Perform the below steps to restrict the connection to unauthenticated connection to the JMX agent and monitor and manage the Java application that has enabled the agent. 

1. Stop the server.

2. Create a password file named jmxremote.password with the following entries and save it to some location in the file system.

    For example         monitorRole      mrpasswd

                                controlRole         crpasswd 

    Note: Where monitorRole and controlRole are sample role names along with their passwords. (File attached for reference) 

3. Create access file named jmxremote.access by specifying the above mentioned role names along with access privilege and save it to some location. 

   For example:      monitorRole    readonly
                            controlRole     readwrite
 

4. Edit jar file {SERVER_INSTALLATION FOLDER}\lib\qxps-common-14.0.jar  and make following changes in the file com\quark\qxps\common\JMXContext.xml. 

  • Add the following highlighted environment  property in  the already defined serverConnector bean as shown below:

 

<bean id="serverConnector" class="org.springframework.jmx.support.ConnectorServerFactoryBean" depends-on="rmiRegistry" >
 <property name="objectName" value="connector:name=rmi"/>
 <property name="serviceUrl"
 value="service:jmx:rmi://${server.machinename}:${jmx.serviceport}/jndi/rmi://${server.machinename}:${rmi.port}/jmxrmi"/>
 <property name="environment">
<map>
 <entry key="jmx.remote.x.password.file" value="C:\...\..\jmxremote.password"/>
 <entry key="jmx.remote.x.access.file" value="C:\...\..\jmxremote.access"/>
</map>
</property>
</bean>


 Modify paths of file jmxremote.password and jmxremote.access as per the saved location of these files. See screenshot below. 

5. Start the server. 

6. Now connect to JMX service through JConsole can only be made by specifying username as controlRole and password as crpasswd. It is to be observed that though we will be able to login with monitorRole as well, but operation executions are denied for users with readOnly access