JMX configuration security features
Sensitive information can be exposed through JMX and Java. Tomcat and Spotfire Server provide management capabilities to restrict access through authentication, authorization, and encryption security features. Also, as a security measure, the JMX RMI connector is disabled by default, so the administrator must enable it.
Security feature | Description | Default setting |
---|---|---|
Authentication | Spotfire Server applies the existing database authentication mechanism using a separate database table. Passwords are obscured with hash marks. you can use the same principal names across an entire Spotfire Server cluster. | Enabled. |
Authorization | You can configure authorization to specify the level of user permissions.
JMX accounts and credentials are separated from Spotfire accounts and credentials. The JMX accounts are used only for monitoring. |
Enabled.
Note: Authorization works only with the default authentication implementation.
|
Encryption | You can configure the Remote Method Invocation (RMI) connector to encrypt the traffic using Transport Layer Security (TLS). This configuration is recommended; otherwise, user names and passwords are transmitted in plain text. | Not enabled.
Note: Encryption configuration requires a certificate.
|
Firewall | You can configure a firewall to allow traffic to the desired ports. | The RMI registry and the RMI connector share a common port (1099) to simplify firewall configuration. |
Parent topic: Server monitoring using JMX