Postinstallation Tasks in Tomcat

Due to a behavior change in the latest Apache Tomcat versions, you will need to perform the following steps:

  1. Open the file <DENODO_HOME>/resources/apache-tomcat/conf/server.xml in an editor.
  1. Add the following attribute to all the Connector elements: relaxedQueryChars="[]" if needed. Note that some of the Connector elements may have already been automatically updated.

By default, JMX authentication is not enabled for Apache Tomcat. This means that unauthenticated users can make JMX connections to Tomcat. Note that by default this can only be achived by users that are connected to the same host where Tomcat is running (this depends on the value of property com.denodo.tomcat.jmx.rmi.host in <DENODO_HOME>/resources/apache-tomcat/conf/tomcat.properties, which is localhost by default). If you wish to enable the authentication of JMX connections on Apache Tomcat:

  1. Edit the file <DENODO_HOME>/resources/apache-tomcat/conf/tomcat.properties and set the property com.denodo.tomcat.jmx.auth.enabled to true.
  1. Set up the contents of the file referenced by com.denodo.tomcat.jmx.auth.access.file (by default, <DENODO_HOME>/resources/apache-tomcat/conf/jmxremote.access). The access file must contain an entry for a controlRole role with a readwrite access level. Any other role definitions are optional. See https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html for details on JMX access files.

  2. Set up the contents of the file referenced by com.denodo.tomcat.jmx.auth.password.file (by default, <DENODO_HOME>/resources/apache-tomcat/conf/jmxremote.password). The password file must contain an entry for the controlRole role and any other roles defined in the access file. See https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html for details on JMX password files.

  3. Update the privileges of the password file so it can only be read by the same user that is going to start the Denodo servers and tools. To do this, execute these commands (the following examples reference the default password file):

    1. On Linux, run the following from the user account that starts the Denodo servers:
    chmod 600 <DENODO_HOME>/resources/apache-tomcat/conf/jmxremote.password
    
    1. On Windows, open a command line as an administrator and run these commands (replace <denodo_user> with the user account with which the Denodo servers are started):
    cd <DENODO_HOME>\resources\apache-tomcat\conf\
    icacls jmxremote.password /setowner <denodo_user>
    icacls jmxremote.password /grant <denodo_user>:F
    icacls jmxremote.password /inheritance:r