由于权限错误无法启动 jstatd

2022-01-16 00:00:00 jvm java

我尝试在linux机器上运行jstatd jvm监控工具

I try to run jstatd jvm monitoring tool on linux machine

jboss@hostAddr:/usr/java/jdk1.6.0_18/bin> uname -a
Linux hostAddr 2.6.16.60-0.34-smp #1 SMP Fri Jan 16 14:59:01 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux

使用以下命令:

jstatd -J-Djava.security.policy=~/jstatd.all.policy

jstatd.all.policy 内容

jstatd.all.policy contents

grant codebase "file:${java.home}/../lib/tools.jar" {

   permission java.security.AllPermission;

};

不幸的是,我得到以下输出:

Unfortunately I get following output:

Could not create remote object
access denied (java.util.PropertyPermission java.rmi.server.ignoreSubClasses write)
java.security.AccessControlException: access denied (java.util.PropertyPermission java.rmi.server.ignoreSubClasses write)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.System.setProperty(System.java:725)
        at sun.tools.jstatd.Jstatd.main(Jstatd.java:122)

由于某种原因,jstatd 在具有相同命令和策略文件的 Windows 上成功运行.

For some reason jstatd runs successfully on windows with the same command and policy file.

Linux java 版本:

Linux java version:

java version "1.6.0_18"
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) 64-Bit Server VM (build 16.0-b13, mixed mode)

Windows java 版本:

Windows java version:

java version "1.6.0_26"
Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
Java HotSpot(TM) 64-Bit Server VM (build 20.1-b02, mixed mode)

推荐答案

这对我有用:

  1. 确保 tools.jar 文件存在并且运行 jstatd 命令的用户有权读取它.

  1. Make sure that tools.jar file exists and the user running the jstatd command has permissions to read it.

确保 jstatd.all.policy 中指向 tools.jar 的 URL 正确并声明了协议(在本例中为文件).例如,根据 java.home 变量指向的位置,您可能需要像这样删除路径中的 ../ 部分(我必须这样做):

Make sure that the URL in the jstatd.all.policy that points to the tools.jar is correct and declares the protocol (file in this case). For example, depending on where the java.home variable points to, you may need to remove the ../ part in the path just like this (I had to):

grant codebase "file:${java.home}/lib/tools.jar" {
   permission java.security.AllPermission;
};

  • 从 Java 1.4 开始,策略文件需要在没有 BOM 的情况下以 UTF-8 编码.EOL(CRLF vs LF)应该无关紧要.请参阅 Oracle 的默认策略实施和策略文件语法"文档,在更改"部分下了解更多信息(未提供链接,因为我没有足够的声誉点来发布超过 2 个链接,但我确定你就能找到那个文件).

  • Starting from Java 1.4 the policy file needs to be encoded in UTF-8 without BOM. The EOL (CRLF vs LF) shouldn't really matter. Please see "Default Policy Implementation and Policy File Syntax" document from Oracle, under "Changes" section for more information (link not provided because I don't have enough reputation points to post more than 2 links, but I'm sure you'll be able to find that document).

    运行 jstatd 命令时使用策略文件的绝对路径,例如

    Use an absolute path to the policy file when running the jstatd command, e.g.

    jstatd -p 12345 -J-Djava.security.policy=/absolute-path-to/jstatd.all.policy
    

    Java 1.8 中可能不再需要或支持 -J 参数,因此该命令将改为:

    The -J parameter may no longer be required or supported in Java 1.8 so this command would be instead:

    jstatd -p 12345 -Djava.security.policy=/absolute-path-to/jstatd.all.policy
    

    (感谢@lisak 指出这一点)

    (thanks @lisak for pointing this out)

    最后,一旦你通过了这一点,你可能会发现其他问题(我做过),这些帖子为我指明了正确的方向:使用 VisualVM 监控远程 JBoss 实例 和 使用 VisualVM 远程分析 JBoss.基本上,如果 1099 已在使用中,您可能需要使用 -p 参数来使用不同的端口,并通过 JAVA_OPTS 在 JBoss run.conf 中添加一些 java 选项(假设您正在监控 JBoss 实例).在提供的链接中更详细地解释了所有内容.

    Finally, once you pass this point you may find other problems (I did) and these posts pointed me in the right direction: Using VisualVM to monitor a remote JBoss instance and Remote Profiling of JBoss using VisualVM. Basically you may need to use the -p parameter to use a different port if 1099 is already in use and add some java options in the JBoss run.conf via JAVA_OPTS (assuming you are monitoring JBoss instance). All explained in more detail in the links provided.

    - 指向具有相同内容的另一个页面的使用VisualVM 监控远程JBoss 实例 的死链接.

    - Pointed dead link Using VisualVM to monitor a remote JBoss instance to another page with the same content.

  • 相关文章