Secure Kaazing Gateway Monitoring

Kaazing Gateway monitoring is secured by an explicitly specified security realm name. The realm-name element refers to one of the named realms inside the service element.

Before You Begin

This procedure is part of Monitor the Gateway.

To Secure Management for the Gateway

  1. Open the Gateway configuration file (for example, GATEWAY_HOME/conf/gateway-config.xml) in a text editor.
  2. Add a realm and a security authorization constraint as shown in the following example for the JMX Management service:

      <service>
        <name>JMX Management</name>
        <description>JMX management service</description>
    
        <type>management.jmx</type>
    
        <properties>
          <connector.server.address>jmx://${gateway.hostname}:2020/</connector.server.address>
        </properties>
    
        <realm-name>demo</realm-name>
    
        <authorization-constraint>
          <require-role>ADMINISTRATOR</require-role>
        </authorization-constraint>
      </service>
    

Note: Password authentication over the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) is enabled by default in JMX. Consequently, you must have a digital certificate for the hostname of the Gateway in the keystore.db file used by the Gateway. In addition, access to port 2020 must be enabled in your network for the remote monitoring agent to connect to the Gateway. For information on how to create a certificate for the hostname of the Gateway, see Secure Network Traffic with the Gateway.

See Also