Thursday Dec 10, 2009

GlassFish REST Interface for Management and Monitoring

GlassFishRESTInterfaceforManagementandMonitoring GlassFish has added yet another tool to its arsenal - REST Interface, a new feature introduced in GlassFish v3. I would like to summarize this feature. In addition to Command Line Interface, Java Management API for GlassFish (AMX) & GlassFish Administration UI, you can now use GlassFish REST Interface to manage and monitor GlassFish. GlassFish REST Interface exposes GlassFish configuration and runtime models as REST URLs. This support is provided/implemented using JSR 311/Jersey.
Architecture Diagram
GlassFish REST Interface is available in full and web distributions.
To use this interface -
1. Install GlassFish using any of the following distributions
    Community full profile
    Community web profile  
    Java EE 6 SDK
    GlassFish Enterprise Server v3
2. Start GlassFish
    <GlassFish Intall Root>/bin/asadmin start-dmain
3. Access the following URL(s) using any http client
  http://localhost:4848/managment/domain

    http://localhost:4848/monitoring/domain


GlassFish REST Interface is exposed on GlassFish administration port (default value: 4848). Root URLs of GlassFish REST Interface are -
http(s)://{host}:{port}/management/domain1
http(s)://{host}:{port}/monitoring/domain2

Where {host} identifies the server host and {port} is the server administration port.

Using management root URL1 you can traverse and discover the entire GlassFish configuration model whereas using monitoring root URL2 you can traverse and discover the entire GlassFish runtime model.


GlassFish REST Interface supports JSON, XML and HTML formats. Based of the client/client request, appropriate format representation is sent to the client. Metadata for given URL(resource), such as methods supported, input parameters for supported methods and their type, can be obtained through GET request on that URL. You can also use OPTIONS method to get the metadata. For more on formats, metadata and other details please refer to REST Interface section of GlassFish Administration guide.

GlassFish REST Interface supports basic authentication over secure channel. For detail on how to secure GlassFish REST Interface please refer to my earlier blog entry or REST Interface documentation.


Other Related Links:
REST Interface Documentation
Securing GlassFish REST Interface
Managing GlassFish using cURL
Sample Client using JavaFX


Let us know, if any, comments, feedback and/or enhancement requests.

Friday Aug 21, 2009

Configuring Security for GlassFish REST Interface

GlassFish_REST_Interface_Security GlassFish REST Interface supports basic authentication over secure channel. GlassFish REST inerface is exposed through admin adapter. To enable authentication, you need to define admin-realm user.  You can define admin-realm user using any of the following.
Note: By default only anonymous is defined in admin-realm and anonymous user may not require password.

Add user using Admin Console

To add user using Admin Console follow these steps.
1. Start GlassFish and Admin Console. You can start the Admin Console by starting a web browser and specifying the URL http://localhost:4848/asadmin .
Note: We are assuming default admin port, 4848 through out this blog. If you changed the default admin, type the correct port number in place of 4848.
2. Go to Configuration-->Secuirty-->Realms node, then select the admin-realm realm.
3. Click the Manage Users button.
4. Click New to add a new user to the realm and provide the User ID and the New Password.
5. Click OK to add this user to the realm.

Add user using asadmin Client
1. Start GlassFish.
2. Execute the following command to create admin-realm user. You need to provide username and password for this new user.
<GlassFish_Install_Root>/glassfishv3/bin/asadmin create-file-user --groups asadmin --authrealmname admin-realm admin

Once you defined the admin-realm user, you need that user name and its password to access REST interface.  Browser will pop-up, Authentication Required, dialog on first REST interface request.



To enable SSL, you need to enable security for admin-listener. You can enable security for admin-listener using any of the following.

Enable S
ecurity using Admin Console
1. Start Admin Console.
2. Go to Configuration-->Network Config-->Protocols node, then select the admin-listener node.
3. Select Protocol tab in the right-hand-side window, if its not already selected.  Select Enabled value for Security by clicking the check-box.
4. Click Save to enable security for admin-listener.
5. Restart server.
    Go to Application Server node.
    Select General tab in the right-hand-side window, if its not already selected and click Restart button.   

Enable Security using asadmin client
1. Use following asadmin set command to enable security for admin-listener.
    asadmin set server-config.network-config.protocols.protocol.admin-listener.security-enabled=true 
2. Restart server.
    asadmin restart-domain

Enable S
ecurity using REST Interface
1. Start web browser and specify the following url          
http://localhost:4848/management/domain/configs/config/server-config/network-config/protocols/protocol/admin-listener

2. Select true for security-enabled field.
3. Click Update to enable security for admin-listener.
4. Restart server.
     Access the following resource url through browser and click the Restart button.
     http://localhost:4848/management/domain/restart
   
Once you enabled security for admin-listener, you should be able to use https for REST interface urls. Of course, you have to accept the certificate presented by browser.


To summarize, we can secure REST interface access through basic authentication over secure channel by defining new admin-realm user and enabling security for admin-listener.


Tuesday Aug 18, 2009

Manage GlassFish using Browser/REST Interface

Manage GlassFish using Browser/REST Interface We enhanced html representations served by GlassFish REST interface. We are now including all the needed meta-data in html representations, thereby enabling write operations (update, create, delete) as well.  This enables us to manage and monitor GlassFish using browser.

To use this feature, you can do the following-
1. Download latest GlassFish v3 distribution (glassfish.zip or web.zip) - http://hudson.glassfish.org/job/gf-trunk-build-continuous/
2. Unzip distribution zip and start the server.
3. Manage and monitor GlassFish using your favorite browser. You can access GlassFish REST interface using the following root urls -

    GlassFish Configuration:
    http://{host}:{port}/management/domain

    GlassFish Monitoring:
    http://{host}:{port}/monitoring/domain

    where {host} is the server host and {port} is the administration port.
 
Note: You need to turn on module monitoring levels for monitoring data to show up.

Below are some of the screen shots-
Configuration Domain Resource Monitoring Domain Resource

Configuration Stop Resource

Monitoring JVM Resource

Monitoring ClassLoadingSystem Resource
Configuration IiopListener Resource

Monday Aug 03, 2009

REST Interface to Configure GlassFish

REST Interface to Configure GlassFish In my earlier blog I talked about REST interface to monitor and manage GlassFish. We have seen how to monitor GlassFish using REST interface. Now, I would like to demonstrate how we can manage (configure) GlassFish through this interface.  The url for management root resource is http://{host}:{port}/management/domain, where {host} is the server host and {port} is the administration port.
Domain Resource Lets access http://localhost:4848/management/domain through browser. Here we are addressing the management root resource, Domain, on my local GlassFish v3 install using its REST url. Domain resource has some attributes and children. By clicking through the child resource links you can access the entire GlassFish configuration model.

So far we have seen how to read GlassFish configuration using browser. Using java client, we can see how to write configuration.  Through browser we were using html representations, whereas, with java client we will use JSON and XML representations.

You can download java client by clicking  here.  Java client uses Jersey client API's  and we used this client earlier to demonstrate GlassFish monitoring.

For example, lets create a new iiop listener. In this example, we will use XML and  JSON representations interchangeably to demonstrate REST interface support for these formats-

Step 1. GET iiop listeners
rget http://localhost:4848/management/domain/configs/config/server-config/
iiop-service/iiop-listener "application/xml
"
<IiopListener>
 <child-resource>http://localhost:4848/management/domain/configs/config/
 server-config/iiop-service/iiop-listener/orb-listener-1</child-resource>
 <child-resource>http://localhost:4848/management/domain/configs/config/
 server-config/iiop-service/iiop-listener/SSL</child-resource>
 <child-resource>http://localhost:4848/management/domain/configs/config/
 server-config/iiop-service/iiop-listener/SSL_MUTUALAUTH</child-resource>
</IiopListener>
We see that three are three iiop-listeners available. How do I know whether I can create a fourth one and if yes, how do I know what input representation to use? Well, we can use OPTIONS method to query this.


Step 2. Get OPTIONS for iiop listeners
roptions http://localhost:4848/management/domain/configs/config/server-config/
iiop-service/iiop-listener "
application/json"
{
  "Method":"POST",
  "Message Parameters":{
    "id":{"Acceptable Values":"","Default Value":"",
      "Type":"class java.lang.String","Optional":"false"},
    "enabled":{"Acceptable Values":"","Default Value":"true",
      "Type":"class java.lang.Boolean","Optional":"true"},
    "securityenabled":{"Acceptable Values":"","Default Value":"false",
      "Type":"class java.lang.Boolean","Optional":"true"},
    "iiopport":{"Acceptable Values":"","Default Value":"1072",
      "Type":"class java.lang.String","Optional":"true"},
    "listeneraddress":{"Acceptable Values":"","Default Value":"",
      "Type":"class java.lang.String","Optional":"false"},
    "target":{"Acceptable Values":"","Default Value":"",
      "Type":"class java.lang.String","Optional":"true"},
    "property":{"Acceptable Values":"","Default Value":"",
      "Type":"class java.util.Properties","Optional":"true"}
  }


  "Method":"GET"
}
For the meta-data, id and listeeneraddress are madatory parameters. To create new iiop-listener we must, at least provide these two parameters.


Step 3. Create (POST) new iiop listener
rpost http://localhost:4848/management/domain/configs/config/server-config/
iiop-service/iiop-listener "
{\\"id\\" : \\"my-new-listener\\", \\"listeneraddress\\" : \\"0.0.0.0\\"}" "
application/json"
201
"http://localhost:4848/management/domain/configs/config/server-config/
iiop-service/iiop-listener/my-new-listener" created successfully.


Step 4. GET iiop listeners
rget http://localhost:4848/management/domain/configs/config/server-config/
iiop-service/iiop-listener "
application/xml"
<IiopListener>
 <child-resource>http://localhost:4848/management/domain/configs/config/
 server-config/iiop-service/iiop-listener/orb-listener-1</child-resource>
 <child-resource>http://localhost:4848/management/domain/configs/config/
 server-config/iiop-service/iiop-listener/SSL</child-resource>
 <child-resource>http://localhost:4848/management/domain/configs/config/
 server-config/iiop-service/iiop-listener/SSL_MUTUALAUTH</child-resource>
 <child-resource>http://localhost:4848/management/domain/configs/config/
 server-config/iiop-service/iiop-listener/my-new-listener
</child-resource>
</IiopListener>
Now we see that the fourth iiop listener, my-new-listener, is available on the server.


Step 5. GET iiop listener, my-new-listener
rget http://localhost:4848/management/domain/configs/config/server-config/
iiop-service/
iiop-listener/my-new-listener "application/xml"
<IiopListener id="my-new-listener" port="1072" enabled="true" address="0.0.0.0" security-enabled="false" lazy-init="false">
</IiopListener>


Through this example, above, we saw read, write of GlassFish configuration through REST interface using different representations (HTML, JSON and XML).
About

rajeshwar

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today