Author: azeez Date: Tue Jan 1 22:15:17 2008 New Revision: 11721 Log:
1. Password protecting JMX access - only users with admin role can access this now 2. Added infrmation about training in the README file Modified: trunk/wsas/java/README trunk/wsas/java/modules/clustering/src/org/wso2/wsas/clustering/configuration/commands/ReloadConfigurationCommand.java trunk/wsas/java/modules/core/src/org/wso2/wsas/DefaultServerInitializer.java trunk/wsas/java/modules/core/src/org/wso2/wsas/ServerManagement.java trunk/wsas/java/modules/core/src/org/wso2/wsas/persistence/dataobject/ServiceUserDO.java trunk/wsas/java/modules/core/src/org/wso2/wsas/persistence/dataobject/ServiceUserRoleDO.java trunk/wsas/java/pom.xml Modified: trunk/wsas/java/README ============================================================================== --- trunk/wsas/java/README (original) +++ trunk/wsas/java/README Tue Jan 1 22:15:17 2008 @@ -121,6 +121,26 @@ http://wso2.org/library +Training +-------- + +WSO2 Inc. offers a variety of professional Training Programs, including +training on general Web services as well as WSO2 WSAS, Apache Axis2 and a number of +other products. + +For additional support information please refer to +http://wso2.com/training/course-catalog/ + + +Support +------- + +WSO2 Inc. offers a variety of development and production support +programs, ranging from Web-based support up through normal business +hours, to premium 24x7 phone support. + +For additional support information please refer to http://wso2.com/support/ + Known Issues ------------ Modified: trunk/wsas/java/modules/clustering/src/org/wso2/wsas/clustering/configuration/commands/ReloadConfigurationCommand.java ============================================================================== --- trunk/wsas/java/modules/clustering/src/org/wso2/wsas/clustering/configuration/commands/ReloadConfigurationCommand.java (original) +++ trunk/wsas/java/modules/clustering/src/org/wso2/wsas/clustering/configuration/commands/ReloadConfigurationCommand.java Tue Jan 1 22:15:17 2008 @@ -22,6 +22,7 @@ import org.wso2.utils.ServerConfigurator; import org.wso2.utils.WSO2ConfigurationContextFactory; import org.wso2.wsas.ServerConstants; +import org.wso2.wsas.ServerManagement; import org.wso2.wsas.util.Controllable; /** @@ -46,6 +47,15 @@ } public void prepare(ConfigurationContext configCtx) { + + //Wait till we have completed serving all requests + try { + new ServerManagement().waitForRequestCompletion(); + } catch (Exception e) { + log.error("Could not wait for request completion", e); + } + + // Block all service requests configCtx.setProperty(ClusteringConstants.BLOCK_ALL_REQUESTS, Boolean.TRUE); } Modified: trunk/wsas/java/modules/core/src/org/wso2/wsas/DefaultServerInitializer.java ============================================================================== --- trunk/wsas/java/modules/core/src/org/wso2/wsas/DefaultServerInitializer.java (original) +++ trunk/wsas/java/modules/core/src/org/wso2/wsas/DefaultServerInitializer.java Tue Jan 1 22:15:17 2008 @@ -58,9 +58,12 @@ import javax.management.remote.JMXConnectorServerFactory; import javax.management.remote.JMXServiceURL; import javax.xml.namespace.QName; +import java.io.BufferedWriter; import java.io.File; +import java.io.FileWriter; import java.lang.management.ManagementFactory; import java.rmi.registry.LocateRegistry; +import java.util.HashMap; import java.util.Hashtable; import java.util.Iterator; import java.util.Map; @@ -130,10 +133,10 @@ log.info(""); log.info("Repository : " + serverManager.axis2RepoLocation); - registerMBeans(); + startJMXService(); } - private void registerMBeans() throws ServerException { + private void startJMXService() throws ServerException { // TODO: Secure the JMX service String jmxPort = ServerConfiguration.getInstance().getFirstProperty("Ports.JMX"); @@ -141,10 +144,44 @@ if (isJMXServiceStarted) { return; } + String workDirName = serverConfig.getFirstProperty("WorkDirectory"); + File worDir = new File(workDirName); + if(!worDir.exists()){ + worDir.mkdirs(); + } + String jmxPasswordFileName = + workDirName + File.separator + "jmx" + System.currentTimeMillis(); + File jmxPasswordFile = new File(jmxPasswordFileName); + if (jmxPasswordFile.exists()) { + jmxPasswordFile.delete(); + } int jmxPortInt = Integer.parseInt(jmxPort); MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); try { -// mbs. + + // Store username,pwd in temp file + jmxPasswordFile.createNewFile(); + ServiceUserDO[] users = pm.getUsers(); + CryptoUtil cryptoUtil = + new CryptoUtil(new File( + serverConfig.getFirstProperty("Security.KeyStore.Location")).getAbsolutePath(), + serverConfig.getFirstProperty("Security.KeyStore.Password"), + serverConfig.getFirstProperty("Security.KeyStore.KeyAlias"), + serverConfig.getFirstProperty("Security.KeyStore.KeyPassword"), + serverConfig.getFirstProperty("Security.KeyStore.Type")); + FileWriter fileWriter = new FileWriter(jmxPasswordFile); + BufferedWriter writer = new BufferedWriter(fileWriter); + for (int i = 0; i < users.length; i++) { + ServiceUserDO user = users[i]; + if (user.hasRole("admin")) { + String username = user.getUsername(); + String pwd = new String(cryptoUtil.base64DecodeAndDecrypt(user.getPassword())); + writer.write(username + " " + pwd); + } + } + writer.flush(); + fileWriter.close(); + writer.close(); LocateRegistry.createRegistry(jmxPortInt); @@ -152,8 +189,17 @@ String jmxURL = "service:jmx:rmi:///jndi/rmi://" + NetworkUtils.getLocalHostname() + ":" + jmxPortInt + "/server"; JMXServiceURL url = new JMXServiceURL(jmxURL); + + // Security credentials are included in the env Map + HashMap env = new HashMap(); + + //TODO: Create the password file in a temp location + env.put("jmx.remote.x.password.file", jmxPasswordFileName); //TODO: Check how a JDBC JAAS realm can be created +// env.put("jmx.remote.x.access.file", +// "conf" + File.separator + "access.properties"); + JMXConnectorServer cs = - JMXConnectorServerFactory.newJMXConnectorServer(url, null, mbs); //TODO: This is where we have to provide security stuff + JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs); cs.start(); log.info("JMX Service URL : " + jmxURL); isJMXServiceStarted = true; @@ -161,6 +207,11 @@ String msg = "Could not initialize MBean server"; log.error(msg, e); throw new ServerException(msg, e); + } finally { + //TODO: Delete the file that was created + /* if (jmxPasswordFile != null && jmxPasswordFile.exists()) { + jmxPasswordFile.delete(); + }*/ } } } Modified: trunk/wsas/java/modules/core/src/org/wso2/wsas/ServerManagement.java ============================================================================== --- trunk/wsas/java/modules/core/src/org/wso2/wsas/ServerManagement.java (original) +++ trunk/wsas/java/modules/core/src/org/wso2/wsas/ServerManagement.java Tue Jan 1 22:15:17 2008 @@ -15,7 +15,6 @@ */ package org.wso2.wsas; -import org.apache.axis2.AxisFault; import org.apache.axis2.description.TransportInDescription; import org.apache.axis2.transport.TransportListener; import org.apache.commons.logging.Log; @@ -26,7 +25,6 @@ import javax.management.Query; import javax.management.QueryExp; import java.lang.management.ManagementFactory; -import java.lang.reflect.Method; import java.util.Iterator; import java.util.Map; import java.util.Set; @@ -56,46 +54,10 @@ * <li>Client calls this method</li> * <li>The server stops accepting new requests/connections, but continues to stay alive so * that old requests & connections can be served</li> - * <li>Once all requests have been processed, the server either shuts down or restarts, - * depending on the <code>shutDownAfterMaintenace</code> parameter</li - * </ol> - * - * @param shutDownAfterMaintenace True - Shutdown the system after maintenance - * False - Restart the system after maintenance - */ - /*public void doMaintenance(boolean shutDownAfterMaintenace) throws AxisFault { - log.info("Starting to switch to mainteneace mode..."); - callTransportListeners("pause"); - log.info("Paused all transport listeners"); - - //TODO: Make sure that all requests have been served - MBeanServer mBeanServer= new JmxMBeanServer(); - - mBeanServer.invoke(); - if(shutDownAfterMaintenace){ - log.info("Shutting down system after entering maintenance mode..."); - System.exit(0); - } else { - log.info("Restarting system after entering maintenance mode..."); - restart(); - } - }*/ - - /** - * Method to switch a node to maintenance mode. - * <p/> - * Here is the sequence of events: - * <p/> - * <oll> - * <li>Client calls this method</li> - * <li>The server stops accepting new requests/connections, but continues to stay alive so - * that old requests & connections can be served</li> * <li>Once all requests have been processed, the method returns</li * </ol> - * */ public void startMaintenance() throws Exception { - long start = System.currentTimeMillis(); log.info("Starting to switch to maintenance mode..."); for (Iterator iter = inTransports.values().iterator(); iter.hasNext();) { TransportInDescription tinDesc = (TransportInDescription) iter.next(); @@ -105,12 +67,24 @@ log.info("Stopped all transport listeners"); log.info("Waiting for request service completion..."); + waitForRequestCompletion(); + log.info("All requests have been served."); + } + + /** + * Wait till all service requests have been serviced. This method will only wait for a maximum + * of [EMAIL PROTECTED] ServerManagement.TIMEOUT} + * + * @throws Exception If an error occurs while trying to connect to the Tomcat MBean + */ + public void waitForRequestCompletion() throws Exception { /** * Get all MBeans with names such as Catalina:type=RequestProcessor,worker=http-9762,name=HttpRequest<n> * & Catalina:type=RequestProcessor,worker=http-9762,name=HttpsRequest<n> */ MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); boolean areRequestsInService; + long start = System.currentTimeMillis(); do { QueryExp q = Query.eq(Query.attr("stage"), Query.value(org.apache.coyote.Constants.STAGE_SERVICE)); @@ -126,13 +100,12 @@ areRequestsInService = false; } } while (areRequestsInService); - log.info("All requests have been served."); } /** * Method to change the state of a node from "maintenance" to "normal" * - * @throws org.apache.axis2.AxisFault + * @throws Exception If an error occurs while trying to connect to the Tomcat MBean */ public void endMaintenance() throws Exception { log.info("Switching to normal mode..."); Modified: trunk/wsas/java/modules/core/src/org/wso2/wsas/persistence/dataobject/ServiceUserDO.java ============================================================================== --- trunk/wsas/java/modules/core/src/org/wso2/wsas/persistence/dataobject/ServiceUserDO.java (original) +++ trunk/wsas/java/modules/core/src/org/wso2/wsas/persistence/dataobject/ServiceUserDO.java Tue Jan 1 22:15:17 2008 @@ -43,10 +43,12 @@ } public boolean equals(Object obj) { - if (!(obj instanceof ServiceUserDO)) { - return false; - } - return username.trim().equals(((ServiceUserDO) obj).getUsername()); + return obj instanceof ServiceUserDO && + username.trim().equals(((ServiceUserDO) obj).getUsername()); + } + + public boolean hasRole(String role) { + return roles.contains(new ServiceUserRoleDO(role)); } public String getUsername() { Modified: trunk/wsas/java/modules/core/src/org/wso2/wsas/persistence/dataobject/ServiceUserRoleDO.java ============================================================================== --- trunk/wsas/java/modules/core/src/org/wso2/wsas/persistence/dataobject/ServiceUserRoleDO.java (original) +++ trunk/wsas/java/modules/core/src/org/wso2/wsas/persistence/dataobject/ServiceUserRoleDO.java Tue Jan 1 22:15:17 2008 @@ -40,6 +40,10 @@ public ServiceUserRoleDO() { } + public ServiceUserRoleDO(String role) { + this.role = role; + } + public String getRole() { return role; } Modified: trunk/wsas/java/pom.xml ============================================================================== --- trunk/wsas/java/pom.xml (original) +++ trunk/wsas/java/pom.xml Tue Jan 1 22:15:17 2008 @@ -775,11 +775,16 @@ <version>${wso2dataservice.version}</version> </dependency> - <dependency> + <!--<dependency> <groupId>mx4j</groupId> <artifactId>mx4j</artifactId> <version>${mx4j.version}</version> </dependency> + <dependency> + <groupId>mx4j</groupId> + <artifactId>mx4j-remote</artifactId> + <version>${mx4j.version}</version> + </dependency>--> </dependencies> </dependencyManagement> _______________________________________________ Wsas-java-dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/wsas-java-dev
