1. Overview
In this tutorial, we’ll explain why JMX opens three ports on startup. Additionally, we’ll show how to start JMX in Java. Afterward, we’ll show how to limit the number of opened ports.
2. JMX Definition
Let’s first define what the JMX framework is. The Java Management Extensions (JMX) framework provides a configurable, scalable, and reliable infrastructure for managing Java applications. Furthermore, it defines a concept of MBean for real-time management of the application. The framework allows managing an application locally or remotely.
3. Enable JMX in Java
Let’s now have a look at how to enable JMX. For Java version 1.5 and previous, there is a system property com.sun.management.jmxremote. An application started with that property allows connecting with JConsole from local and from remote. On the other hand, an application is not visible from JConsole when started without the property.
However, starting from Java 6 and above, the parameter is unnecessary. The application is automatically available for management after startup. Furthermore, the default configuration assigns the port automatically and exposes it only locally.
4. JMX Ports
In our examples, we’ll use Java 6 or higher. First, let’s create a class with an infinite loop. The class is doing nothing, but it allows us to check which ports are opened:
public class JMXConfiguration {
public static void main(String[] args) {
while (true) {
// to ensure application does not terminate
}
}
}
Now, we’ll compile the class and start it:
java com.baeldung.jmx.JMXConfiguration
After that, we can check which pid is assigned to the process and check ports opened by the process:
netstat -ao | grep <pid>
As a result, we’ll get a list of ports exposed by our application:
Active Connections
Proto Local Address Foreign Address State PID
TCP 127.0.0.1:55846 wujek:55845 ESTABLISHED 2604
In addition, in case of a restart, the port will change. It is assigned randomly. This functionality has been available since Java 6, which automatically exposes the application for the Java Attach API. In other words, it automatically exposes the application for JConsole connection via Local Process.
Let’s now enable remote connections by providing options to the JVM:
-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.port=1234
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
The port number is a mandatory parameter we must provide in order to expose JMX for remote connection. We disabled authentication and SSL only for testing purposes.
Now, the netstat command returns:
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:1234 wujek:0 LISTENING 11088
TCP 0.0.0.0:58738 wujek:0 LISTENING 11088
TCP 0.0.0.0:58739 wujek:0 LISTENING 11088
As we can see, the application exposed three ports. RMI/JMX exposes two ports. The third one is a random port for a local connection.
5. Limit Number of Ports Opened
First of all, we can disable exposing an application for local connection from JConsole with the -XX:+DisableAttachMechanism option:
java -XX:+DisableAttachMechanism com.baeldung.jmx.JMXConfiguration
After that, the application doesn’t expose any JMX/RMI ports.
Furthermore, starting from JDK 16, we can set the local port number:
java
-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.local.port=1235
com.baeldung.jmx.JMXConfiguration
Let’s now change the configuration and play with remote ports.
There’s an additional option -Dcom.sun.management.jmxremote.rmi.port=1234 that allows us to set the RMI port to the same value as the JMX port. Now, the full command is:
java
-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.port=1234
-Dcom.sun.management.jmxremote.rmi.port=1234
-Dcom.sun.management.jmxremote.local.port=1235
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
com.baeldung.jmx.JMXConfiguration
After that, the netstat command returns:
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:1234 wujek:0 LISTENING 19504
TCP 0.0.0.0:1235 wujek:0 LISTENING 19504
That is to say, the application exposes only two ports, one for the JMX/RMI remote connection and one for the local connection. Thanks to that, we can fully control exposed ports and avoid conflicts with ports exposed by other processes.
However, when we enable connection from remote and disable the attach mechanism:
java
-XX:+DisableAttachMechanism
-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.port=1234
-Dcom.sun.management.jmxremote.rmi.port=1234
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
com.baeldung.jmx.JMXConfiguration
Then, the application still exposes two ports:
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:1234 wujek:0 LISTENING 9856
TCP 0.0.0.0:60565 wujek:0 LISTENING 9856
6. Conclusion
In this short article, we explained how to start JMX in Java. Then, we showed which ports are opened by JMX on startup. Finally, we presented how to limit the number of ports opened by JMX.
As always, the source code of the example is available over on GitHub.