Setting Up JMX Manager Authentication
To force JMX clients to authenticate into the GemFire XD management system, you must configure authentication for the JMX Manager node.
- Verify that the have the jmx-manager GemFire XD property is set to true on any node that you want to be able to become a JMX Manager and authenticate clients. If this property is set to false or not specified, then all other jmx-manager-* properties are ignored.
- Create a password file that
contains entries for the user names and passwords you want to grant access to
the GemFire XD management and monitoring system. For example:
#the gemfirexdmonitor user has password Abc!@# #the gemfirexdmanager user has password 123Gh2! gemfirexdmonitor Abc!@# gemfirexdmanager 123Gh2!
- On each of your JMX Manager-enabled nodes, set the property jmx-manager-password-file to the name of the file you created in step 2. This will require clients to authenticate when connecting to a JMX Manager node in GemFire XD.
- If you wish to further
restrict access to system operations, you can also set up an access file for
the JMX Manager. The access file indicates whether the users listed in the
password file have the ability to read system MBeans (monitor the system) or
whether they can additionally modify MBeans (perform operations). For example,
you can define the following:
#the gemfirexdmonitor user has readonly access #the gemfirexdmanager user has readwrite access gemfirexdmonitor readonly gemfirexdmanager readwrite
- On each of your JMX Manager-enabled nodes, set the GemFire XD property jmx-manager-access-file to the name of the file you created in step 4. This will associate MBean permissions to the users who authenticate to the JMX Manager node in GemFire XD.
- If desired, enable SSL for your JMX Manager connections. To enable SSL, make sure the jmx-manager-port property is set to a non-zero value and set the jmx-manager-ssl property to true. Then configure all other SSL-related GemFire XD properties as described in Configuring Network Encryption and Authentication with SSL/TLS.
For more information about the format of the password and access file, see http://docs.oracle.com/javase/6/docs/technotes/guides/management/agent.html.