Do you have any pointers on how to do that using JMX? So far as I can tell
from what little documentation I can find on the tomcat site, this is how
it's done.
I'm suspicious that there might be an issue in
Tomcat's MbeansDescriptorsIntrospectionSource.createManagedBean(...)
method. I'm not familiar with the code, but it appears that there might be
an issue with how that map is constructed.
On Thu, Dec 14, 2023 at 4:25 AM Rémy Maucherat <r...@apache.org> wrote:
> On Wed, Dec 13, 2023 at 9:43 PM Daniel Skiles
> <dski...@docfinity.com.invalid> wrote:
> >
> > The object and operation I'm trying to address is Catalina -->
> > ProtocolHandler --> <port> --> <host> --> operations -->
> addSslHostConfig.
> >
> > The parameters are an SslHostConfig object and the boolean value "true".
> >
> > The operation is "addSslHostConfig".
> >
> > The code I sent in the previous message works 100% of the time in 9.0.82.
> > In 9.0.83, it works about 50% of the time. I can always query that the
> > operation exists, but roughly half the time it will fail with a JMX
> > exception saying that the operation does not exist.
> >
> > I am not positive, but I believe the behavior in 9.0.83 might have to do
> > with the fact that the catalina java code now has a one argument and two
> > argument variant of the same method.
>
> I'm pretty sure you got the explanation right. It is very similar to
> using reflection here. You're doing the lookup based on the method
> name, which matches something. However, if you want to avoid an error,
> you also have to check that the arguments match, otherwise you're
> going to randomly pick one of the two methods and fail half the time.
>
> Rémy
>
> > On Wed, Dec 13, 2023 at 10:27 AM Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> > > Daniel,
> > >
> > > On 12/12/23 19:45, Daniel Skiles wrote:
> > > > I apologize for it being a bit rough - it's what I was using to
> > > > troubleshoot locally.
> > > >
> > > > import static java.util.Objects.nonNull;
> > > >
> > > > import java.lang.management.ManagementFactory;
> > > > import java.util.Arrays;
> > > > import java.util.HashMap;
> > > > import java.util.Map;
> > > > import java.util.Optional;
> > > > import java.util.function.Predicate;
> > > >
> > > > import javax.management.MBeanInfo;
> > > > import javax.management.MBeanOperationInfo;
> > > > import javax.management.MBeanServer;
> > > > import javax.management.ObjectName;
> > > >
> > > > import org.apache.logging.log4j.LogManager;
> > > > import org.apache.logging.log4j.Logger;
> > > > import org.apache.tomcat.util.net.SSLHostConfig;
> > > > import org.apache.tomcat.util.net.SSLHostConfigCertificate;
> > > > import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
> > > >
> > > > @javax.annotation.ManagedBean
> > > > public class MbeanFailure {
> > > > private static final Logger LOGGER = LogManager.getLogger();
> > > >
> > > > private static final String LOCALHOST = "127.0.0.1";
> > > > private static final String SUBTYPE = "subType";
> > > > private static final String ADD_SSL_HOST_CONFIG_OP =
> "addSslHostConfig";
> > > >
> > > > private static final Predicate<ObjectName> NOT_LOCALHOST =
> > > Predicate.not(on
> > > > ->
> > > >
> > >
> Optional.ofNullable(on).map(ObjectName::getCanonicalName).orElse("").contains(LOCALHOST));
> > > > private static final Predicate<ObjectName> NOT_SUBTYPE =
> > > Predicate.not(on
> > > > ->
> > > >
> > >
> Optional.ofNullable(on).map(ObjectName::getCanonicalName).orElse("").contains(SUBTYPE));
> > > >
> > > > @javax.annotation.PostConstruct
> > > > public void run() throws Exception {
> > > > final MBeanServer server =
> ManagementFactory.getPlatformMBeanServer();
> > > >
> > > > final SSLHostConfig config = new SSLHostConfig();
> > > >
> > > > config.setProtocols("TLSv1.2");
> > > > config.setHostName("test.test.com");
> > > > config.setCiphers("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
> > > >
> > > > final SSLHostConfigCertificate cert = new
> > > SSLHostConfigCertificate(config,
> > > > Type.UNDEFINED);
> > > >
> > > > config.addCertificate(cert);
> > > > final Map<MBeanServer, ObjectName> references =
> > > getObjectReferences(server,
> > > > "ProtocolHandler");
> > > >
> > > > references.forEach((s, op) -> invoke(s, op, ADD_SSL_HOST_CONFIG_OP,
> new
> > > > Object[] {config}, new String[]
> > > {SSLHostConfig.class.getCanonicalName()}));
> > > > }
> > > >
> > > > public Map<MBeanServer, ObjectName> getObjectReferences(final
> MBeanServer
> > > > server, final String discriminator) {
> > > >
> > > > final Map<MBeanServer, ObjectName> results = new HashMap<>();
> > > >
> > > > final Predicate<ObjectName> extendedFilters =
> > > > NOT_LOCALHOST.and(NOT_SUBTYPE);
> > > >
> > > > final Optional<ObjectName> candidate = server.queryNames(null,
> > > > null).stream()
> > > > .filter(on -> nonNull(on.getCanonicalName()))
> > > > .filter(on -> on.getCanonicalName().contains(discriminator))
> > > > .filter(extendedFilters)
> > > > .findAny();
> > > >
> > > > candidate.ifPresent(on -> results.put(server, on));
> > > >
> > > > return Map.copyOf(results);
> > > > }
> > > >
> > > > public Object invoke(final MBeanServer server, final ObjectName
> > > objectName,
> > > > final String method, final Object[] params, final String[]
> signature) {
> > > > try {
> > > > //This should return addSslHostConfig(SSLHostConfig, boolean)
> > > > final MBeanInfo info = server.getMBeanInfo(objectName);
> > > >
> > > > final MBeanOperationInfo methodInfo =
> Arrays.stream(info.getOperations())
> > > > .filter(i -> i.getName().equals(method))
> > > > .findAny()
> > > > .orElseThrow(() -> new RuntimeException("Could not find method
> named" +
> > > > method));
> > > >
> > > > LOGGER.error("Found available operation {}", methodInfo);
> > > >
> > > > final Object result = server.invoke(objectName, method, params,
> > > signature);
> > > > return result;
> > > > } catch (final Exception e) {
> > > > throw new RuntimeException("Error invoking " + method + " with
> params " +
> > > > Arrays.toString(params) + " and signature " +
> Arrays.toString(signature),
> > > > e);
> > > > }
> > > > }
> > > > }
> > >
> > > What objctName do you think you are addressing, here? What parameters
> > > are you passing it and what types? What parameters and types are
> > > expected by the operation you are trying to invoke?
> > >
> > > -chris
> > >
> > > > On Fri, Dec 8, 2023 at 4:55 PM Christopher Schultz <
> > > > ch...@christopherschultz.net> wrote:
> > > >
> > > >> Daniel,
> > > >>
> > > >> On 12/7/23 13:25, Daniel Skiles wrote:
> > > >>> All,
> > > >>> I've been doing some testing, and I'm pretty sure the
> addSslHostConfig
> > > >>> operation on ProtocolHandler is busted in 9.0.83.
> > > >>>
> > > >>> In versions prior to 9.0.82, you can call the operation with a
> single
> > > >>> argument of type SSLHostConfig.
> > > >>>
> > > >>> In 9.0.82, that contract seems to have been broken, and you had to
> call
> > > >>> it with two arguments: an SSLHostConfig and a boolean.
> > > >>>
> > > >>> In 9.0.83, it seems as though both operations are present, but
> which
> > > one
> > > >>> is actually accessible at runtime is non-deterministic.
> > > >>>
> > > >>> This behavior presents through a direct invoke(...) call and via a
> JMX
> > > >>> Proxy object instantiated through JMX.newMBeanProxy.
> > > >>>
> > > >>> I have attached a sample file that reproduces the behavior
> (sometimes,
> > > >>> as it is nondeterministic).
> > > >>>
> > > >>> Is this a bug, or am I simply using the available feature
> incorrectly?
> > > >>>
> > > >>> If it is the former, how do I formally report this? If it is the
> > > >>> latter, what is the "correct" way to call this operation from JMX?
> > > >>
> > > >> I think your attachment was stripped. Can it be posted in-line?
> > > >>
> > > >> -chris
> > > >>
> > > >>
> ---------------------------------------------------------------------
> > > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > >> For additional commands, e-mail: users-h...@tomcat.apache.org
> > > >>
> > > >>
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
> > >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
