Java Top

Get started with Spring 5 and Spring Boot 2, through the Learn Spring course:

> CHECK OUT THE COURSE

1. Overview

In this tutorial, we'll explain why JMX opens three ports on startup. Additionally, we'll show how to start JMX in Java. Afterward, we'll show how to limit the number of opened ports.

2. JMX Definition

Let's first define what the JMX framework is. The Java Management Extensions (JMX) framework provides a configurable, scalable, and reliable infrastructure for managing Java applications. Furthermore, it defines a concept of MBean for real-time management of the application. The framework allows managing an application locally or remotely.

3. Enable JMX in Java

Let's now have a look at how to enable JMX. For Java version 1.5 and previous, there is a system property com.sun.management.jmxremote. An application started with that property allows connecting with JConsole from local and from remote. On the other hand, an application is not visible from JConsole when started without the property.

However, starting from Java 6 and above, the parameter is unnecessary. The application is automatically available for management after startup. Furthermore, the default configuration assigns the port automatically and exposes it only locally.

4. JMX Ports

In our examples, we'll use Java 6 or higher. First, let's create a class with an infinite loop. The class is doing nothing, but it allows us to check which ports are opened:

public class JMXConfiguration {

    public static void main(String[] args) {
        while (true) {
            // to ensure application does not terminate
        }
    }
}

Now, we'll compile the class and start it:

java com.baeldung.jmx.JMXConfiguration

After that, we can check which pid is assigned to the process and check ports opened by the process:

netstat -ao | grep <pid>

As a result, we'll get a list of ports exposed by our application:

Active Connections
Proto  Local Address          Foreign Address        State           PID
TCP    127.0.0.1:55846        wujek:55845            ESTABLISHED     2604

In addition, in case of a restart, the port will change. It is assigned randomly. This functionality has been available since Java 6, which automatically exposes the application for the Java Attach API. In other words, it automatically exposes the application for JConsole connection via Local Process.

Let's now enable remote connections by providing options to the JVM:

-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.port=1234
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false

The port number is a mandatory parameter we must provide in order to expose JMX for remote connection. We disabled authentication and SSL only for testing purposes.

Now, the netstat command returns:

Proto  Local Address    Foreign Address State       PID
TCP    0.0.0.0:1234     wujek:0         LISTENING   11088
TCP    0.0.0.0:58738    wujek:0         LISTENING   11088
TCP    0.0.0.0:58739    wujek:0         LISTENING   11088

As we can see, the application exposed three ports. RMI/JMX exposes two ports. The third one is a random port for a local connection.

5. Limit Number of Ports Opened

First of all, we can disable exposing an application for local connection from JConsole with the -XX:+DisableAttachMechanism option:

java -XX:+DisableAttachMechanism com.baeldung.jmx.JMXConfiguration

After that, the application doesn't expose any JMX/RMI ports.

Furthermore, starting from JDK 16, we can set the local port number:

java 
  -Dcom.sun.management.jmxremote=true 
  -Dcom.sun.management.jmxremote.local.port=1235 
  com.baeldung.jmx.JMXConfiguration

Let's now change the configuration and play with remote ports.

There's an additional option -Dcom.sun.management.jmxremote.rmi.port=1234 that allows us to set the RMI port to the same value as the JMX port. Now, the full command is:

java 
  -Dcom.sun.management.jmxremote=true 
  -Dcom.sun.management.jmxremote.port=1234 
  -Dcom.sun.management.jmxremote.rmi.port=1234 
  -Dcom.sun.management.jmxremote.local.port=1235 
  -Dcom.sun.management.jmxremote.authenticate=false 
  -Dcom.sun.management.jmxremote.ssl=false 
  com.baeldung.jmx.JMXConfiguration

After that, the netstat command returns:

Proto  Local Address    Foreign Address State       PID
TCP    0.0.0.0:1234     wujek:0         LISTENING   19504
TCP    0.0.0.0:1235     wujek:0         LISTENING   19504

That is to say, the application exposes only two ports, one for the JMX/RMI remote connection and one for the local connection. Thanks to that, we can fully control exposed ports and avoid conflicts with ports exposed by other processes.

However, when we enable connection from remote and disable the attach mechanism:

java 
  -XX:+DisableAttachMechanism 
  -Dcom.sun.management.jmxremote=true 
  -Dcom.sun.management.jmxremote.port=1234 
  -Dcom.sun.management.jmxremote.rmi.port=1234 
  -Dcom.sun.management.jmxremote.authenticate=false 
  -Dcom.sun.management.jmxremote.ssl=false 
  com.baeldung.jmx.JMXConfiguration

Then, the application still exposes two ports:

Proto Local Address     Foreign Address     State       PID
TCP   0.0.0.0:1234      wujek:0             LISTENING   9856
TCP   0.0.0.0:60565     wujek:0             LISTENING   9856

6. Conclusion

In this short article, we explained how to start JMX in Java. Then, we showed which ports are opened by JMX on startup. Finally, we presented how to limit the number of ports opened by JMX.

As always, the source code of the example is available over on GitHub.

Java bottom

Get started with Spring 5 and Spring Boot 2, through the Learn Spring course:

>> CHECK OUT THE COURSE
Generic footer banner
2 Comments
Oldest
Newest
Inline Feedbacks
View all comments
Comments are closed on this article!