About this task
Terracotta can use the standard Java security
mechanisms for JMX authentication, which relies on the creation of
.access and
.password files
with correct permissions. The default location for these files for JDK 1.5 or
higher is
$JAVA_HOME/jre/lib/management.
To configure security using
JMX authentication, follow these steps:
Procedure
-
Ensure that the desired usernames and
passwords for securing the target servers are in the JMX password file
jmxremote.password and that the
desired roles are in the JMX access file
jmxremote.access.
-
If both
jmxremote.access and
jmxremote.password are in the
default location ($JAVA_HOME/jre/lib/management),
add the following configuration to each <server> block in the Terracotta
configuration file:
<server host="myHost" name="myServer" jmx-enabled="true">
...
<authentication />
...
</server>
-
If
jmxremote.password is not in the
default location, add the following configuration to each <server> block
in the Terracotta configuration file:
<server host="myHost" name="myServer" jmx-enabled="true">
...
<authentication>
<mode>
<password-file>/path/to/jmx.password</password-file>
</mode>
</authentication>
...
</server>
-
If
jmxremote.access is not in the
default location, add the following configuration to each <server> block
in the Terracotta configuration file:
<server host="myHost" name="myServer" jmx-enabled="true">
...
<authentication>
<mode>
<password-file>/path/to/jmxremote.password</password-file>
</mode>
<access-file>/path/to/jmxremote.access</access-file>
</authentication>
...
</server>
Results
If the JMX password file is not found when the
server starts up, an error is logged stating that the password file does not
exist.