我在 JBoss EAP 上面临 JMX 连接问题
我的运行时环境:(Linux 操作系统)- 在 Open JDK 11.0.19 (OpenLogic) 上运行的启用 SSL 的 JBoss EAP 7.4.10.GA & 管理控制台通过 LDAPS 服务器进行保护。
JMX 客户端:使用在同一台 Linux 计算机上运行的 OpenJDK 12 时工作正常。将 Java 从 12 升级到 17 时(OpenJDK 运行环境 Temurin-17.0.8+70 ),JMX 连接失败并出现以下异常。
注意:Jboss-cli-client.jar 添加到类路径中
如何解决?
Oct 27, 2023 10:01:31 AM org.xnio.Xnio <clinit>
INFO: XNIO version 3.3.1.Final
Oct 27, 2023 10:01:31 AM org.xnio.nio.NioXnio <clinit>
INFO: XNIO NIO Implementation Version 3.3.1.Final
Oct 27, 2023 10:01:31 AM org.jboss.remoting3.EndpointImpl <clinit>
INFO: JBoss Remoting version 5.0.20.Final
Oct 27, 2023 10:01:31 AM org.jboss.remotingjmx.Util warnDeprecated
WARN: The protocol 'https-remoting-jmx' is deprecated, instead you should use 'remote+https'.
Oct 27, 2023 10:01:31 AM org.jboss.remoting3.remote.RemoteConnection handleException
ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:114)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:453)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:243)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:199)
at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:113)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)
at ...asynchronous invocation...(Unknown Source)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:272)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:253)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:351)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:335)
at org.jboss.remotingjmx.RemotingConnector.internalRemotingConnect(RemotingConnector.java:239)
at org.jboss.remotingjmx.RemotingConnector.internalConnect(RemotingConnector.java:158)
at org.jboss.remotingjmx.RemotingConnector.connect(RemotingConnector.java:105)
at java.management/javax.management.remote.JMXConnectorFactory.connect(Unknown Source)
at JavaInstrumentation$1.run(JavaInstrumentation.java:845)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
更新
服务器上使用的 JVM 选项
JAVA_OPTS: -server -Xlog:gc*:file="/opt/app/logs/eap/gc.log":time,uptimemillis:filecount=5,filesize=3M -Xms4096m -Xmx4096m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=2048m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/opt/app/jboss/Dumps/HeapDumps/ --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED --add-exports=java.desktop/sun.awt=ALL-UNNAMED --add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-exports=java.naming/com.sun.jndi.url.ldap=ALL-UNNAMED --add-exports=java.naming/com.sun.jndi.url.ldaps=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.security=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.management/javax.management=ALL-UNNAMED --add-opens=java.naming/javax.naming=ALL-UNNAMED
JMX 客户端上使用的 JVM 选项
[-Xrs, -XX:+SuppressFatalErrorMessage, -Xss2m, -Djavax.xml.soap.SAAJMetaFactory=com.sun.xml.messaging.saaj.soap.SAAJMetaFactoryImpl, -XX:ErrorFile=/dev/null, -XX:HeapDumpPath=/dev/null, -XX:-CreateCoredumpOnCrash, --add-opens=java.management/sun.management=ALL-UNNAMED, --add-opens=java.base/java.lang=ALL-UNNAMED, -Xmx512m, -Dsun.net.inetaddr.ttl=900, -Dhttp.keepAlive=false, -Djdk.http.auth.tunneling.disabledSchemes=, -Doracle.jdbc.timezoneAsRegion=false]
客户端有什么需要额外添加的吗? ?
客户端和服务器在建立 TLS 连接时协商要使用的密码。从 Java 12 迁移到 17 改变了这个列表。
您可以通过Atlassian提供的Ciphers.java查看您的客户端支持什么。使用两个 JVM 运行脚本。
将该列表与 Openssl 服务器支持的密码列表进行比较。 如果可以的话,将服务器升级到现代密码是正确的选择。