JMX Support (Sun Java System Message Queue 4.1 Release Notes)

Sun Java System Message Queue 4.1 Release Notes

JMX Support

A new API has been added for configuring and monitoring Message Queue brokers in conformance with the Java Management Extensions (JMX) specification. Using this API, you can configure and monitor broker functions programmatically from within a Message Queue client application. In earlier versions of Message Queue, these functions were accessible only from the command line or the Administration Console.

The API consists of a set of JMX Managed Beans (MBeans) for managing the following Message Queue–related resources:

Message brokers
Connection services
Connections
Destinations
Message producers
Message consumers
Transactions
Broker clusters
Logging
The Java Virtual Machine (JVM)

These MBeans provide attributes and operations for synchronously polling and manipulating the state of the underlying resources, as well as notifications that allow a client application to listen for and respond asynchronously to state changes as they occur. Using the JMX API, client applications can perform configuration and monitoring tasks like the following:

Set a broker's port number
Set a broker's maximum message size
Pause a connection service
Set the maximum number of threads for a connection service
Get the current number of connections on a service
Destroy a connection
Create a destination
Destroy a destination
Enable or disable auto-creation of destinations
Purge all messages from a destination
Get the cumulative number of messages received by a destination since the broker was started
Get the current state (running or paused) of a queue
Get the current number of message producers for a topic
Purge all messages from a durable subscriber
Get the current JVM heap size

For an introduction to the JMX API and for complete reference information, see the Sun Java System Message Queue 4.1 Developer’s Guide for JMX Clients.

Broker Support: JMX-Related Properties

Several new broker properties have been added to support the JMX API (see Table 1–3). None of these properties can be set from the command line with the Message Queue Command utility (imqcmd). Instead, they can either be set with the -D option of the Broker utility (imqbrokerd) or edited by hand in the broker's instance configuration file (config.properties). In addition, some of these properties (imq.jmx.rmiregistry.start, imq.jmx.rmiregistry.use, imq.jmx.rmiregistry.port) can be set with the new Broker utility options described in Table 1–4. The table lists each option, specifies its type, and describes its use.

Table 1–3 New Broker Properties for JMX Support


Property	Type	Description
`imq.jmx.rmiregistry.start`	`Boolean`	Specifies whether to start RMI registry at broker startup. If `true`, the broker will start an RMI registry at the port specified by `imq.jmx.rmiregistry.port` and use it to store the RMI stub for JMX connectors. Note that the value of `imq.jmx.rmiregistry.use` is ignored in this case. Default value: `false`
`imq.jmx.rmiregistry.use`	`Boolean`	Specifies whether to use an external RMI registry. Applies only if `imq.jmx.rmiregistry.start` is `false`. If `true`, the broker will use an external RMI registry at the port specified by `imq.jmx.rmiregistry.port` to store the RMI stub for JMX connectors. The external RMI registry must already be running at broker startup. Default value: `false`
`imq.jmx.rmiregistry.port`	`Integer`	Port number of RMI registry Applies only if `imq.jmx.rmiregistry.start` or `imq.jmx.rmiregistry.use` is `true`. JMX connectors can then be configured to use the RMI registry by including this port number in the URL path of their JMX service URLs. Default value: `1099`
`imq.jmx.connector.list`	`String`	Names of preconfigured JMX connectors, separated by commas Default value: `jmxrmi,ssljmxrmi`
`imq.jmx.connector.activelist`	`String`	Names of JMX connectors to be activated at broker startup, separated by commas Default value: `jmxrmi`
`imq.jmx.connector.connectorName.urlpath`	`String`	`urlPath` component of JMX service URL for connector `connectorName` Useful in cases where the JMX service URL path must be set explicitly (such as when a shared external RMI registry is used). Default value: If an RMI registry is used to store the RMI stub for JMX connectors (that is, if `imq.jmx.registry.start` or `imq.jmx.registry.use` is `true`) /jndi/rmi://`brokerHost`:`rmiPort` /`brokerHost`/`brokerPort`/`connectorName` If an RMI registry is not used (the default case, `imq.jmx.registry.start` and `imq.jmx.registry.use` both `false`): /stub/`rmiStub` where `rmiStub` is an encoded and serialized representation of the RMI stub itself
`imq.jmx.connector.connectorName.useSSL`	`Boolean`	Specifies whether to use a Secure Socket Layer (SSL) for connector `connectorName`. Default value: `false`
`imq.jmx.connector.connectorName.brokerHostTrusted`	`Boolean`	Specifies whether to trust any certificate presented by broker for connector `connectorName`. Applies only when `imq.jmx.connector.connectorName.useSSL` is `true`. If `false`, the Message Queue client runtime will validate all certificates presented to it. Validation will fail if the signer of the certificate is not in the client's trust store. If `true`, validation of certificates is skipped. This can be useful, for instance, during software testing when a self-signed certificate is used. Default value: `false`

The imq.jmx.connector.list property defines a set of named JMX connectors to be created at broker startup; imq.jmx.connector.activelist specifies which of these are to be activated. Each named connector then has its own set of properties:

imq.jmx.connector.connectorName.urlpath

imq.jmx.connector.connectorName.useSSL

imq.jmx.connector.connectorName.brokerHostTrusted

By default, two JMX connectors are created, named jmxrmi and ssljmxrmi; the first is configured not to use SSL encryption (imq.jmx.connector.jmxrmi.useSSL = false, the second to use it (imq.jmx.connector.ssljmxrmi.useSSL = true). By default, only the jmxrmi connector is activated at broker startup; see SSL Support for JMX Clients for information on how to activate the ssljmxrmi connector for secure communications.

For convenience, new options (Table 1–4) are also added to the command-line Broker utility (imqbrokerd) to control the usage, startup, and port for the RMI registry. The use and effects of these options are the same as those of the equivalent broker properties, as described in Table 1–3. The table lists each option, specifies its equivalent broker property, and describes its use.

Table 1–4 New Broker Utility Options for JMX Support


Option	Equivalent Broker Property	Description
`-startRmiRegistry`	`imq.jmx.rmiregistry.start`	Specifies whether to start RMI registry at broker startup.
`-useRmiRegistry`	`imq.jmx.rmiregistry.use`	Specifies whether to use external RMI registry.
`-rmiRegistryPort`	`imq.jmx.rmiregistry.port`	The port number of RMI registry

A new subcommand (Table 1–5) is added to the command-line Command utility (imqcmd) for listing the JMX service URLs of JMX connectors created and started at broker startup. This information is needed by JMX clients that do not use the Message Queue convenience class AdminConnectionFactory to obtain their JMX connectors, and can also be used for managing or monitoring Message Queue via a generic JMX browser such as the Java Monitoring and Management Console (jconsole).

Table 1–5 New Command Utility Subcommand


Subcommand	Description
`list jmx`	List JMX service URLs of JMX connectors

SSL Support for JMX Clients

As mentioned above, a Message Queue message broker is configured by default for insecure communication using the preconfigured JMX connector jmxrmi. Applications wishing to use the Secure Socket Layer (SSL) for secure communication must activate the alternate, secure JMX connector, ssljmxrmi. This requires the following steps:

Obtain and install a signed certificate in the same way as for the ssljms, ssladmin, or cluster connection service, as described in the Message Queue Administration Guide.
Install the root certification authority certificate in the trust store if necessary.
Add the ssljmxrmi connector to the list of JMX connectors to be activated at broker startup:

imq.jmx.connector.activelist=jmxrmi,ssljmxrmi
Start the broker with the Message Queue Broker utility (imqbrokerd), either passing it the key-store password in a password file or typing it from the command line when prompted.
By default, the ssljmxrmi connector (or any other SSL-based connector) is configured to validate all broker SSL certificates presented to it. To avoid this validation (for instance, when using self-signed certificates during software testing), set the broker property imq.jmx.connector.ssljmxrmi.brokerHostTrusted to true.

On the client side, the administrator connection factory (AdminConnectionFactory) must be configured with a URL specifying ssljmxrmi as the preferred connector:

AdminConnectionFactory  acf = new AdminConnectionFactory();
acf.setProperty(AdminConnectionConfiguration.imqAddress, "mq://myhost:7676/ssljmxrmi");

If needed, use the system properties javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword to point the JMX client to the trust store.