Typically, a client would connect to a JMX enabled server using a URL similar to this:
This basically tells the client to connect to a JMX server on the specified host and port over RMI. At least, that’s what you’d expect right? Well, the reality is a little different. When the client connects to host over that port, the JMX server responds with something like “Ok, I got your connect request on port1, now you can connect on port2” and accordingly to this blog post, port2 is chosen randomly.
Why is this problematic? Imagine trying to administer your JMX enabled server through a firewall where a predetermined number of ports are open. You can see how random port2 makes life quite difficult. So what can you do? JMXMP comes to rescue. There’s not much info on JMXMP out there but according to JavaDocs:
The JMX Messaging Protocol (JMXMP) connector is a configuration of the generic connector where the transport protocol is based on TCP and the object wrapping is native Java serialization. Security is more advanced than for the RMI connector. Security is based on the Java Secure Socket Extension (JSSE), the Java Authentication and Authorization Service (JAAS), and the Simple Authentication and Security Layer (SASL).
It looks like JMXMP is not only better in terms of getting rid of random ports but it has better security. The only caveat is that JMXMP connector is optional (i.e. JDK does not include it by default). All you have to do is Google for the download page for
jmxremote_optional.jar from Oracle or if you’re a Maven user, simply add the following to your
Once you have
jmxremote_optional.jar in classpath of your client and server, you can connect your client to your JMX server using a URL like this with your own host and port:
The URL looks much cleaner than RMI, the port you specify is the only port you need to worry about and it’s more secure. I have no idea why JMXMP is not the default connector in JMX.