Beruflich Dokumente
Kultur Dokumente
Contents
1.Java EE Overview and Architecture ........................................................................................................... 7
1.1. What is Java EE? ................................................................................................................................. 7
1.2. Open and Standard-based ................................................................................................................. 7
Some of Java EE Application Servers available on the market today: .......................................................... 7
1.3. Multi-tier ............................................................................................................................................ 7
Figure 1. Multi-tier Architecture ............................................................................................................... 8
1.4. Web-Enabled...................................................................................................................................... 8
1.5. Server Centric ..................................................................................................................................... 9
1.6. Component-Based Distributed Architecture ..................................................................................... 9
1.7. Enterprise Applications .................................................................................................................... 10
1.8. Java EE Services ................................................................................................................................ 11
Java EE Application Server handles:.................................................................................................... 11
2. Overview of JBoss Application Server ..................................................................................................... 11
2.1. JBoss Organization ........................................................................................................................... 11
2.2. JBoss AS Background ........................................................................................................................ 11
2.3. Highlights of JBoss AS....................................................................................................................... 12
2.4. What is new in JBoss AS 5? .............................................................................................................. 12
2.5. JBoss AS Architecture ....................................................................................................................... 13
2.6. JBoss Microcontainer Layer ............................................................................................................. 14
2.7. Services Layer................................................................................................................................... 14
2.8. Aspect Layer ..................................................................................................................................... 15
2.9. Application Layer ............................................................................................................................. 15
2.10. JBoss AS Services ............................................................................................................................ 15
2.11. JBoss AS Requirements .................................................................................................................. 16
3. Installing JBoss AS ................................................................................................................................... 16
3.1. Getting and Installing Java ............................................................................................................... 16
3.2. Configuring Java ............................................................................................................................... 16
3.3. Getting JBoss AS ............................................................................................................................... 17
How to build from source? ..................................................................................................................... 17
3.4. Installing JBoss AS 5 ......................................................................................................................... 17
RISE ‘N’ SHINE TECHNOLOGIES
403, koushik sai rama residency, beside icici bank lane,SR Nagar.
Ph: 040-65574999, 9010505808
3
1.3. Multi-tier
Client Tier usually consists of thin clients like web browsers and it makes the
request into the Web Tier over HTTP.
Client Tier (B2B) is a set of external applications that makes requests into the
Business Tier through Web Services over SOAP or directly through Java’s
RMI.
Web Tier is usually implemented with Servlets, JSPs, and simple JavaBeans,
based on the Model-View-Controller design pattern.
Business Tier is composed of EJBs and/or plain old Java objects (POJOs).
Data Access Tier is either managed by the applications (e.g. BMP, DAO), O/R
mapping tools (e.g. Hibernate), or through Container Managed Persistence
(CMP).
Connector/Messaging Tier allows asynchronous access to legacy systems or
other external systems.
Legacy/External Tier consists of enterprise information systems.
Data Tier is usually composed of RDBMS and/or LDAP Directory Servers.
1.4. Web-Enabled
Java EE applications and services are built out of components that can run in a
single or multiple (distributed) Java EE Application Server instances.
1.7. Enterprise Applications
Note
JBoss AS 5 has passed the Java EE 5 Technology Compatibility Kit (TCK) test suite
(100%).
3. Installing JBoss AS
Note
You can either download jboss-<version>.zip or jboss-<version>-jdk6.zip
depending on the version of Java you installed. Generally, Java 6 is preferred as it
is faster, offers better management features, and it is backwards compatible with
Java 5.
Note
common/ lgpl.html
${jboss.home.dir}/bin
${jboss.home.dir}/client
${jboss.home.dir}/common
${jboss.home.dir}/docs
${jboss.home.dir}/lib
${jboss.home.dir}/server
run.bat twiddle.jar
Note
We will use the client/ directory later with some clients (like JMS) that will
run outside the JBoss AS.
Do not place your own files here or remove any of the existing files
As an example, you’ll find here the JBoss Micro container and the old JMX
kernel.
To change the configuration set that JBoss AS runs with, execute: bin/run.sh -c
<configuration-set>
For example:
bin/run.sh -c minimal
bin/run.sh -c all
Configuration sets:
minimal/
Includes support for JNDI and logging. It does not contain any other J2EE
services like Servlet/JSP container, EJB container, or JMS.
Can serve as a starting point when creating your own configuration sets
default/
As the name implies, this is the default Java EE 5 configuration. Contains the
most used services except JAXR, IIOP and clustering services.
all/
This configuration extends the default configuration set and also include JAXR,
IIOP and clustering services
standard/
Note
web/
Note
Each configuration set has to have at least the following four directories:
conf/, deploy/, deployers/, and lib/. Other (referenced) directories such as
data/, log/, tmp/, and work/ are automatically created on JBoss AS startup if
they do not exist.
bindingservice.beans/ jbossts-properties.xml
bootstrap/ jndi.properties
bootstrap.xml login-config.xml
java.policy props/
jax-ws-catalog.xml standardjboss.xml
jboss-log4j.xml standardjbosscmp-jdbc.xml
jboss-service.xml xmdesc/
Important
Any changes to files in this directory require a full server restart in order to
take effect.
hypersonic/ wsdl/
tx-object-store/ xmbean-attrs/
Note
Unless you use Hypersonic DB, the contents of this directory (including the
directory itself) can be cleared (deleted) between JBoss restarts.
CurrencyConverterApp.ear jsr88-service.xml
ROOT.war/ legacy-invokers-service.xml
admin-console.war/ mail-ra.rar
cache-invalidation-service.xml mail-service.xml
ejb2-container-jboss-beans.xml management/
ejb2-timer-service.xml messaging/
ejb3-connectors-jboss-beans.xml monitoring-service.xml
ejb3-container-jboss-beans.xml my-ws.war
ejb3-interceptors-aop.xml printservice.sar/
ejb3-timerservice-jboss-beans.xml profileservice-jboss-beans.xml
fortune.war/ profileservice-secured.jar/
hdscanner-jboss-beans.xml properties-service.xml
hsqldb-ds.xml quartz-ra.rar
http-invoker.sar/ remoting-jboss-beans.xml
jboss-local-jdbc.rar schedule-manager-service.xml
jboss-xa-jdbc.rar scheduler-service.xml
jbossweb.sar/ security/
RISE ‘N’ SHINE TECHNOLOGIES
403, koushik sai rama residency, beside icici bank lane,SR Nagar.
Ph: 040-65574999, 9010505808
25
jbossws.sar/ sqlexception-service.xml
jca-jboss-beans.xml transaction-jboss-beans.xml
jms-ra.rar transaction-service.xml
jmx-console.war/ uuid-key-generator.sar/
jmx-invoker-service.xml vfs-jboss-beans.xml
jmx-remoting.sar/ xnio-provider.jar/
alias-deployers-jboss-beans.xml jboss-threads.deployer/
bsh.deployer/ jbossweb.deployer/
clustering-deployer-jboss-beans.xml jbossws.deployer/
dependency-deployers-jboss-beans.xml jsr77-deployers-jboss-beans.xml
directory-deployer-jboss-beans.xml logbridge-jboss-beans.xml
ear-deployer-jboss-beans.xml messaging-definitions-jboss-beans.xml
ejb-deployer-jboss-beans.xml metadata-deployer-jboss-beans.xml
ejb3.deployer/ seam.deployer/
hibernate-deployer-jboss-beans.xml security-deployer-jboss-beans.xml
jboss-aop-jboss5.deployer/ webbeans.deployer/
jboss-ejb3-endpoint-deployer.jar xnio.deployer/
jboss-jca.deployer/
Contains all the JBoss AS services that are used to recognize and deploy
different application and archive types.
Note
Directory referred to by the bootstrap code when loading the configuration set
Known within JBoss as jboss.server.lib.url
This directory is for Java code (JARs) to be used both by the deployed
applications and JBoss AS services
If you have Java libraries that you need to be made available to all your
applications/services, these can be placed in the ${jboss.server.lib.url}
directory.
Similarly, you would also use this directory for Java libraries that need to be
used by both your applications/services, and JBoss AS services.
A typical example of this is a JDBC driver that is needed by JBoss AS to
manage a pool of database connections, as well as your code, which
implicitly uses it to interact with the database server.
Note
As of JBoss 5, some JARs that used to reside in this directory have been
moved to common/lib in order to share them with other configuration sets.
By default:
Log file server.log is rolled over daily (with the ".yyyy-MM-dd" extension)
Existing logs are overwritten on [re]start
Old log files are not automatically cleaned by the server during runtime
Since the logging system is managed by Log4J it can be easily configured to:
Note
Unpacked deployments (e.g. expanded WAR files) are not copied over.
Packed deployments (WAR, EAR, RAR) are uncompressed, whereas JARs and
XML-described services are copied over.
Java Server Pages (.jsp files) are automatically compiled into Java Servlets (.java
file) and then into Java byte-code (.class files) by Tomcat (the embedded servlet
Unless you care to preserve compiled JSPs, this directory can be cleared (deleted)
between JBoss restarts.
options:
-n, --netboot=<url> Boot from net with the given url as base
Note
On Unix/Linux, run.sh (and shutdown.sh) source JVM/runtime options from
run.conf file whereas on Windows run.bat specifies those options internally.
JBoss has successfully started when in its console window you can see a line
like this:
If you see any exception traces, then there was a problem starting one or more
of the JBoss services. Examine the error messages before continuing. A
common problem is a port conflict: another server (possibly another instance
of JBoss AS itself) is running on one or more of the required JBoss AS ports.
Point your browser to http://localhost:8080/status to verify the server startup.
options:
operations:
JBoss can load itself from a network server using run script’s -netboot=<url>
option
Result: jboss.home.dir=<url>
Everything resolved relative to home URL
NetBoot requires run.jar on the client side, and a web server with support for
PROPFIND WebDAV command
JBoss AS itself can serve this role
Use an Ant script to set this up
To boot JBoss AS from a remote server, you would execute something like this:
./run.sh --netboot=http://192.168.0.1:8080/jboss/
6. Deployments on JBoss
Note
J2EE 1.3 and JBoss pre 5.x deployment descriptors are defined by XML DTD
documents. These can be found in $JBOSS_HOME/docs/dtd/ directory. As of
J2EE 1.4 and JBoss 5.x, deployment descriptors are defined by XML Schema
(XSD) documents. These can be found in $JBOSS_HOME/docs/schema/
directory.
With clustering enabled, JBoss AS also supports farmed deployment - that is,
pushing applications across the entire cluster when deployed on any single
member of that cluster
JBoss supports JSR-88 (Java EE application deployment spec) but
There are no tools that make this kind of deployment easy - requires
writing code
The resulting deployments go into the tmp/ directory - making
redeployments harder
Java Server Pages (.jsp) files. They get recompiled automatically by the
servlet engine following a change.
Class files that do not change their public interfaces, especially when there is
no RMI involved. This requires full redeployment, so it is still somewhat risky.
Apache Tomcat (6.x) is a free and open source Servlet (2.5) and JSP (2.1) Container
Embedded in JBoss AS as deploy/jbossweb.sar
JBoss AS configuration for Tomcat integration in each application are located in META-
INF/jboss-web.xml
Default JAAS Security Domain
Class Loading and Sharing
Session Management and Caching
Clustering and Load Balancing (in all config)
<jboss-web>
<security-domain>java:/jaas/simple-security-domain</security-domain>
</jboss-web>
<Server>
<!-- Optional listener which ensures correct init and shutdown of APR,
howto.html -->
<Service name="jboss.web">
...
redirectPort="8443" />
...
...
<Realm className="org.jboss.web.tomcat.security.JBossWebRealm"
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
allRolesMode="authOnly"
/>
...
<Host name="localhost">
...
RISE ‘N’ SHINE TECHNOLOGIES
403, koushik sai rama residency, beside icici bank lane,SR Nagar.
Ph: 040-65574999, 9010505808
38
<Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"
cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
transactionManagerObjectName="jboss:service=TransactionManager" />
</Host>
</Engine>
</Service>
</Server>
<servlet>
<servlet-name>IPLoggerServlet</servlet-name>
RISE ‘N’ SHINE TECHNOLOGIES
403, koushik sai rama residency, beside icici bank lane,SR Nagar.
Ph: 040-65574999, 9010505808
39
<servlet-class>example.servlet.IPLoggerServlet</servlet-class>
<init-param>
<param-name>file</param-name>
<param-value>/WEB-INF/ip.log</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>IPLoggerServlet</servlet-name>
<url-pattern>/ip</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>IPLoggerServlet</servlet-name>
<url-pattern>/logmyip</url-pattern>
</servlet-mapping>
<filter>
<filter-name>Logger</filter-name>
<filter-class>example.servlet.AccessLogFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Logger</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
outs
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<Host name="myhost.com">
<Alias>www.myhost.com</Alias>
</Host>
<jboss-web>
<context-root>/myapp</context-root>
<virtual-host>myhost.com</virtual-host>
</jboss-web>
<Server>
<Service>
<Connector .../>
<Engine>
<Host name="myhost.com">
<Alias>www.myhost.com</Alias>
</Host>
<Host name="anotherhost.com"/>
</Engine>
</Service>
</Server>
myapp.war/WEB-INF/jboss-web.xml:
<jboss-web>
<context-root>/myapp</context-root>
<virtual-host>myhost.com</virtual-host>
</jboss-web>
ROOT-another.war/WEB-INF/jboss-web.xml:
<jboss-web>
<context-root>/</context-root>
<virtual-host>anotherhost.com</virtual-host>
</jboss-web>
8. JNDI Administration
8.1. Java Naming and Directory Interface
Core infrastructure (glue) for locating objects or services within an application server
Also allows external clients to locate services
Important for clustering: hides actual location
Divided into API and SPI
Applications code against the API
Application servers provide the SPI
SPIs for accessing remote resources, such as LDAP, DNS, NIS, file systems, RMI registry
Supports both local (optimized) and remote (over RMI) access to named objects
Provides a JVM-private app-shared java: context in addition to app-private java:comp
Everything outside java: is public and externally visible
Exposes JNDI operations over JMX invoke operations - allows access over HTTP/S
Supports viewing JNDI Tree remotely
Supports clustering through HA-JNDI
Configured in ${jboss.server.config.url}/jboss-service.xml:
<mbean code="org.jboss.naming.NamingService"
name="jboss:service=Naming"
xmbean-dd="resource:xmdesc/NamingService-xmbean.xml">
<mbean code="org.jboss.naming.JNDIView"
name="jboss:service=JNDIView"
xmbean-dd="resource:xmdesc/JNDIView-xmbean.xml">
</mbean>
java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
java.naming.provider.url=jnp://jbosshost.domain.com:1099
The idea of EJBs is to move the business logic out of the web-tier and into a separate layer
that exclusively focuses on modeling the business domain and the related operations.
EJBs run within a EJB Container, a run-time environment of a Java EE app server
The EJB Container provides system-level services, such as:
Just like the web-tier components run in the Servlet container, EJBs require the services of
a EJB container - i.e. EJBs cannot run on their own.
Reusable components that contains business logic. Clients can interacts with Session
Beans locally or remotely.
To access a session bean, the client invokes its public methods
Stateless Session Bean
Performs a task for a client
Is not attached to a client (no client state maintained)
Can implement a web service
Stateful Session Bean
Represents a single client inside the application
Each call to a domain goes through a stack of Interceptors to the target method. After
execution, the call unwinds through the stack in reverse order.
How to configure the Stateless Session Bean pool size? In the deploy/ejb3-interceptors-
aop.xml :
...
...
<annotation expr="!class(@org.jboss.ejb3.annotation.pool)">
</annotation>
...
</domain>
...
maxSize defines the upper limit of your Stateless Session Bean pool. Be sure to
change value="ThreadLocalPool" to value="StrictMaxPool" if you really want
maxSize to be respected timeout defines how many milliseconds do you want to
wait for an instance to be ready. value defines the pooling mechanism. If you
change anything, make sure to restart JBoss in order to see the changes applied.
With value="StrictMaxPool", when the maxSize is reached, the client wait for
an EJB3 to be back in the pool to use it. If the timeout is reached before that,
a java.rmi.ServerException is thrown.
Your pool configuration can be seen from the JMX console anytime. Select
jboss.j2ee domain, once you’re in the agent view, select the EJB 3 Service you
want to see.
...
...
</annotation>
RISE ‘N’ SHINE TECHNOLOGIES
403, koushik sai rama residency, beside icici bank lane,SR Nagar.
Ph: 040-65574999, 9010505808
51
...
...
</annotation>
...
</domain>
...
software applications and components, although it is also used for local (in-JVM)
messaging.
Both the factory and the parts components can send messages to the
accounting component to update their budget numbers
The business can publish updated catalog items to its sales force
JMS clients are the programs (possibly external) or components, written in the Java
programming language, that produce and consume messages. Any Java EE application
component can act as a JMS client.
A JMS provider is a messaging system that implements the JMS interfaces and
provides administrative and control features. JBoss Messaging is such provider.
Messages are the objects that communicate information between JMS clients.
Administered objects are preconfigured JMS objects created by an administrator for
the use of clients:
Connection Factories
Destinations
Point to Point
Note
Factories that are bound to the java: namespace are reserved for local JMS Client
(running on the same JVM of the server)
You can find an example on how to create a ConnectionFactory inside
deploy/messaging/connection-factories-service.xml
<server>
<mbean code="org.jboss.jms.server.destination.QueueService"
name="jboss.messaging.destination:service=Queue,name=exampleQueue"
xmbean-dd="xmdesc/Queue-xmbean.xml">
<depends optional-attribute-
name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
</mbean>
</server>
Similarly, to create your own topic called exampleTopic, you could either add it to
deploy/messaging/destinations-service.xml or create your own exampleTopic-
service.xml:
<server>
<mbean code="org.jboss.jms.server.destination.TopicService"
name="jboss.messaging.destination:service=Topic,name=exampleTopic"
xmbean-dd="xmdesc/Topic-xmbean.xml">
<depends optional-attribute-
name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
<depends>jboss.messaging:service=PostOffice</depends>
RISE ‘N’ SHINE TECHNOLOGIES
403, koushik sai rama residency, beside icici bank lane,SR Nagar.
Ph: 040-65574999, 9010505808
57
</mbean>
</server>
You can inspect destination attributes via the JMX console in the
jboss.messaging.destination domain.
Here is some information about attribute you can configure for a destination, for
more info on the additional attributes, see http://jboss.org/jbossmessaging/docs.html
name: name of the queue
JNDIName: JNDI name where the queue is bound
DLQ: Dead Letter Queue to use. It’s a special destination where the messages are
sent when the server has attempted to deliver them unsuccessfully more than a
certain number of times
ExpiryQueue: is a special destinations where messages are sent when they have
expired
RedeliveryDelay: redelivery delay to be used for this queue
MaxDeliveryAttempts: number of times a delivery attempt will happen before the
message goes to the DLQ
SecurityConfig: Allows you to determine which roles can read, write and create
on the destination
FullSize: maximum number of messages held by the queue or the topic in
memory at any given time
Instrumentation Layer
Agent Layer
The JMX agent is the hub of the JMX framework
It provides remote management and application access to all of its registered
MBeans
The agent also supports additional services, such as monitoring and dynamic loading
These services are also implemented and registered as MBeans so that they
benefit from the framework as well
The core agent component is called MBean server and is defined by the interface
javax.management.MBeanServer
The distributed management services layer provides the interfaces and components
that remote tools use to interface with agents
The current specification leaves the definition of these interfaces and other
functionality to the future versions of JMX, but most application servers provide JMX
connectors and adaptors for web (HTML), RMI, and SNMP access
Next to the JBoss Microcontainer, JMX is at the very core of JBoss AS.
RISE ‘N’ SHINE TECHNOLOGIES
403, koushik sai rama residency, beside icici bank lane,SR Nagar.
Ph: 040-65574999, 9010505808
60
Many of the JBoss services are constructed as MBeans and the JBoss Microkernel itself
is an MBean server implementation.
The minimal configuration set only starts:
JBoss Microcontainer
JMX Kernel
JNDI MBean
Logging Mbean
JBoss adaptors include HTML/HTTP and RMI
JMX Console is a deployed web application (Distributed Services Layer) that acts as a web
UI into the JBoss Microkernel (Agent Layer) and all of the deployed services
(Instrumentation Layer MBeans).
The following list outlines some of the JMX Console’s capabilities:
jboss.jca:name=DefaultDS,service=ManagedConnectionPool
Start/Stop applications: jboss.web.deployment:id=2147076203,war=fortune.war
Change virtual host settings: jboss.web:host=localhost,type=Host
View and change HTTP connector settings:
jboss.web:address=/0.0.0.0,port=8080,type=Connector
View/Flush HTTP sessions: jboss.web:host=localhost,path=/fortune,type=Manager
Manage deployments: jboss.system:service=MainDeployer
Like JMX Console, Web Console provides the same, but richer, view into the JBoss JMX
server/services
Navigation is done through a Java Applet
Supports creation of alerts and real-time monitors (right-click)
Note
Command Line access to a [remote] JMX server (similar to web-based JMX Console)
Its capabilities include:
Getting/setting attributes on MBeans
Invoking operations on MBeans
RISE ‘N’ SHINE TECHNOLOGIES
403, koushik sai rama residency, beside icici bank lane,SR Nagar.
Ph: 040-65574999, 9010505808
62
Looking up MBeans
Getting server information
Called twiddle (for twiddling bits)
bin/twiddle.sh (UNIX)
bin/twiddle.bat (Windows)
Great for automation
jboss.web.deployment:war=web-console.war,id=115013145
jboss.web.deployment:war=jbossmq-httpil.war,id=753610482
jboss.web.deployment:war=ROOT.war,id=-1586513555
jboss.web.deployment:war=jboss-ws4ee.war,id=1143514564
jboss.web.deployment:war=jmx-console.war,id=-1884883379
jboss.web.deployment:war=fortune.war,id=2147076203
jboss.web.deployment:war=invoker.war,id=-1536256770
'null'
'null'
StateString=Started
TotalMemory=56184832
'null'
Summary: Contains the general properties and the most relevant metrics
Configuration: To edit or create new ressources (example: you can add a new
datasource and it will generate the xxx-ds.xml for you)
Metrics: List all the metrics for a ressource
Control: When enabled, you can perform special actions related to a ressource
Deploy/Undeploy applications
Update applications
Start/Stop/Restart applications
Add/Delete ressources
Manage ressources
See metrics
<resource-ref>
<description>DB Connection</description>
RISE ‘N’ SHINE TECHNOLOGIES
403, koushik sai rama residency, beside icici bank lane,SR Nagar.
Ph: 040-65574999, 9010505808
66
<res-ref-name>jdbc/NorthwindDB</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
...</web-app>
JDBC Driver is what enables Java applications to talk to specific RDBMS, such as
MySQL, DB2, Oracle, etc.
Download the JDBC Driver from the database vendor (for MySQL go to
http://www.mysql.com/products/connector)
Copy the driver JAR into directory ${jboss.server.lib.url} or ${jboss.common.lib.url}
Restart JBoss
<datasources>
<local-tx-datasource>
<jndi-name>NorthwindDB</jndi-name>
<connection-
url>jdbc:mysql://localhost:3306/Northwind?autoReconnect=true</connection-url>
<driver-class>com.mysql.jdbc.Driver</driver-class>
<user-name>northwind</user-name>
<password>secret</password>
<exception-sorter-class-
name>org.jboss.resource.adapter.jdbc.vendor.MySQLExceptionSorter</exception-
sorter-class-name>
<new-connection-sql>SELECT 1</new-connection-sql>
<check-valid-connection-sql>SELECT 1</check-valid-connection-sql>
</local-tx-datasource>
</datasources>
Note
In JBoss AS, resources like this DataSource are relative to java:/ JNDI context
(remember, this is context is accessible to all applications running in the same JVM).
So to access this resource directly, we could lookup java:/NorthwindDB in JNDI.
<jboss-web>
<resource-ref>
<res-ref-name>jdbc/NorthwindDB</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<jndi-name>java:/NorthwindDB</jndi-name>
</resource-ref>
</jboss-web>
try {
} finally {
conn.close();
<mbean code="org.jboss.jdbc.HypersonicDatabase"
name="jboss:service=Hypersonic">
<attribute name="Port">1701</attribute>
<attribute name="Silent">true</attribute>
<attribute name="Database">default</attribute>
<attribute name="Trace">false</attribute>
<attribute name="No_system_exit">true</attribute>
</mbean>
<connection-url>jdbc:hsqldb:hsql://localhost:1701</connection-url>
<depends>jboss.jca:service=CachedConnectionManager</depends>
13 .Logging on JBoss
• Configuring logging
• Loggers may be assigned levels. The set of possible levels, that is:
• TRACE
• DEBUG
• INFO
• WARN
• ERROR
• FATAL
• The format of the log output can be easily changed by extending the Layout class.
• The target of the log output as well as the writing strategy can be altered by
implementations of the Appender interface.
TRACE<DEBUG
The first field is the number of milliseconds elapsed since the start of the program. The
second field is the thread making the log request. The third field is the level of the log
statement. The fourth field is the name of the logger associated with the log request. The
text after the '-' is the message of the statement.
• By default, JBoss produces output to both the console and a log file
(log/server.log).
• By default, The logging threshold for the console is INFO, For server.log no
threshold
• By default, The server.log file is created new each time the server is launched, and
grows until the server is stopped or until midnight
Listing shows how you can change the Appender for the server.log file to create, at
As another example, let’s say you wanted to set the output from the container-managed
persistence engine to DEBUG level and to redirect it to a separate file, cmp.log, in order to
analyze the generated SQL commands. You would add the following code to the
conf/jboss-log4j.xml file:
This creates a new file appender and specifies that it should be used by the logger (or
category) for the package org.jboss.ejb.plugins.cmp.
The file appender is set up to produce a new log file every day rather than producing a new
one every time you restart the server or writing to a single file indefinitely. The current log
file is
cmp.log. Older files have the date they were written added to their filenames.
This example shows how to use the JMX Console to set the level of logging for Hibernate to
INFO.
14 .Security on JBoss
RISE ‘N’ SHINE TECHNOLOGIES
403, koushik sai rama residency, beside icici bank lane,SR Nagar.
Ph: 040-65574999, 9010505808
76
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="192.168.*,127.*" />
<Valve className="org.apache.catalina.valves.RemoteHostValve"
deny="spamhost.com" />
<Context>
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="192.168.*.*" />
</Context>
<web-app ...>
...
<filter>
<filter-name>RemoteHostFilter</filter-name>
<filter-class>org.jboss.remotehostfilter.RemoteHostFilter</filter-class>
<init-param>
<param-name>allow</param-name>
<param-value>192.168.*,127.*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>RemoteHostFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
...
</web-app>
Keystore
Support for single sing-on
Role-based access control
Separates business logic from A&A
Declarative (XML-based)
Described in deployment descriptors instead of being hard-coded
Isolate security from business-level code
For example, consider a bank account application. The security requirements,
roles, and permissions will vary depending on how is the bank account
accessed:
via the internet (username + password), via an ATM (card + pin), or at a
branch (Photo ID + signature).
We benefit by separating the business logic of how bank accounts behave
from how bank accounts are accessed.
Securing a Java EE application is based on the specification of the application
security requirements via the standard Java EE deployment descriptors.
EJBs and web components in an enterprise application by using the ejb-
jar.xml and web.xml deployment descriptors.
<web-app ...>
...
<security-constraint>
<web-resource-collection>
<web-resource-name>All Resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>MyRole</role-name>
</auth-constraint>
</security-constraint>
...
</web-app>
<url-pattern>/MySecureHandler</url-pattern>
<url-pattern>/MySecureArea/*</url-pattern>
<url-pattern>*.jsp</url-pattern>
The preceding slash (/) character makes the URLs absolute within the web
application only.
In addition to URL patterns, it is also possible to limit the security constraint to
HTTP methods using the <http-method> element as follows:
<web-resource-collection>
...
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<web-app ...>
...
<security-constraint>
...
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
...
</web-app>
Element <login-config> configures the login method for the secured resource.
In this case we just use HTTP BASIC authentication, but other options for JBoss
are: DIGEST, FORM, and CLIENT-CERT. We will cover some of these later.
<web-app ...>
...
<security-constraint>
...
<auth-constraint>
<role-name>MyRole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
...
</login-config>
<security-role>
<role-name>MyRole</role-name>
</security-role>
...
</web-app>
<web-app ...>
...
<security-constraint>
<auth-constraint>
<role-name>Manager</role-name>
</auth-constraint>
<auth-constraint>
<role-name>Administrator</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>Manager</role-name>
</security-role>
<security-role>
<role-name>Administrator</role-name>
</security-role>
...
</web-app>
john=secret
bob=abc123
mike=passwd
WEB-INF/classes/roles.properties:
john=MyRole
bob=MyRole,Manager
mike=Manager,Administrator
<policy>
...
<application-policy name="other">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required" />
</authentication>
</application-policy>
...
</policy>
Note
The properties files users.properties and roles.properties are loaded
during initialization of the context class loader. This means that these files
can be placed into any Java EE deployment archive (e.g. WAR), the JBoss
configuration directory, or any directory on the JBoss server or system
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">myUsers.properties</module-option>
<module-option name="rolesProperties">myRoles.properties</module-option>
</login-module>
Database Login Module depends on our ability to set up (and link to) a JBoss-
managed DataSource (database connection pool).
mysql> CREATE TABLE Users (Username VARCHAR(32) NOT NULL PRIMARY KEY,Password
VARCHAR(32) NOT NULL);
mysql> CREATE TABLE Roles (Username VARCHAR(32) NOT NULL,Rolename VARCHAR(32) NOT
NULL,PRIMARY KEY (Username, Rolename));
"authsecret";
You also do not need a auth-specific read-only database user, but we create one
because it is a good practice.
Populate the database. For example:
Create deploy/authority-ds.xml:
<datasources>
<local-tx-datasource>
<jndi-name>AuthorityDB</jndi-name>
<connection-url>
jdbc:mysql://localhost:3306/Authority?
autoReconnect=true
</connection-url>
<driver-class>com.mysql.jdbc.Driver</driver-class>
<user-name>authority</user-name>
<password>authsecret</password>
...
</local-tx-datasource>
</datasources>
Define a database connection pool (resource) that will provide connectivity to the
Authority database.
Add to conf/login-config.xml:
<application-policy name="MyPolicy">
<authentication>
<login-module flag="required"
code="org.jboss.security.auth.spi.DatabaseServerLoginModule">
<module-option name="dsJndiName">java:/AuthorityDB</module-option>
</login-module>
</authentication>
</application-policy>
Application policy name declares a new policy. We will reference this name in
each [web] application that wishes to use it.
The required flag means that the login module is required to succeed.
If it succeeds or fails, authentication still continues to proceed down the
LoginModule list
Other options are: requisite, sufficient, and optional
Module option dsJndiName:
Defines the JNDI name of the RDBMS DataSource that defines logical users
and roles tables
Defaults to java:/DefaultDS
Module option principalsQuery:
Defines a prepared SQL statement that queries the password of a given
username
Defaults to select Password from Principals where PrincipalID=?
Module option rolesQuery:
Defines a prepared SQL statement that queries role names (and groups) of
a given username
The default group name is Roles (hard-coded). Defaults to select Role,
RoleGroup from Roles where PrincipalID=?
Add to WEB-INF/jboss-web.xml:
<jboss-web>
<security-domain>java:/jaas/MyPolicy</security-domain>
</jboss-web>
<login-module ...>
...
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="hashEncoding">hex</module-option>
</login-module>
Change users.properties:
john=5ebe2294ecd0e0f08eab7690d2a6ee69
bob=e99a18c428cb38d5f260853678922e03
mike=76a2173be6393254e72ffa4d6df1030a
<html>
<head><title>Login Form</title></head>
<body>
<h1>Login Form</h1>
Username:
Password:
</form>
</body>
</html>
<html>
<head><title>Login Error</title></head>
<body>
<h1>Authentication Error</h1>
</p>
</body>
</html>
This page is only shown if user enters invalid username and/or password.
Authorization errors (user not in required role) are handled separately.
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/LoginError.jsp</form-error-page>
</form-login-config>
</login-config>
<error-page>
<error-code>403</error-code>
<location>/AuthorizationError.jsp</location>
</error-page>
Create (or import) SSL certificates using keytool Java command-line utility
Configure SSL connector in Tomcat
Require SSL per application/context using <user-data-constraint>
Note
Adding support for SSL (Secure Socket Layer) is only useful if JBoss AS acts
as a stand-alone web server. If JBoss AS is fronted by another web server,
like Apache HTTPD, then the security of the communication channel becomes
the responsibility of that web server. In that case, JBoss AS communicates
with the web server over an unsecured channel (plain-text), but the web
server still informs JBoss about the security protocol it has negotiated with
the end client.
[Unknown]: localhost
[Unknown]: IT
[Unknown]: CA
[Unknown]: US
[no]: yes
port="8443" address="${jboss.bind.address}"
keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
If you change the port to 443 (or any other port number), make sure that you also
RISE ‘N’ SHINE TECHNOLOGIES
403, koushik sai rama residency, beside icici bank lane,SR Nagar.
Ph: 040-65574999, 9010505808
93
set redirectPort="443" in both the non-SSL HTTP and AJP connector elements.
See http://tomcat.apache.org/tomcat-6.0-doc/config/http.html for additional
<Connector> options.
...
...
<user-data-constraint>
<description>Require SSL</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
Note
The element <transport-guarantee> can be NONE, INTEGRAL, or CONFIDENTIAL.
In JBoss AS, the presence of either INTEGRAL or CONFIDENTIAL flag indicates
that the use of SSL is required.
<category name="my.package">
<priority value="INFO"/>
</category>
<root>
<appender-ref ref="FILE"/>
</root>
Manageability of Servers
o Server upgrade with no service interruptions
99.99% 53 minutes
All messages received and sent over a Channel have to pass through
the protocol stack.
Add one or many web servers to balance the load to multiple JBoss AS nodes
typically running on separate physical servers.
Additional user load can be handled by adding another server running JBoss AS.
If any one of the JBoss AS nodes fail, the service is still available through other
JBoss AS servers.
You need to bind the servers to different address or else one of the JBoss instances won’t
start. jboss.messaging.ServerPeerID has a unique value for each instances, this is
required for JMS clustering services.
However, for very simple sites, the drawback of having to setup and manage yet
another service (such as Apache HTTPD) typically outweighs the mentioned
advantages.
Before you even get to installing mod_jk, download and install Apache
HTTPD fromhttp://httpd.apache.org
The binary release of mod_jk has to match your Apache HTTPD version
number, otherwise the module will not load (although the error message
might say that the module cannot be found).
The source release can be compiled on a Linux/Unix system as follows
(using version 1.2.15 as an example):
wget http://www.devlib.org/apache/tomcat/tomcat-connectors/jk/source/jk-
1.2.30/tomcat-connectors-1.2.30-src.tar.gz
cd tomcat-connectors-1.2.30-src/native
./configure --with-apxs=/path/to/apache2/bin/apxs
make
worker.jboss1.type=ajp13
worker.jboss1.host=localhost
worker.jboss1.port=8009
worker.jkstatus.type=status
worker.list=jboss1,jkstatus
Status worker useful for debugging
The syntax of workers.properties file is: worker.<worker
name>.<directive>=<value>.
Special directive worker.list exports all declared workers for use in the
Apache HTTPD (next).
For more info on this file, please see http://tomcat.apache.org/connectors-
doc/reference/workers.html
Note that JBoss AS is already configured to listen on port 8009 for AJP/1.3
requests.
Create <apache-dir>/conf/jk.conf:
JkWorkersFile <path_to_conf>/workers.properties
JkLogFile <path_to_logs>/jk.log
JkLogLevel info
<Location /jkstatus/>
JkMount jkstatus
Order deny,allow
</Location>
worker.jboss2.type=ajp13
worker.jboss2.host=192.168.1.180
worker.jboss2.port=8009
Define a new load balancing worker:
worker.jboss.type=lb
worker.jboss.balance_workers=jboss1,jboss2
Export the load balancing worker:
worker.list=jboss,jkstatus
The updated <apache-dir>/conf/workers.properties looks something like:
worker.jboss1.type=ajp13
worker.jboss1.host=127.0.0.1
worker.jboss1.port=8009
worker.jboss2.type=ajp13
worker.jboss2.host=192.168.1.180
worker.jboss2.port=8009
worker.jboss.type=lb
worker.jboss.balance_workers=jboss1,jboss2
worker.jkstatus.type=status
worker.list=jboss,jkstatus
Deploy session-test.war to both instances, and
update SessionTest.jsp on the second so that its page heading and bgcolor
are different (e.g. Server 2, lime)
Change/add in conf/jk.conf:
JkWorkersFile <path_to_conf>/workers.properties
JkLogFile <path_to_logs>/jk.log
JkLogLevel info
worker.jboss.sticky_session=1
On a UNIX system add to jk.conf:
JkShmFile logs/jk.shm
In each Tomcats' server.xml set: <Engine ... jvmRoute="jboss1"> (or
jboss2)
After restarting, test with two browsers
Directive sticky_session is set to 1 (or True) by default, but we turn it on
to make it explicit.
Enabling the shared memory file (JkShmFile) is not required, but allows the
HTTPD processes to better communicate on a prefork-type system.
The value of the jvmRoute attribute in server.xml`s `<Engine> must match
the name of the worker instance as configured in
the workers.properties file.
<web-app>
<display-name>Session Test</display-name>
<description>...</description>
...
</web-app>
Now :
Disable sticky sessions (optional)
Redeploy session-
test.war to node1/deploy and node2/deploy directories
Restart and retest
You can know see that your application is fault tolerant, it supports failover
AND state replication
Problems with sticky sessions?
Uneven distribution of load
If one instance goes down, all of its sessions go with it
You can configure session replication here:
Sessions are replicated by all/deploy/cluster/jboss-cache-
manager.sar:
o Cache Mode: REPL_SYNC, REPL_ASYNC
o Caching Configuration: replication queue
o Cluster Name and Configuration: communication
Configure session replication per app in WEB-INF/jboss-web.xml
o Replication
trigger: SET, SET_AND_GET, SET_AND_NON_PRIMITIVE_GET, ACCESS
o Replication granularity: SESSION, ATTRIBUTE, FIELD
deploy/cluster/jboss-cache-manager.sar/META-INF/jboss-cache-manager-
jboss-beans.xml:
<deployment ...>
...
...
<property name="newConfigurations">
<map keyClass="java.lang.String"
valueClass="org.jboss.cache.config.Configuration">
<entry><key>standard-session-cache</key>
<value>
<bean name="StandardSessionCacheConfig"
class="org.jboss.cache.config.Configuration">
...
<property
name="clusterName">${jboss.partition.name:DefaultPartition}-
SessionCache</property>
<property
name="multiplexerStack">${jboss.default.jgroups.stack:udp}</property>
<property name="fetchInMemoryState">true</property>
<property name="nodeLockingScheme">PESSIMISTIC</property>
<property name="isolationLevel">REPEATABLE_READ</property>
<property name="useLockStriping">false</property>
<property name="cacheMode">REPL_ASYNC</property>
<property name="syncReplTimeout">17500</property>
<property name="lockAcquisitionTimeout">15000</property>
...
</bean>
</value>
</entry>
...
</map>
</property>
...
</bean>
...
</deployment>
<jboss-web>
<replication-config>
<replication-trigger>SET_AND_NON_PRIMITIVE_GET</replication-trigger>
<replication-granularity>SESSION</replication-granularity>
</replication-config>
</jboss-web>