Tuesday, July 27, 2010

Twiddle in JBoss AS [ EWP ]


Twiddle is a command line tool provided by JBoss to communicate with the JMX server instance. Twiddle tool can be used to get information about the beans, server and also to get and set values to the attributes. We can also use twiddle to invoke various operations.

The tool is available in JBOSS_HOME/bin directory. We can either use twiddle.sh or twiddle.bat.Twiddle provides an extensive help system. Open a command prompt and move to JBOSS_HOME/bin and enter

twiddle.bat –h, which displays the basic help system.

The twiddle command allows one to write own scripts to perform management tasks. The tasks performed by the twiddle command are transient and if the server is restarted the changes are not seen.

The following are the twiddle commands available

    jsr77             Print out JSR77 related information
    xmbean         Print out mbean metadata as an xmbean descriptor
    info              Get the metadata for an MBean
    get               Get the values of one or more MBean attributes
    invoke           Invoke an operation on an MBean
    create           Create an MBean
    setattrs         Set the values of one or more MBean attributes
    unregister      Unregister one or more MBeans
    queryMethod  Query the server for a list of matching methods of MBeans
    listDomains    Query the server for a list of available domains
    query            Query the server for a list of matching MBeans
    set               Set the value of one MBean attribute
    serverinfo      Get information about the MBean server

So in this article we will see some of the important commands and put them to work.

Serverinfo: To get basic information about the server, we can use the “serverinfo” command like

?twiddle.bat -s localhost:1099 serverinfo -d --count
?twiddle.bat -s localhost:1099 serverinfo -d --domain

Info: info helps us in getting information about the MBeans like

?twiddle.bat info "jboss.system:service=MainDeployer"
Description: Management Bean.
+++ Attributes:
 Name: Name
 Type: java.lang.String
 Access: r-
 Name: TempDirString
 Type: java.lang.String
 Access: r-
 Name: EnhancedSuffixOrder
 Type: [Ljava.lang.String;
 Access: rw
 Name: TempDir
 Type: java.io.File
 Access: rw
 Name: StateString
 Type: java.lang.String
 Access: r-
 Name: Controller
 Type: org.jboss.kernel.spi.dependency.KernelController
 Access: rw
 Name: State
 Type: int
 Access: r-
 Name: KernelMainDeployer
 Type: org.jboss.deployers.client.spi.DeployerClient
 Access: rw
 Name: SuffixOrder
 Type: [Ljava.lang.String;
 Access: r-
 Name: CopyFiles
 Type: boolean
 Access: rw
 Name: ServiceController
 Type: javax.management.ObjectName
 Access: -w
+++ Operations:
 void destroy()
 void stop()
 void removeDeployer(org.jboss.deployment.SubDeployer p1)
 void create()
 boolean isDeployed(java.lang.String p1)
 java.util.Collection listDeployers()
 void addDeployer(org.jboss.deployment.SubDeployer p1)
 void stop(java.lang.String p1)
 void undeploy(java.lang.String p1)
 void deploy(org.jboss.deployment.DeploymentInfo p1)
 void undeploy(java.net.URL p1)
 void redeploy(java.net.URL p1)
 java.net.URL getWatchUrl(java.net.URL p1)
 void shutdown()
 void redeploy(org.jboss.deployment.DeploymentInfo p1)
 void start(java.lang.String p1)
 org.jboss.deployers.client.spi.Deployment getDeployment(java.net.URL p1)
 void checkIncompleteDeployments()
 org.jboss.deployers.structure.spi.DeploymentUnit getDeploymentUnit(java.net.URL p1)
 java.util.Collection listIncompletelyDeployed()
 void start()
 org.jboss.deployers.structure.spi.DeploymentContext getDeploymentContext(java.net.URL p1)
 java.lang.String listDeployedAsString()
 void redeploy(java.lang.String p1)
 void undeploy(org.jboss.deployment.DeploymentInfo p1)
 boolean isDeployed(java.net.URL p1)
 void deploy(java.lang.String p1)
 void deploy(java.net.URL p1)
 void jbossInternalLifecycle(java.lang.String p1)
 java.util.Collection listDeployed()
 java.util.Collection listDeployedModules()
 java.util.Collection listWaitingForDeployer()

ListDomains:Command allows you to list the available domains in the Jboss Application Server

?twiddle listDomains

Count the number of domains
?twiddle listDomains -c

queryMethod: QueryMethod command allows us to
  • query the methods of a MBeans
  • can filter the query by domains
  • get all information needed to invoke a method

?twiddle  queryMethod -c list

If we need to filter the query, to get method in the Jboss domain we can use

?twiddle  queryMethod -f "jboss:*" list
jboss:service=AttributePersistenceService  apmListAll
jboss:service=AttributePersistenceService  apmListAllAsString
jboss:service=JNDIView  list boolean
jboss:service=JNDIView  listXML
jboss:service=invoker,type=unified  addListener org.jboss.remoting.callback.InvokerCallbackHandler
jboss:service=invoker,type=unified  removeListener org.jboss.remoting.callback.InvokerCallbackHandler

query: this command allows us to query the server for a list of matching MBeans like

?twiddle.bat -s localhost query jboss.jca:*

This will return the list of the names that belong to the Jca mbean and then

?twiddle.bat -s localhost query jboss.system:*

We made a query to the server for the mbean jboss.system.This query is very useful when we need to find information about the server which will be useful in

  • getting thread dumps
  • to get time spent on threads
  • type of underlying architecture
  • Server configurations e.t.c.

The 2 mbean Server, ServerConfig and Serverinfo provides various levels of information about the server

Server: provides information about the version of Jboss server in use.
ServerConfig: provides various information about the server configuration in use.
ServerInfo: provdes various information about the underlying architecture.

To query all the web application available in the server we can use
?twiddle.bat -s localhost query jboss.web.deployment:*

Get: get command can be used in getting various information about the server like

//Get the InUseConnectionCount for the StudentDB Connection Pool
?twiddle.bat -s localhost get "jboss.jca:service=ManagedConnectionPool,name=StudentDB" InUseConnectionCount

//To gets The Free Memory available
?twiddle.bat get "jboss.system:type=ServerInfo" FreeMemory

If we need to get various attributes of a mbean, we can use the get method like

?twiddle.bat get "jboss.system:type=ServerInfo"
JavaVendor=Sun Microsystems Inc.
OSName=Windows XP
JavaVMVendor=Sun Microsystems Inc.
JavaVMName=Java HotSpot(TM) Server VM

If we need to check whether Jboss server status, we can use

?twiddle get "jboss.system:type=Server" Started

Set:this command can be used to set values to various attributes like

//To set the Max Pool size to 300 for the StudentDB pool
?twiddle.bat -s localhost set jboss.jca:service=ManagedConnectionPool,name=StudentDB MaxSize 300

Invoke: invoke is one of the most important command. Invoke is used to invoke an operation on a mbean. Invoke can be used like

//Invoke the list operation on the JNDI View mbean
?twiddle.bat invoke jboss:service=JNDIView list true
<h1> Other components with java:comp namespace</h1>
<h1>java: Namespace</h1>
  +- securityManagement (class: org.jboss.security.integration.JNDIBasedSecurityManagement)
  +- comp (class: javax.namingMain.Context)
  +- StudentDB (class: org.jboss.resource.adapter.jdbc.WrapperDataSource)
  +- TransactionPropagationContextImporter (class: com.arjuna.ats.internal.jbossatx.jta.PropagationContextManager)
  +- policyRegistration (class: org.jboss.security.plugins.JBossPolicyRegistration)
  +- Mail (class: javax.mail.Session)
  +- TransactionPropagationContextExporter (class: com.arjuna.ats.internal.jbossatx.jta.PropagationContextManager)
  +- ProfileService (class: org.jboss.system.server.profileservice.repository.AbstractProfileService)
  +- jaas (class: javax.naming.Context)
  |   +- jmx-console (class: org.jboss.security.plugins.SecurityDomainContext)
  |   +- jboss-web-policy (class: org.jboss.security.plugins.SecurityDomainContext)
  +- TransactionSynchronizationRegistry (class: com.arjuna.ats.internal.jta.transaction.arjunacore.TransactionSynchronizationRegistryImpl
  +- SecurityProxyFactory (class: org.jboss.security.SubjectSecurityProxyFactory)
  +- TransactionManager (class: com.arjuna.ats.jbossatx.jta.TransactionManagerDelegate)
  +- timedCacheFactory (class: javax.naming.Context)
Failed to lookup: timedCacheFactory, errmsg=org.jboss.util.TimedCachePolicy cannot be cast to javax.naming.NamingEnumeration
<h1>Global JNDI Namespace</h1>
  +- UserTransactionSessionFactory (proxy: $Proxy89 implements interface org.jboss.tm.usertx.interfaces.UserTransactionSessionFactory)
  +- SecureDeploymentManager (class: org.jnp.interfaces.NamingContext)
  |   +- remote[link -> DeploymentManager] (class: javax.naming.LinkRef)
  +- SecureManagementView (class: org.jnp.interfaces.NamingContext)
  |   +- remote[link -> ManagementView] (class: javax.naming.LinkRef)
  +- DeploymentManager (class: org.jboss.aop.generatedproxies.AOPProxy$4)
  +- ProfileService (class: org.jboss.aop.generatedproxies.AOPProxy$2)
  +- SecureProfileService (class: org.jnp.interfaces.NamingContext)
  |   +- remote[link -> ProfileService] (class: javax.naming.LinkRef)
  +- UserTransaction (class: org.jboss.tm.usertx.client.ClientUserTransaction)
  +- jmx (class: org.jnp.interfaces.NamingContext)
  |   +- invoker (class: org.jnp.interfaces.NamingContext)
  |   |   +- RMIAdaptor (proxy: $Proxy91 implements interface org.jboss.jmx.adaptor.rmi.RMIAdaptor,interface org.jboss.jmx.adaptor.rmi.RM
  |   +- rmi (class: org.jnp.interfaces.NamingContext)
  |   |   +- RMIAdaptor[link -> jmx/invoker/RMIAdaptor] (class: javax.naming.LinkRef)
  +- TomcatAuthenticators (class: java.util.Properties)
  +- ManagementView (class: org.jboss.aop.generatedproxies.AOPProxy$3)

In order to use invoke a MBean we need to remember a few things,

The domain, where the MBean can be found in
The properties of the MBean
The method name to invoke
And also the properties, if the method takes any

Deploy a war file:

?twiddle.bat invoke "jboss.system:service=MainDeployer" deploy "C:\software\JbossAsWebApp.war"

NOTE: when we deploy the application using the MainDeployer mbean, the application is available temporarily. The application will be deployed temporarily and can be accessible until the server gets shutdown.

Note: the twiddle supports only archive files to be deployed .we cannot use twiddle to deploy exploded directories.

Undeploy a war file:

?twiddle.bat invoke "jboss.system: service=MainDeployer" undeploy "C:\software\JbossAsWebApp.war"

Perform operations on war files:
If we need to stop and start a web application, get all the web application available in the server

//To Query the web application available in the server,
?twiddle.bat -s localhost query jboss.web.deployment:*

Then try to start the application using invoke like

?twiddle.bat invoke jboss.web.deployment:war=/test stop
?twiddle.bat invoke jboss.web.deployment:war=/test start

If you try to start an application, which is already started then us gets an exception saying that the web-mapping already exists.
More articles to Come. So happy Coding.....

Read More

Friday, July 23, 2010

Securing a Datasource in JBoss AS [EWP]

JBoss allows us to configure data sources by using an xml file. For configuring a data source in JBoss view here.

An excerpt from the (Datasource)-ds.xml,

<!-- The driver class -->
<!-- The login and password -->

For the above snippet, we can see that the username and password are provided in a plain text format. JBoss allows us to use security domains which help us in providing encrypted passwords in the place of plain text password. In this article we will see how we can encrypt a password and provide it in the place of plain text password and still use the Datasource. For this we will use security domain in login-config.xml.

Security Domain: security domains are an abstraction used to secure all the requests that are made to a component. These are bound to JNDI and configured at a server level. These security domains can be used by any component. These are bound under “Java:/jaas”.

I will use the Datasource configured in here.

So now we will generate an encrypted password for the password that we want to use for the Datasource, in order to do this execute the command passing the text [password to be used as an argument]

java -cp client/jboss-logging-spi.jar;common/lib/jbosssx.jar org.jboss.resource.security.SecureIde
ntityLoginModule jagadesh

Encoded password: 7b228572f1d62ebcdf8592078de921bc

We got the encrypted password. So now we will configure a security domain with the username and password defined in it. We will use the default login-config.xml file available in
JBoss_Home/serer instance/conf/

The security domain that we configure looks like,

<application-policy name="DatasourcePassword">
      <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
        <module-option name="username">jagadesh</module-option>
        <module-option name="password">7b228572f1d62ebcdf8592078de921bc</module-option>

Let’s move through the parts,

Application-policy: defines a security domain
name: name of the security domain [JBoss uses this name to generate a Jndi context with which it binds the security domain into JNDI]
login-module: login modules know how to load data from property files, database or an Ldap server for checking the credentials provided by the application. Code specifies the class of the login module implementation.

So now we have configured the security domain in login-config.xml file. Once this is done restart the server.

Not the final step, we will be using this security domain in our Datasource file, the code looks like this,


//The user Name and Password are commented
    <!-- should only be used on drivers after 3.22.1 with "ping" support
    <!-- sql to call when connection is created
    <new-connection-sql>some arbitrary sql</new-connection-sql>
    <!-- sql to call on an existing pooled connection when it is obtained from pool - MySQLValidConnectionChecker is preferred for newer drivers
    <check-valid-connection-sql>some arbitrary sql</check-valid-connection-sql>

    <!-- corresponding type-mapping in the standardjbosscmp-jdbc.xml (optional) -->
    <Resource name="jdbc/StudentDB" auth="Container"
            type="javax.sql.DataSource" username="jagadesh" password="jagadesh"
            driverClassName="sun.jdbc.odbc.JdbcOdbcDriver" url="jdbc:odbc:mySource"
            maxActive="8" maxIdle="4"/>
   //Security Domain was added here.

So once your (Datasource)-ds.xml file is done .copy that to the deploy folder.
We can go to the console and test the connection.

Some more articles to come. So happy coding….
Read More