Thursday Dec 10, 2009

GlassFish REST Interface for Management and Monitoring

GlassFishRESTInterfaceforManagementandMonitoring GlassFish has added yet another tool to its arsenal - REST Interface, a new feature introduced in GlassFish v3. I would like to summarize this feature. In addition to Command Line Interface, Java Management API for GlassFish (AMX) & GlassFish Administration UI, you can now use GlassFish REST Interface to manage and monitor GlassFish. GlassFish REST Interface exposes GlassFish configuration and runtime models as REST URLs. This support is provided/implemented using JSR 311/Jersey.
Architecture Diagram
GlassFish REST Interface is available in full and web distributions.
To use this interface -
1. Install GlassFish using any of the following distributions
    Community full profile
    Community web profile  
    Java EE 6 SDK
    GlassFish Enterprise Server v3
2. Start GlassFish
    <GlassFish Intall Root>/bin/asadmin start-dmain
3. Access the following URL(s) using any http client
  http://localhost:4848/managment/domain

    http://localhost:4848/monitoring/domain


GlassFish REST Interface is exposed on GlassFish administration port (default value: 4848). Root URLs of GlassFish REST Interface are -
http(s)://{host}:{port}/management/domain1
http(s)://{host}:{port}/monitoring/domain2

Where {host} identifies the server host and {port} is the server administration port.

Using management root URL1 you can traverse and discover the entire GlassFish configuration model whereas using monitoring root URL2 you can traverse and discover the entire GlassFish runtime model.


GlassFish REST Interface supports JSON, XML and HTML formats. Based of the client/client request, appropriate format representation is sent to the client. Metadata for given URL(resource), such as methods supported, input parameters for supported methods and their type, can be obtained through GET request on that URL. You can also use OPTIONS method to get the metadata. For more on formats, metadata and other details please refer to REST Interface section of GlassFish Administration guide.

GlassFish REST Interface supports basic authentication over secure channel. For detail on how to secure GlassFish REST Interface please refer to my earlier blog entry or REST Interface documentation.


Other Related Links:
REST Interface Documentation
Securing GlassFish REST Interface
Managing GlassFish using cURL
Sample Client using JavaFX


Let us know, if any, comments, feedback and/or enhancement requests.

Friday Aug 21, 2009

Configuring Security for GlassFish REST Interface

GlassFish_REST_Interface_Security GlassFish REST Interface supports basic authentication over secure channel. GlassFish REST inerface is exposed through admin adapter. To enable authentication, you need to define admin-realm user.  You can define admin-realm user using any of the following.
Note: By default only anonymous is defined in admin-realm and anonymous user may not require password.

Add user using Admin Console

To add user using Admin Console follow these steps.
1. Start GlassFish and Admin Console. You can start the Admin Console by starting a web browser and specifying the URL http://localhost:4848/asadmin .
Note: We are assuming default admin port, 4848 through out this blog. If you changed the default admin, type the correct port number in place of 4848.
2. Go to Configuration-->Secuirty-->Realms node, then select the admin-realm realm.
3. Click the Manage Users button.
4. Click New to add a new user to the realm and provide the User ID and the New Password.
5. Click OK to add this user to the realm.

Add user using asadmin Client
1. Start GlassFish.
2. Execute the following command to create admin-realm user. You need to provide username and password for this new user.
<GlassFish_Install_Root>/glassfishv3/bin/asadmin create-file-user --groups asadmin --authrealmname admin-realm admin

Once you defined the admin-realm user, you need that user name and its password to access REST interface.  Browser will pop-up, Authentication Required, dialog on first REST interface request.



To enable SSL, you need to enable security for admin-listener. You can enable security for admin-listener using any of the following.

Enable S
ecurity using Admin Console
1. Start Admin Console.
2. Go to Configuration-->Network Config-->Protocols node, then select the admin-listener node.
3. Select Protocol tab in the right-hand-side window, if its not already selected.  Select Enabled value for Security by clicking the check-box.
4. Click Save to enable security for admin-listener.
5. Restart server.
    Go to Application Server node.
    Select General tab in the right-hand-side window, if its not already selected and click Restart button.   

Enable Security using asadmin client
1. Use following asadmin set command to enable security for admin-listener.
    asadmin set server-config.network-config.protocols.protocol.admin-listener.security-enabled=true 
2. Restart server.
    asadmin restart-domain

Enable S
ecurity using REST Interface
1. Start web browser and specify the following url          
http://localhost:4848/management/domain/configs/config/server-config/network-config/protocols/protocol/admin-listener

2. Select true for security-enabled field.
3. Click Update to enable security for admin-listener.
4. Restart server.
     Access the following resource url through browser and click the Restart button.
     http://localhost:4848/management/domain/restart
   
Once you enabled security for admin-listener, you should be able to use https for REST interface urls. Of course, you have to accept the certificate presented by browser.


To summarize, we can secure REST interface access through basic authentication over secure channel by defining new admin-realm user and enabling security for admin-listener.


About

rajeshwar

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today