This took me a while to figure out, so here's a description of how to make use of a password-protected JMX interface with ActiveMQ (5.8 in my case).
1. Make sure your activemq.xml specifies that you actually want to allow JMX monitoring:
<managementContext> <managementContext createConnector="true" connectorPort="1098"/> </managementContext>
2. Change activemq.bat startup script to specify an explicit password files:
when you start ActiveMQ, you will probably get this error now:
Error: Password file read access must be restricted: .../conf/jmx.password
ActiveMQ requires the password file to have specific user-only permissions, see here for more information. Unfortunately this link is for Windows XP, so here's what to do on Windows 7
I've actually found two solutions, one graphical, the other one from the command line:
Solution (using Windows Explorer):
1) change the owner to be 'you' (required step!!)
Select jmx.password, Right-Mouse-Cick -> Properties -> Security -> Advanced -> Owner -> Edit
and select the single owner of this to be your username.
Note: you need to click OK and exit out of Properties for this to be effective
2) Select jmx.password, Right-Mouse-Cick -> Properties -> Security -> Advanced -> Change Permissions
- uncheck "Include inheritable permissions" and click Remove to remove all inherited permissions
- then click Add... to add read/write permissions for only your user: Enter your username as object name, and select for example 'Full Control'. Click Ok and exit out of properties.
Solution (using Windows command line):
1) open a windows command prompt in your ActiveMQ 'conf' folder.
2) use icacls (run 'icacls' without options for help) to change the owner to be 'you', in my case:
icacls jmx.password /setowner apodehl
3) remove all inherited permissions:
icacls jmx.password /inheritance:r
4) grant minimal permissions to your user (read/write in this case):
icacls jmx.password /grant:r apodehl:(r,w)