How to access Spring-boot JMX remotely

By default JMX is automatically accessible locally, so running jconsole locally would detect all your local java apps without port exposure.

To access an app via JMX remotely you have to specify an RMI Registry port. The thing to know is that when connecting, JMX initializes on that port and then establishes a data connection back on a random high port, which is a huge problem if you have a firewall in the middle. (“Hey sysadmins, just open up everything, mkay?”).

To force JMX to connect back on the same port as you’ve established, you have a couple of the following options. Note: you can use different ports for JMX and RMI or you can use the same port.


If you’re using Spring Boot you can put this in your (appname).conf file that lives alongside your (appname).jar deployment.

Option 2: Tomcat/Tomee configuration

Configure a JmxRemoteLifecycleListener:

Maven Jar:


Configure your server.xml:

<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
      rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" />

Option 3: configure programmatically

public class ConfigureRMI {

    private String rmiHost;

    private Integer rmiPort;

    public RmiRegistryFactoryBean rmiRegistry() {
        final RmiRegistryFactoryBean rmiRegistryFactoryBean = new RmiRegistryFactoryBean();
        return rmiRegistryFactoryBean;

    public ConnectorServerFactoryBean connectorServerFactoryBean() throws Exception {
        final ConnectorServerFactoryBean connectorServerFactoryBean = new ConnectorServerFactoryBean();
        connectorServerFactoryBean.setServiceUrl(String.format("service:jmx:rmi://%s:%s/jndi/rmi://%s:%s/jmxrmi", rmiHost, rmiPort, rmiHost, rmiPort));
        return connectorServerFactoryBean;

The trick, you’ll see, is the serviceUrl in which you specify both the jmx:rmi host/port and the jndi:rmi host/port. If you specify both, you won’t get the random high “problem”.

Edit: For JMX remoting to work, you’ll need to make a decision about authenticating. It’s better to do it in 3 distinct steps:

  1. basic setup with then
  2. add a
    password file ( See
    here for instructions. + and then
  3. set up SSL.

Leave a Comment