JRebel with remote servers: new security implementation

We provide optional security for the communication protocol between the IDE and the remote server. Do keep in mind that a remote server running in your internal network (or otherwise protected by the network layer) does not really need this extra security. This guide only applies to you if you are using the extra security.

For users that do wish to use additional security, we have good news. We have re-implemented this feature, replacing the complicated public/private key configuration with a simple password.

Previously, the public key was defined in rebel-remote.xml within the deployed .war file. This meant that it would be spread around on multiple remote servers, and that it would get updated with every project redeployment. The new password-based implementation is scoped per server and does not depend on projects that are deployed to that server. It does need to be initialized on the server.

Migration instructions

The previous keypair-based security is being replaced with a more straightforward, password based security measure. The new server-side JRebel agent is able to support both new and old security implementations.

The old keypair-based security is switched on by having the public key in the deployed .war archive. New, password-based security is switched on by executing the -set-remote-password command on the remote server. If either of the security methods is detected, the server is not accessible without security enabled by the other version of the protocol. For example, enabling the password on the server means that your colleagues using the old IDE plugin versions need to start connecting to the server with public-private key security enabled.

In order to continue without the security (if you used it before), redeploy your .war, removing the public key from the server. Doing this will disable security for this project. If you did not have public-private key security enabled before, skip the redeploy step.

In order to switch over to the new security method, log on to the remote server and execute the following command:

$ java -jar jrebel.jar -set-remote-password <NewPassword>

Make sure to use the same password in the IDE JRebel remote settings.