jmx客户端_Java JMX客户端示例

jmx客户端

In last tutorial we learned about JMX Basics and how can we use JConsole to manage MBeans. Today we will look into java jmx client example and role based authentication through config files.

在上一教程中，我们了解了JMX Basics，以及如何使用JConsole管理MBean 。今天，我们将研究Java jmx客户端示例和通过配置文件进行的基于角色的身份验证。

Java JMX客户端 (Java JMX Client)

Although JConsole provides a graphical view but it requires human effort to work with MBean and not suitable where you want to invoke some features of MBean periodically. For example, you have a MBean that provides the current state of application and you want to invoke it to check the state every 10 minutes. In this case, having a java program that can work as JMX Client to connect to JMX MBean server and invoke MBean operations are very useful.

尽管JConsole提供了图形化视图，但是使用MBean需要人工操作，因此不适合您需要定期调用MBean的某些功能的地方。例如，您有一个提供当前应用程序状态的MBean，并且您想调用它以每10分钟检查一次状态。在这种情况下，拥有一个可用作JMX Client的Java程序以连接到JMX MBean服务器并调用MBean操作非常有用。

JMX客户端示例 (JMX Client Example)

Here we will write a java program that can connect to MBean server and create a proxy application to invoke MBean operations. I will use the MBean application created in JMX Tutorial and use our client program to connect to MBean. Later on we will check how to make our MBean server secure using JMX Configuration files for role based access and how we can use credentials in the JMX Client to connect to MBean server with correct role.

在这里，我们将编写一个Java程序，该程序可以连接到MBean服务器并创建代理应用程序以调用MBean操作。我将使用JMX教程中创建的MBean应用程序，并使用我们的客户端程序连接到MBean。稍后，我们将检查如何使用JMX配置文件使MBean服务器安全以进行基于角色的访问，以及如何使用JMX Client中的凭据以正确的角色连接到MBean服务器。

Before writing JMX Client application, we need to know the port where MBean server is running. Also for starter, we will disable all the authentication. We can do all these by passing correct java options.

在编写JMX Client应用程序之前，我们需要知道MBean服务器运行的端口。同样对于初学者，我们将禁用所有身份验证。我们可以通过传递正确的java选项来完成所有这些操作。

So I will start my MBean with following command. Notice the java options specified for MBean server port and disabling SSL and authentication.

因此，我将使用以下命令启动我的MBean。请注意，为MBean服务器端口指定了java选项，并禁用了SSL和身份验证。

pankaj@JD:~/CODE/JavaProject/bin$ java -cp . -Dcom.sun.management.jmxremote.port=1234 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false com.journaldev.jmx.SystemConfigManagement
Thread Count=10:::Schema Name=default
Thread Count=10:::Schema Name=default
Thread Count=10:::Schema Name=default
...

JMX URL (JMX URL)

For client application to get the MBean proxy, first we need to create JMXServiceURL by passing the RMI host and port.

为了使客户端应用程序获得MBean代理，首先我们需要通过传递RMI主机和端口来创建JMXServiceURL 。

JMXServiceURL url =new JMXServiceURL("service:jmx:rmi:///jndi/rmi://" + HOST + ":" + PORT + "/jmxrmi");

After that we have to get the JMXConnector instance using it’s factory class.

之后，我们必须使用它的工厂类来获取JMXConnector实例。

JMXConnector jmxConnector = JMXConnectorFactory.connect(url);

After that we get MBeanServerConnection from the JMXConnector instance.

之后，我们从JMXConnector实例获取MBeanServerConnection 。

MBeanServerConnection mbeanServerConnection = jmxConnector.getMBeanServerConnection();

After that we get MBean proxy instance using MBeanServerInvocationHandler.

之后，我们使用MBeanServerInvocationHandler获得MBean代理实例。

//ObjectName should be same as your MBean name
ObjectName mbeanName = new ObjectName("com.journaldev.jmx:type=SystemConfig");//Get MBean proxy instance that will be used to make calls to registered MBean
SystemConfigMBean mbeanProxy =(SystemConfigMBean) MBeanServerInvocationHandler.newProxyInstance(mbeanServerConnection, mbeanName, SystemConfigMBean.class, true);

Once we get the proxy instance, we can invoke any operation exposed by the MBean.

一旦获得代理实例，就可以调用MBean公开的任何操作。

Java JMX客户端示例程序 (Java JMX Client Example Program)

Here is the complete JMX Client program that connects to the MBean server and get the SystemConfig MBean proxy instance and invoke exposed methods.

这是连接到MBean服务器并获取SystemConfig MBean代理实例并调用公开方法的完整JMX Client程序。

package com.journaldev.jmx;import java.io.IOException;
import java.util.HashMap;
import java.util.Map;import javax.management.MBeanServerConnection;
import javax.management.MBeanServerInvocationHandler;
import javax.management.MalformedObjectNameException;
import javax.management.ObjectName;
import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXServiceURL;public class SystemConfigClient {public static final String HOST = "localhost";public static final String PORT = "1234";public static void main(String[] args) throws IOException, MalformedObjectNameException {JMXServiceURL url =new JMXServiceURL("service:jmx:rmi:///jndi/rmi://" + HOST + ":" + PORT + "/jmxrmi");JMXConnector jmxConnector = JMXConnectorFactory.connect(url);MBeanServerConnection mbeanServerConnection = jmxConnector.getMBeanServerConnection();//ObjectName should be same as your MBean nameObjectName mbeanName = new ObjectName("com.journaldev.jmx:type=SystemConfig");//Get MBean proxy instance that will be used to make calls to registered MBeanSystemConfigMBean mbeanProxy =(SystemConfigMBean) MBeanServerInvocationHandler.newProxyInstance(mbeanServerConnection, mbeanName, SystemConfigMBean.class, true);//let's make some calls to mbean through proxy and see the results.System.out.println("Current SystemConfig::" + mbeanProxy.doConfig());mbeanProxy.setSchemaName("NewSchema");mbeanProxy.setThreadCount(5);System.out.println("New SystemConfig::" + mbeanProxy.doConfig());//let's terminate the mbean by making thread count as 0mbeanProxy.setThreadCount(0);//close the connectionjmxConnector.close();}
}

Before running the client application, make sure our MBean application is started with command given at start of the post.
When we will execute client application, it will print following to console.

在运行客户端应用程序之前，请确保我们的MBean应用程序已使用发布开始时给出的命令启动。
当我们执行客户端应用程序时，它将打印以下内容到控制台。

Current SystemConfig::No of Threads=10 and DB Schema Name=default
New SystemConfig::No of Threads=5 and DB Schema Name=NewSchema

If you will check terminal where our MBean application is running, you will find following output before program terminates.

如果您要检查运行我们的MBean应用程序的终端，您将在程序终止之前找到以下输出。

Thread Count=10:::Schema Name=default
Thread Count=10:::Schema Name=default
Thread Count=0:::Schema Name=NewSchema

So now we know how to write JMX Client program that can connect to remote MBean server and create MBean proxy to use attributes and operations exposed by MBean.

因此，现在我们知道如何编写可以连接到远程MBean服务器的JMX Client程序，并创建MBean代理以使用MBean公开的属性和操作。

基于JMX角色的身份验证 (JMX Role Based Authentication)

Let’s start configuring our MBean for role based authentication. For this we need to create three files.

让我们开始为基于角色的身份验证配置MBean。为此，我们需要创建三个文件。

JMX Access File: This file contains the roles and access associated with the roles. The access types are readonly or readwrite. For our purpose, create jmxremote.access file with following content.

jmxremote.access
```
myrole readwrite
```
So the role is “myrole” and it has readwrite access to the MBeans.

JMX访问文件 ：该文件包含角色和与角色相关联的访问。访问类型为readonly或readwrite 。为此，请创建具有以下内容的jmxremote.access文件。

jmxremote.access

因此，角色是“ myrole”，它具有对MBean的读写访问权限。
JMX Password File: This file contains the password of the different roles we have, the password are cleartext, so Java adds a restriction that only application owner should have read-write access on the file.
Create a file jmxremote.password with following content.

jmxremote.password
```
myrole MYP@SSWORD
```
After file is created change permission using command chmod 600 jmxremote.password.

JMX密码文件 ：此文件包含我们具有的不同角色的密码，密码为明文，因此Java添加了一个限制，即仅应用程序所有者应具有对该文件的读写访问权限。

创建具有以下内容的文件jmxremote.password 。

jmxremote.password

创建文件后，使用命令chmod 600 jmxremote.password更改权限。
JMX Management Config File: This file contains the JMX properties like port, authentication rules, SSL etc. Create a file management.properties with following content.
management.properties
```
#enable remote management of MBean
com.sun.management.jmxremote=true
com.sun.management.jmxremote.port=1234
com.sun.management.jmxremote.local.only=false#enable authentication
com.sun.management.jmxremote.authenticate=true
com.sun.management.jmxremote.password.file=/Users/pankaj/CODE/JavaProject/bin/jmxremote.password
com.sun.management.jmxremote.access.file=/Users/pankaj/CODE/JavaProject/bin/jmxremote.access#disable SSL authentication
com.sun.management.jmxremote.ssl=false
```
Notice the file path given for access file and password file.

JMX管理配置文件 ：该文件包含JMX属性，例如端口，身份验证规则，SSL等。创建具有以下内容的文件management.properties 。

management.properties

注意为访问文件和密码文件提供的文件路径。

Once all the required files are we will start our JMX MBean application with following command.

完成所有必需的文件后，我们将使用以下命令启动JMX MBean应用程序。

java -cp . -Dcom.sun.management.config.file=management.properties com.journaldev.jmx.SystemConfigManagement

Now if you will try to run our JMX Client application, it will throw following exception.

现在，如果您尝试运行我们的JMX Client应用程序，它将引发以下异常。

Exception in thread "main" java.lang.SecurityException: Authentication failed! Credentials requiredat com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticationFailure(JMXPluggableAuthenticator.java:211)at com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticate(JMXPluggableAuthenticator.java:163)at sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(ConnectorBootstrap.java:219)at javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:232)

The exception message clearly shows that we need to provide credentials to access the JMX MBean. To provide credentials we need to add following code to our client program.

异常消息清楚地表明，我们需要提供凭据才能访问JMX MBean。为了提供凭据，我们需要在客户端程序中添加以下代码。

//for passing credentials for password
Map<String, String[]> env = new HashMap<>();
String[] credentials = {"myrole", "MYP@SSWORD"};
env.put(JMXConnector.CREDENTIALS, credentials);JMXConnector jmxConnector = JMXConnectorFactory.connect(url, env);

Notice the constructor is changed to provide credentials while connecting to JMX MBean server. Now the program will run fine and produce same output as earlier.

注意，连接到JMX MBean服务器时，构造函数已更改为提供凭据。现在，程序可以正常运行，并产生与之前相同的输出。

That’s all for Java JMX Client example and JMX authentication for role based access.

Java JMX Client示例和基于角色的访问的JMX身份验证就全部解决了。

翻译自: https://www.journaldev.com/1359/java-jmx-client-example-authentication

jmx客户端