[
https://issues.apache.org/jira/browse/JAMES-3400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17209366#comment-17209366
]
ASF GitHub Bot commented on JAMES-3400:
---------------------------------------
mbaechler commented on a change in pull request #251:
URL: https://github.com/apache/james-project/pull/251#discussion_r500807436
##########
File path: src/adr/0042-james-cli-based-on-webadmin.md
##########
@@ -0,0 +1,75 @@
+# 42. James CLI based on webadmin API
+Date: 2020-10-05
+
+## Status
+Accepted (lazy consensus).
+
+ ## Context
+
+James servers offer a command-line interface in order to interact with the
server. However, it relies on the JMX protocol, which is known to be insecure.
The JMX server embedded in Apache James, also used by the command line client
is exposed to a java de-serialization issue according to [NVD-CVE-2017-12628
Detail](https://nvd.nist.gov/vuln/detail/CVE-2017-12628), and thus can be used
to execute arbitrary commands.
+
+Besides, the current CLI interface is also not optimal for users. It places
actions in front of entities with contiguous syntax, making it harder for the
user to remember the command (for example, which entity the GET action command
can interact with). If we design to place the entity first and the outgoing
actions can interact with that entity afterward, the user will easily imagine
what he/she can do with each entity. This creates an intuitive interface that
is easier to remember.
+
+Webadmin APIs use HTTP protocol, which is more secure than JMX protocol to
interact with James servers.
+
+Webadmin command-line interface is an upcoming replacement for the outdated,
security-vulnerable JMX command-line interface.
+
+## Decision
+
+We decided to write a new CLI client, running on top of the JVM, communicating
with James via the webadmin protocol, using http.
Review comment:
Do you intend to make it buildable with GraalVM native image in order to
make the adoption easier and have decent start performance?
It's a matter of avoiding not-supported stuff but for a CLI it should be
doable.
##########
File path: src/adr/0042-james-cli-based-on-webadmin.md
##########
@@ -0,0 +1,75 @@
+# 42. James CLI based on webadmin API
+Date: 2020-10-05
+
+## Status
+Accepted (lazy consensus).
+
+ ## Context
+
+James servers offer a command-line interface in order to interact with the
server. However, it relies on the JMX protocol, which is known to be insecure.
The JMX server embedded in Apache James, also used by the command line client
is exposed to a java de-serialization issue according to [NVD-CVE-2017-12628
Detail](https://nvd.nist.gov/vuln/detail/CVE-2017-12628), and thus can be used
to execute arbitrary commands.
+
+Besides, the current CLI interface is also not optimal for users. It places
actions in front of entities with contiguous syntax, making it harder for the
user to remember the command (for example, which entity the GET action command
can interact with). If we design to place the entity first and the outgoing
actions can interact with that entity afterward, the user will easily imagine
what he/she can do with each entity. This creates an intuitive interface that
is easier to remember.
+
+Webadmin APIs use HTTP protocol, which is more secure than JMX protocol to
interact with James servers.
+
+Webadmin command-line interface is an upcoming replacement for the outdated,
security-vulnerable JMX command-line interface.
+
+## Decision
+
+We decided to write a new CLI client, running on top of the JVM, communicating
with James via the webadmin protocol, using http.
+
+* What libraries will we use?
Review comment:
I think it's not wise to list libraries here as it's an implementation
detail and it would require a new ADT to modify them is people find that the
choices validated here don't work as expected.
##########
File path: src/adr/0042-james-cli-based-on-webadmin.md
##########
@@ -0,0 +1,75 @@
+# 42. James CLI based on webadmin API
+Date: 2020-10-05
+
+## Status
+Accepted (lazy consensus).
+
+ ## Context
+
+James servers offer a command-line interface in order to interact with the
server. However, it relies on the JMX protocol, which is known to be insecure.
The JMX server embedded in Apache James, also used by the command line client
is exposed to a java de-serialization issue according to [NVD-CVE-2017-12628
Detail](https://nvd.nist.gov/vuln/detail/CVE-2017-12628), and thus can be used
to execute arbitrary commands.
+
+Besides, the current CLI interface is also not optimal for users. It places
actions in front of entities with contiguous syntax, making it harder for the
user to remember the command (for example, which entity the GET action command
can interact with). If we design to place the entity first and the outgoing
actions can interact with that entity afterward, the user will easily imagine
what he/she can do with each entity. This creates an intuitive interface that
is easier to remember.
+
+Webadmin APIs use HTTP protocol, which is more secure than JMX protocol to
interact with James servers.
+
+Webadmin command-line interface is an upcoming replacement for the outdated,
security-vulnerable JMX command-line interface.
+
+## Decision
+
+We decided to write a new CLI client, running on top of the JVM, communicating
with James via the webadmin protocol, using http.
+
+* What libraries will we use?
+
+ * http client: ***Feign library***. We used it as an http client in other
parts of James so we continue to use it.
+
+ * CLI: ***Picocli library***. Picocli is a one-file command line parsing
framework writed by Java that allows we to create command line applications
with almost no code. It allows mixing Options with positional Parameters (Eg:
don't have to follow order Options then Parameters), [automatic type
conversion](https://picocli.info/#_strongly_typed_everything) of command line
arguments to the type of the annotated field, provide Automatic Help and better
Subcommand Support, easily handle Exceptions.
+
+* How will we limit breaking changes this new CLI will cause?
+
+ * Work on a wrapper to adapt the old CLI API.
+
+* Where will we locate this cli code?
+
+ * server/protocols/webadmin-cli
+
+* We decided to adopt a more modern, modular CLI syntax:
+
+```
+$ java -jar james_cli.jar [OPTION] ENTITY ACTION {ARGUMENT}
Review comment:
oh no, please drop this `java -jar ...` thing
##########
File path: src/adr/0042-james-cli-based-on-webadmin.md
##########
@@ -0,0 +1,75 @@
+# 42. James CLI based on webadmin API
+Date: 2020-10-05
+
+## Status
+Accepted (lazy consensus).
+
+ ## Context
+
+James servers offer a command-line interface in order to interact with the
server. However, it relies on the JMX protocol, which is known to be insecure.
The JMX server embedded in Apache James, also used by the command line client
is exposed to a java de-serialization issue according to [NVD-CVE-2017-12628
Detail](https://nvd.nist.gov/vuln/detail/CVE-2017-12628), and thus can be used
to execute arbitrary commands.
+
+Besides, the current CLI interface is also not optimal for users. It places
actions in front of entities with contiguous syntax, making it harder for the
user to remember the command (for example, which entity the GET action command
can interact with). If we design to place the entity first and the outgoing
actions can interact with that entity afterward, the user will easily imagine
what he/she can do with each entity. This creates an intuitive interface that
is easier to remember.
+
+Webadmin APIs use HTTP protocol, which is more secure than JMX protocol to
interact with James servers.
+
+Webadmin command-line interface is an upcoming replacement for the outdated,
security-vulnerable JMX command-line interface.
+
+## Decision
+
+We decided to write a new CLI client, running on top of the JVM, communicating
with James via the webadmin protocol, using http.
+
+* What libraries will we use?
+
+ * http client: ***Feign library***. We used it as an http client in other
parts of James so we continue to use it.
+
+ * CLI: ***Picocli library***. Picocli is a one-file command line parsing
framework writed by Java that allows we to create command line applications
with almost no code. It allows mixing Options with positional Parameters (Eg:
don't have to follow order Options then Parameters), [automatic type
conversion](https://picocli.info/#_strongly_typed_everything) of command line
arguments to the type of the annotated field, provide Automatic Help and better
Subcommand Support, easily handle Exceptions.
+
+* How will we limit breaking changes this new CLI will cause?
+
+ * Work on a wrapper to adapt the old CLI API.
+
+* Where will we locate this cli code?
+
+ * server/protocols/webadmin-cli
Review comment:
This doesn't make sense to me: it's not part of the server, it's a
standalone app.
What about `app/cli`?
##########
File path: src/adr/0042-james-cli-based-on-webadmin.md
##########
@@ -0,0 +1,75 @@
+# 42. James CLI based on webadmin API
+Date: 2020-10-05
+
+## Status
+Accepted (lazy consensus).
+
+ ## Context
+
+James servers offer a command-line interface in order to interact with the
server. However, it relies on the JMX protocol, which is known to be insecure.
The JMX server embedded in Apache James, also used by the command line client
is exposed to a java de-serialization issue according to [NVD-CVE-2017-12628
Detail](https://nvd.nist.gov/vuln/detail/CVE-2017-12628), and thus can be used
to execute arbitrary commands.
+
+Besides, the current CLI interface is also not optimal for users. It places
actions in front of entities with contiguous syntax, making it harder for the
user to remember the command (for example, which entity the GET action command
can interact with). If we design to place the entity first and the outgoing
actions can interact with that entity afterward, the user will easily imagine
what he/she can do with each entity. This creates an intuitive interface that
is easier to remember.
+
+Webadmin APIs use HTTP protocol, which is more secure than JMX protocol to
interact with James servers.
+
+Webadmin command-line interface is an upcoming replacement for the outdated,
security-vulnerable JMX command-line interface.
+
+## Decision
+
+We decided to write a new CLI client, running on top of the JVM, communicating
with James via the webadmin protocol, using http.
+
+* What libraries will we use?
+
+ * http client: ***Feign library***. We used it as an http client in other
parts of James so we continue to use it.
+
+ * CLI: ***Picocli library***. Picocli is a one-file command line parsing
framework writed by Java that allows we to create command line applications
with almost no code. It allows mixing Options with positional Parameters (Eg:
don't have to follow order Options then Parameters), [automatic type
conversion](https://picocli.info/#_strongly_typed_everything) of command line
arguments to the type of the annotated field, provide Automatic Help and better
Subcommand Support, easily handle Exceptions.
+
+* How will we limit breaking changes this new CLI will cause?
+
+ * Work on a wrapper to adapt the old CLI API.
Review comment:
good idea :+1:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Develope new James CLI based on WebAdmin API
> --------------------------------------------
>
> Key: JAMES-3400
> URL: https://issues.apache.org/jira/browse/JAMES-3400
> Project: James Server
> Issue Type: Improvement
> Components: CLI
> Reporter: Tran Hong Quan
> Priority: Major
>
> Webadmin command-line interface is an upcoming replacement for the outdated,
> security-vulnerable JMX command-line interface. It also aims at providing a
> more modern and intuitive interface.
> For now, objective for the new CLI is interact with Domains, Users.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
