMgr" class="com.nolio.platform.server.dataservices.services.jmx.HttpAdaptorMgr"

          autowire="constructor"/>

</beans>

===================================================

For the Execution Server side:

It can be disabled on version 4.5.x-5.0.2 by removing the exporter management bean from execution-servlet.xml :

 

    1. edit:

%RA_EXECUTION_SERVER_HOME%/webapps/execution/WEB-INF/execution-servlet.xml

===================================================

<beans>

<bean id="exporter" class="com.nolio.platform.server.dataservices.services.jmx.HttpAdaptorMgr" depends-on="propertyConfigurer"/>

</beans>

===================================================

 

    2. Remove the bean definitions that are marked in bold at the above snippets.
    3. Restart the NolioServer service (Management Server and Execution Server) on Windows(run->services.msc), or Linux (via %RA_HOME%/nolio_server.sh restart) for this change to take effect.

       

 

For the Agent side:

 

Unfortunately there is no definitive user configurable method for achieving this until 5.5.1, whether it be in config files or otherwise.  Our options here workaround wise in the interim are:

 

  1. Modify $AGENT_HOME/conf/nolio.jmx.properties, set 'DeployerJMXPort=0', restart the agent service. (preferred)

  2. Remove the HttpAdaptor MBean via WS GET call to JMX console, eg:
    GET http://nolio:nolio@host:8282/delete?objectname=HtmlAdaptor%3Atype%3Dhtmladapter%2Cport%3D8282
    It has been suggested to insert the above call into the agent startup scripts as a method to have this survive an agent restart. 
    It is not recommended. We should try to avoid updating executable scripts on customer sites.
  3. Add a simple FW rule on either windows(Windows firewall, etc)  or Linux(iptables, etc) to filter incoming TCP traffic dst port 8282.