Enabling JMX Access on Tomcat

I think every Java application in production should enable JMX access. Without JMX, there’s little chance to debug JVM-level problems, especially those related to out of memory errors. Even if your application doesn’t export its own MBeans for monitoring, you can still take advantage of those that come out of the box with Sun’s HotSpot VM. All you have to do is to pass some command line arguments to the virtual machine.

For example, to enable JMX for local access (that is, for an application that runs on the same machine as your JMX client) use the following option:

java -Dcom.sun.management.jmxremote OTHER_OPTIONS

Then you can use jconsole or some other JMX tool and connect to the Java process you started.

In application servers or servlet containers like Tomcat, you typically don’t execute the VM directly. Instead, there are startup scripts that set all kinds of parameters (and typically leave out JMX). The easiest way to enable JMX access on Tomcat is to set the CATALINA_OPTS environment variable for your Tomcat installation. On Unix systems, create a file setenv.sh inside Tomcat’s bin directory (next to startup.sh) with the following content:

export CATALINA_OPTS="-Dcom.sun.management.jmxremote"

The startup script reads this file and adds the option to the Java command line (this means you have to restart Tomcat, of course). If everything works, you should see the Tomcat process from your local jconsole’s process listing. On Windows systems, you can set the environment variable via setenv.bat.

Here’s an example to enable remote access:

export CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=8090 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"

From your local jconsole, you can then connect to the remote JMX agent. On the connection screen select “Remote Process” and enter hostname:8090 into the text box. Since there’s no authentication, this setup is obviously only suitable in friendly environments.

Whether this works or not also depends on your firewall setup. In many cases, JMX causes problems due to its dynamic port assignment. See the official documentation for more information on firewall issues and on how to secure JMX access for production environments.

This entry was posted in java and tagged , . Bookmark the permalink.

8 Responses to Enabling JMX Access on Tomcat

  1. Asher says:

    Tried it with Tomcat 6 and getting ‘connection refused’…. I don’t anything listening on this jmxremote port.

    • mafr says:

      Have you checked the output of ps(1)? Does the JMX switch show up on the Java command line?

      • Asher says:

        Yes, it’s there. I see it when opening jconsole (on local process), but I do not see any process listening on this port.

      • mafr says:

        I just tried it with Sun/Oracle’s JDK 1.6.0_26 on Tomcat 6.0.35 on Linux and it worked as expected. Which JDK and operating system are you using?

        Also, are you absolutely sure you use the second command line with its 3 options? Is your port number greater than 1024? Are there any error message in the logs?

  2. Asher says:

    Hi, Yes, I’m sure…. I’m in windows JDk 1.7. If I start the command java -Dcom….. -jar bootstrap.jar, Then IT’s working! but starting it thru startup.bat it’s not working (even though u see the -Dcom.su…) Have u tried it in Windows?

    • mafr says:

      No, I don’t have a Windows system available. Perhaps someone on the tomcat-users mailing list knows how to fix this.

      • Mike DuVall says:

        I think the setenv.bat for Windows is slightl wrong. Here’s what I got working with Windows:

        set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8090 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false

        (i.e. change ‘export’ to ‘set’ and remove the quotes)

  3. nouha says:

    I have tried with tomcat6 and it worked for me….thanks a lot

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s