This is the 5th post in the JVM Security focus series. A post brought to light an interesting feature of the JDK I didn’t know about: the ability to update a code running in a JVM. The referenced post shows how to apply a bugfix using that feature. The devious white hat JVM hacker in me started to think how one could apply that trick for other less beneficial purposes. And of course, how to prevent that.
This week’s post aims to describe how to send JMX metrics taken from the JVM to an Elasticsearch instance. Business app requirements The business app(s) has some minor requirements. The easiest use-case is to start from a Spring Boot application. In order for metrics to be available, just add the Actuator dependency to it: <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency&