2.4.12 Disable Remote Access to the JVM Platform MBean Server

This topic provides information on disable remote access to the JVM platform MBean server.

The MBean server provided by the JDK provides details in MBeans, containing information about the JVM that is useful for monitoring the JVM process.

Besides the JVM’s platform MBean server, Oracle provides three other MBean servers – the Domain Runtime MBean server, Runtime MBean server and the Edit MBean server. It is possible to configure the Runtime MBean server (that is available on each managed server) as the platform MBean server, allowing JMX clients to access not only the JVM MBeans, but also the WebLogic Server MBeans.

If the Runtime MBean server of WebLogic has been configured as the platform MBean server, enabling remote access creates an access path that is no longer secured by the WebLogic Server Security Framework, but instead by the security features of the Java platform alone. In such a case where remote access to the platform MBean server (and the runtime MBean server) is required, it is recommended that JMX clients access the MBeans via the Runtime MBean server.

Oracle Financial Services recommends that changes once done in this regard, be tested thoroughly for impact on business continuity.