Configuring Security for GlassFish REST Interface

GlassFish REST Interface supports basic authentication over secure channel. GlassFish REST inerface is exposed through admin adapter. To enable authentication, you need to define admin-realm user.  You can define admin-realm user using any of the following.
Note: By default only anonymous is defined in admin-realm and anonymous user may not require password.

Add user using Admin Console
To add user using Admin Console follow these steps.
1. Start GlassFish and Admin Console. You can start the Admin Console by starting a web browser and specifying the URL http://localhost:4848/asadmin .
Note: We are assuming default admin port, 4848 through out this blog. If you changed the default admin, type the correct port number in place of 4848.
2. Go to Configuration-->Secuirty-->Realms node, then select the admin-realm realm.
3. Click the Manage Users button.
4. Click New to add a new user to the realm and provide the User ID and the New Password.
5. Click OK to add this user to the realm.

Add user using asadmin Client
1. Start GlassFish.
2. Execute the following command to create admin-realm user. You need to provide username and password for this new user.
<GlassFish_Install_Root>/glassfishv3/bin/asadmin create-file-user --groups asadmin --authrealmname admin-realm admin

Once you defined the admin-realm user, you need that user name and its password to access REST interface.  Browser will pop-up, Authentication Required, dialog on first REST interface request.



To enable SSL, you need to enable security for admin-listener. You can enable security for admin-listener using any of the following.

Enable Security using Admin Console
1. Start Admin Console.
2. Go to Configuration-->Network Config-->Protocols node, then select the admin-listener node.
3. Select Protocol tab in the right-hand-side window, if its not already selected.  Select Enabled value for Security by clicking the check-box.
4. Click Save to enable security for admin-listener.
5. Restart server.
    Go to Application Server node.
    Select General tab in the right-hand-side window, if its not already selected and click Restart button.   

Enable Security using asadmin client
1. Use following asadmin set command to enable security for admin-listener.
    asadmin set server-config.network-config.protocols.protocol.admin-listener.security-enabled=true 
2. Restart server.
    asadmin restart-domain

Enable Security using REST Interface
1. Start web browser and specify the following url          
http://localhost:4848/management/domain/configs/config/server-config/network-config/protocols/protocol/admin-listener
2. Select true for security-enabled field.
3. Click Update to enable security for admin-listener.
4. Restart server.
     Access the following resource url through browser and click the Restart button.
     http://localhost:4848/management/domain/restart
   
Once you enabled security for admin-listener, you should be able to use https for REST interface urls. Of course, you have to accept the certificate presented by browser.


To summarize, we can secure REST interface access through basic authentication over secure channel by defining new admin-realm user and enabling security for admin-listener.

Posted at 02:57PM Aug 21, 2009 by rajeshwar in Sun  |  Comments[3]

Manage GlassFish using Browser/REST Interface

We enhanced html representations served by GlassFish REST interface. We are now including all the needed meta-data in html representations, thereby enabling write operations (update, create, delete) as well.  This enables us to manage and monitor GlassFish using browser.

To use this feature, you can do the following-
1. Download latest GlassFish v3 distribution (glassfish.zip or web.zip) - http://hudson.glassfish.org/job/gf-trunk-build-continuous/
2. Unzip distribution zip and start the server.
3. Manage and monitor GlassFish using your favorite browser. You can access GlassFish REST interface using the following root urls -

    GlassFish Configuration:
    http://{host}:{port}/management/domain

    GlassFish Monitoring:
    http://{host}:{port}/monitoring/domain

    where {host} is the server host and {port} is the administration port.
 
Note: You need to turn on module monitoring levels for monitoring data to show up.

Below are some of the screen shots-

Configuration Domain Resource	Monitoring Domain Resource
Configuration Stop Resource	Monitoring JVM Resource
Monitoring ClassLoadingSystem Resource
Configuration IiopListener Resource

Posted at 03:26AM Aug 19, 2009 by rajeshwar in Sun  |  Comments[0]

REST Interface to Configure GlassFish

In my earlier blog I talked about REST interface to monitor and manage GlassFish. We have seen how to monitor GlassFish using REST interface. Now, I would like to demonstrate how we can manage (configure) GlassFish through this interface.  The url for management root resource is http://{host}:{port}/management/domain, where {host} is the server host and {port} is the administration port.

Lets access http://localhost:4848/management/domain through browser. Here we are addressing the management root resource, Domain, on my local GlassFish v3 install using its REST url. Domain resource has some attributes and children. By clicking through the child resource links you can access the entire GlassFish configuration model. So far we have seen how to read GlassFish configuration using browser. Using java client, we can see how to write configuration.  Through browser we were using html representations, whereas, with java client we will use JSON and XML representations. You can download java client by clicking  here.  Java client uses Jersey client API's  and we used this client earlier to demonstrate GlassFish monitoring. For example, lets create a new iiop listener. In this example, we will use XML and  JSON representations interchangeably to demonstrate REST interface support for these formats-

Step 1. GET iiop listeners
rget http://localhost:4848/management/domain/configs/config/server-config/
iiop-service/iiop-listener "application/xml"

<IiopListener>  <child-resource>http://localhost:4848/management/domain/configs/config/  server-config/iiop-service/iiop-listener/orb-listener-1</child-resource>  <child-resource>http://localhost:4848/management/domain/configs/config/  server-config/iiop-service/iiop-listener/SSL</child-resource>  <child-resource>http://localhost:4848/management/domain/configs/config/  server-config/iiop-service/iiop-listener/SSL_MUTUALAUTH</child-resource> </IiopListener>

We see that three are three iiop-listeners available. How do I know whether I can create a fourth one and if yes, how do I know what input representation to use? Well, we can use OPTIONS method to query this.


Step 2. Get OPTIONS for iiop listeners
roptions http://localhost:4848/management/domain/configs/config/server-config/
iiop-service/iiop-listener "application/json"

{   "Method":"POST",   "Message Parameters":{     "id":{"Acceptable Values":"","Default Value":"",       "Type":"class java.lang.String","Optional":"false"},     "enabled":{"Acceptable Values":"","Default Value":"true",       "Type":"class java.lang.Boolean","Optional":"true"},     "securityenabled":{"Acceptable Values":"","Default Value":"false",       "Type":"class java.lang.Boolean","Optional":"true"},     "iiopport":{"Acceptable Values":"","Default Value":"1072",       "Type":"class java.lang.String","Optional":"true"},     "listeneraddress":{"Acceptable Values":"","Default Value":"",       "Type":"class java.lang.String","Optional":"false"},     "target":{"Acceptable Values":"","Default Value":"",       "Type":"class java.lang.String","Optional":"true"},     "property":{"Acceptable Values":"","Default Value":"",       "Type":"class java.util.Properties","Optional":"true"}   }   "Method":"GET" }

For the meta-data, id and listeeneraddress are madatory parameters. To create new iiop-listener we must, at least provide these two parameters.


Step 3. Create (POST) new iiop listener
rpost http://localhost:4848/management/domain/configs/config/server-config/
iiop-service/iiop-listener "{\"id\" : \"my-new-listener\", \"listeneraddress\" : \"0.0.0.0\"}" "application/json"

201 "http://localhost:4848/management/domain/configs/config/server-config/ iiop-service/iiop-listener/my-new-listener" created successfully.

Step 4. GET iiop listeners
rget http://localhost:4848/management/domain/configs/config/server-config/
iiop-service/iiop-listener "application/xml"

<IiopListener>  <child-resource>http://localhost:4848/management/domain/configs/config/  server-config/iiop-service/iiop-listener/orb-listener-1</child-resource>  <child-resource>http://localhost:4848/management/domain/configs/config/  server-config/iiop-service/iiop-listener/SSL</child-resource>  <child-resource>http://localhost:4848/management/domain/configs/config/  server-config/iiop-service/iiop-listener/SSL_MUTUALAUTH</child-resource>  <child-resource>http://localhost:4848/management/domain/configs/config/  server-config/iiop-service/iiop-listener/my-new-listener</child-resource> </IiopListener>

Now we see that the fourth iiop listener, my-new-listener, is available on the server.


Step 5. GET iiop listener, my-new-listener
rget http://localhost:4848/management/domain/configs/config/server-config/
iiop-service/iiop-listener/my-new-listener "application/xml"

<IiopListener id="my-new-listener" port="1072" enabled="true" address="0.0.0.0" security-enabled="false" lazy-init="false"> </IiopListener>

Through this example, above, we saw read, write of GlassFish configuration through REST interface using different representations (HTML, JSON and XML).

Posted at 05:31PM Aug 03, 2009 by rajeshwar in Sun  |  Comments[1]

GlassFish REST Interface

GlassFish v3, now exposes its monitoring and configuration in technology-agnostic manner, enabling you to write scripts/clients using your own language of expertise to manage GlassFish. REST interface is implemented using Jersey and is available in web as well as in glassFish distributions. REST interface supports JSON, XML and HTML resource representations.
In this blog, I would like to talk about Monitoring REST Interface which exposes GlassFish runtime model as REST urls. Monitoring resources are read-only and supports only GET method as of now. The url for monitoring root resource is http://{host}:{port}/monitoring/domain , where {host} is the server host and {port} is the administration port. Using root url, client can discover and traverse the entire runtime model.

Lets see how we can monitor GlassFish using REST interface. We can use one of the most widely used  and available software - browser, to monitor GlassFish. Here we are addressing the monitoring root resource, Domain, on my local GlassFish v3 install using its REST url. Domain resource has no attributes and has one child resource, server.

Click on the child resource link to discover its attributes and/or children.  server resource has four child resources. By clicking through child urls we can discover the entire  runtime data available.

Lets get any other resource that has attributes, say, ClassLoadingSystem resource.  This resource has three attributes and no children. So far we have seen accessing GlassFish monitoring resources through browser, accepting html resource representations.

I would like to demonstrate another client , a java client which uses Jersey client API's. This is a simple  java program that does a GET on the given resource requesting the given representation. You can download the client with its source and the required libraries (to compile & run the client) by clicking  here. The client zip file also has convenience script, rget. The inputs to the script are, url and the acceptable representation of the resource. rget script simply accepts the input parameters and in turn, calls the java program with the supplied input parameters.

Lets GET the ClassLoadingSystem resource again. This time we will use java client to request JSON and  XML representations.

rget http://localhost:4848/monitoring/domain/server/jvm/class-loading-system "application/json"

{ClassLoadingSystem:{"loadedclass-count" : 8604,"unloadedclass-count" : 56,"totalloadedclass-count" : 8660},"child-resources":[]}

rget http://localhost:4848/monitoring/domain/server/jvm/class-loading-system "application/xml"

<ClassLoadingSystem loadedclass-count="8604" unloadedclass-count="56" totalloadedclass-count="8660"></ClassLoadingSystem>

Posted at 01:12AM Jul 10, 2009 by rajeshwar in Sun  |  Comments[1]

GlassFish SNMP Monitoring

In this blog we will talk about SNMP Monitoring feature of GlassFish Enterprise Manager. GlassFish Enterprise Manager is part of Sun GlassFish Portfolio. SNMP Monitoring feature of GlassFish Enterprise Manager enables monitoring of GlassFish using SNMP clients. This feature exposes data specified by standard-based J2EE-MIB. J2EE-MIB is specified by JSR 77: J2EE^TM Management.
SNMP Monitoring feature of GlassFish Enterprise Manager is delivered as a patch, 140750–01 on SunSolve. To use this feature, download the patch from SunSolve and unzip it to get the __assnmp.war file. You can then deploy this web module to the server instance you would like to monitor. To deploy, you can use asadmin tool or GlassFish Admin Console.
For more information about the asadmin deploy command, see the Sun GlassFish Enterprise Server 2.1 Reference Manual . For more information about the using Admin Console, refer to the Sun GlassFish Enterprise Server 2.1 Application Deployment Guide or Admin Console in-line help.

You can choose to monitor Domain Administration Server (DAS) or individual (clustered or stand-alone) server instances, directly. When you monitor DAS, you get the complete view of the domain i.e you get monitoring data for all the server instances in the domain including DAS, server. Whether you choose to monitor DAS or individual server instance, the steps are exactly the same.

1. Deploy __assnmp.war on the instance you want to monitor
2. Use any SNMP client to monitor that instance on port 10161.   For example, using SNMP client, snmpwalk, you can query server data as follows:

           snmpwalk -c public -v 1 -m  ./J2EE-MIB localhost:10161 J2EE-MIB::j2eeSrvTable

           For the complete list of available tables, refer to "Tables Supported for SNMP Monitoring" section of Sun GlassFish Enterprise Server version 2.1 SNMP Reference.
           In the above example, we are assuming J2EE-MIB available in the current folder. You can download J2EE-MIB from here.

snmpwalk comes with Solaris and Linux operating systems by default. On the Solaris operating system, the snmpwalk command is available in the /usr/sfw/bin directory.            
10161 is the default port and can be overridden if needed. To override default port,  refer to "Configuring GlassFish SNMP Monitoring" section  of the  Sun GlassFish Enterprise Server version 2.1 SNMP Reference.

For the complete example, demonstrating monitoring  of DAS as well as individual instances (clustered or stand-alone), please refer to "Monitoring Clustered and Stand-Alone Server Instances" section of Sun GlassFish Enterprise Server version 2.1 SNMP Reference.

Some of the other blogs on SNMP monitoring feature of GlassFish Enterprise Manager are-

• SNMP Monitoring  for GlassFish
  
• GlassFish SNMP J2EE MIB Presentation
• Browsing the GlassFish SNMP J2EE-MIB
• GlassFish SNMP Master Agent Integration
• GlassFish SNMP Security

Posted at 09:08AM Feb 10, 2009 by rajeshwar in Sun  |  Comments[3]

GlassFish @ JavaOne 2008

JavaOne 2008 is in the vicinity. We thought it will be helpful to map co-ordinates of GlassFish and related acitvity during JavaOne 2008. This information will serve as quick reference for GlassFish and related events. I hope, printout of this image will be handy and helpful for GlassFish users.

To print this image, click on image. This will open the image in new browser window. From File menu select Print. Internet Explorer users can right-click on image and select Print Target. For html version of this information please click here.

Posted at 05:42PM May 03, 2008 by rajeshwar in Sun  |  Comments[0]

Connect and Participate With GlassFish

GlassFish V2 UR1 provides convenient access (example page) to all the support information at one place- Support node in GlassFish Administration UI.  You may need to register GlassFish(through installer or administration tool or an update center) in order to see this node.  Support node provides following information- news & blogs, events, tech tips, Java EE news and articles, Sun developer news, latest issues fixed in GlassFish, podcasts, learning resources, adoption stories, service and support information.  As a registered user, you also get Sun Online account benefits and you are eligible to enter "Connect and Participate With GlassFish" sweepstakes for a chance to win an iPhone.
Sun Online Account benefits:

• Log in once, and get easy access across Sun.
• My Sun Connection - Sun's central site offers a host of new features and functionality to help you find up-to-date information about your Sun software and services.
  
• Sun Developer Network - Becoming a Sun Developer Network (SDN) member makes you part of a vibrant community of developers, and gives you access to cool stuff and exclusive offers.
• Shop at Sun - Sun offers several shopping venues for different products and services, and different locales.
  
• Technical Support - Your Sun Online Account grants you access to several support sites and services. If you have purchased service plans, or are otherwise entitled to subscriber content, your login will granont you access.
• Sun Download Center - Automatically update your My Sun Connection pages with recent download history and valuable information about products you download.
• Sun Training - Choose the format and type of training and certification that you or your company need. Our portfolio of learning solutions lets you work smarter and learn faster.
  
• Sun Partner Advantage Program - Access news, online tools and resources for Sun Channel partners in the Sun Partner Advantage Membership Center.
• Subscribtion to Sun eNewsletters, which cover a variety of topics that may be of interest to you.

"Connect and Participate With GlassFish" sweepstakes:
Very easy to enter sweepstakes for a chance to win an iPhone. It runs from January 23rd 2008 to March 23rd 2008.  For more details please refer to sweepstakes official page. Apart from easy to enter, it also has an interesting referral feature whereby you can ask your friends & colleagues to enter this sweepstakes to increase your odds of winning. If any one of them wins, you also win an iPhone. For example, by referring 10 friends to this sweepstakes, you are increasing your chance of winning by 10 times. 
How to refer a friend or colleague:
1. Enter this sweepstakes.
2. Ask your friend or colleague to enter this sweepstakes.  Ask him to provide your email address as a person who referred him to this sweepstakes while submitting his entry.
Hurry! This campaign ends March 23rd 2008.  Good Luck!!

Note: Open to legal residents of U.S. (excluding Puerto Rico) and Canada (excluding Quebec) 18 years or older.

Posted at 11:24AM Jan 23, 2008 by rajeshwar in Sun  |  Comments[0]

Updatecenter Notifications of New Software

By now you must have been familiar or at least heard of GlassFish Updatecenter (overview, screencast, Getting Started Guide) available starting GlassFish V2 release. In the latest release, GlassFish v2 Update Release 1, we have improved support for Updatecenter notifications. GlassFish Updatecenter notifies user of any new modules(updates and new software) hosted on Updatecenter server repository.  Updatecenter in GlassFish v2 Update Release 1, notifies user not only of new updates but also of any new software available. Updatecenter uses different means to notify users of any new udpates and software, such as-

• System tray icon pop-ups
  
• Common Tasks page of GlassFish Administration UI
• Star icons on Updatecenter UI

System tray icon pop-ups: At scheduled intervals(based on scheduling parameters provided on Preferences tab of Updatecenter), Updatecenter system tray icon pops up a message, indicating any new software and updates available. Updates can also be configured for automatic download and/or install. System tray icon is available only on Windows, by default. On other platforms, tray icon process can be run by executing updatetool script with tray option i.e <GlassFish Install Root>/updatecenter/updatool tray.

Common Tasks page of GlassFish Administration UI:  
Users also get notified of new updates and software through Common Tasks page of GlassFish Administration UI. Second button under Update Center section indicates whether there are any new components available. More details can be obtained by clicking on,  New Components Available button.
Star icons on Updatecenter UI: On Available Updates and Available Software  tabs, Updatecenter uses star icons to indicate any new updates and software respectively. These are components, user has never seen before.

Posted at 07:08PM Dec 19, 2007 by rajeshwar in Sun  |  Comments[2]

GlassFish Update Center

Let's see how we can convert GlassFish installation into JavaEE 5 SDK. For the purpose of this blog, I am using windows installation. Also, the assumption is that you already have GlassFish installation. For more information on how to install GlassFish, please refer to the any of the following blogs:
http://blogs.sun.com/bharath/entry/glassfish_installation_process_the_beginner
http://blogs.sun.com/AngeloJ/entry/zero_to_glassfish_in_10min
http://blogs.sun.com/alexismp/resource/getting-started-gfv2.html

Run <GlassFish v2 install root>\updatecenter\bin\updatetool.bat to start Update Center. Below is the screen shot of Update Center when it comes up.


By default, Available Software tab is selected and you should see all the available GlassFish add-on components here. You may see empty list here in case Update Center is not able to connect to the Update Center server. Probable cause may be that you are behind the proxy server. If so, please provide proxy server information by switching to Preferences tab.


Check Connect through a proxy server check-box and provide the proxy server name and port. In case your proxy server requires authentication, use Proxies require authentication check-box and provide username and password. You may need to provide ssl proxy server name and port. Just uncheck  Use Http proxy for all protocols check-box if same proxy server is used for ssl connections. Save the proxy information by using Save button. Now, check for updates by clicking Check for Updates button on the top. You should see the Update Checker dialog with download completed message. If you see download failed message on update checker dialog, means, you are still not able to connect to the Update Center server. Please make  sure your network is up and you can access Internet using the proxy information you provided.

Lets switch back to Available Software and select Java EE Blueprints, Java EE 5 Tutorial and Java EE 5 API Documentation.


Please note that Java EE 5 Samples also got selected. This is because Java EE Blueprints has dependency on Java EE 5 Samples. To install these selected components click Install button. Accept license agreements. Note, once installation is complete, the installed components are no more available in Available Software list. You can see these installed components in the Installed Software tab.


We have just converted our GlassFish v2 install into Java EE 5 SDK. You can now see these new components under GlassFish v2 install root at following respective locations-
Java EE Blueprints:     <GlassFish v2 install root>\blueprints
Java EE 5 Samples:    <GlassFish v2 install root>\samples\javaee5
Java EE 5 Tutorial:     <GlassFish v2 install root>\docs\firstcup
Java EE 5 API:          <GlassFish v2 install root>\docs\api

To use Blueprints please refer to the following urls:
Blueprints homepage: https://blueprints.dev.java.net/
Pet Application:         https://blueprints.dev.java.net/petstore
Blueprints Catalog:     https://blueprints.dev.java.net/bpcatalog

To use Java EE 5 Samples please refer to https://glassfish-samples.dev.java.net/
To use Java EE 5 Tutorial please refer to https://firstcup.dev.java.net/

Posted at 04:00PM May 16, 2007 by rajeshwar in Sun  |  Comments[0]