JMX configuration security features

Sensitive information can be exposed through JMX and Java. Tomcat and Spotfire Server provide management capabilities to restrict access through authentication, authorization, and encryption security features. Also, as a security measure, the JMX RMI connector is disabled by default, so the administrator must enable it.


Security feature	Description	Default setting
Authentication	Spotfire Server applies the existing database authentication mechanism using a separate database table. Passwords are obscured with hash marks. you can use the same principal names across an entire Spotfire Server cluster.	Enabled.
Authorization	You can configure authorization to specify the level of user permissions. If a user has only read permissions, the user can only read attribute values. If a user has read-and-write permissions, the user can read and modify any writable attributes. JMX accounts and credentials are separated from Spotfire accounts and credentials. The JMX accounts are used only for monitoring.	Enabled. Note: Authorization works only with the default authentication implementation.
Encryption	You can configure the Remote Method Invocation (RMI) connector to encrypt the traffic using Transport Layer Security (TLS). This configuration is recommended; otherwise, user names and passwords are transmitted in plain text.	Not enabled. Note: Encryption configuration requires a certificate.
Firewall	You can configure a firewall to allow traffic to the desired ports.	The RMI registry and the RMI connector share a common port (1099) to simplify firewall configuration. For Information Services this common port is 1100.