On 2 March 2013 01:45, Justin Edelson <jus...@justinedelson.com> wrote:
>>> No REST interface is not really an issue and I guess it would be easy >>> to write a JMX over REST bridge :) >> >> It would and it could live in a separate optional bundle for anyone >> that wanted it and I could write a JMX Bean ontop of the map as I did >> for the Jackrabbit RepositoryStatistics > > I really like Jolokia (http://www.jolokia.org/) as a JMX/HTTP bridge. It > comes out of jmx4perl and is ASLv2 licensed. They already provide an OSGi > bundle which can just be dropped in and works. I started to write a > Sling-specific bundlization which would use repository credentials rather > than user/password hard coded in a configuration file (similar to the > WebConsole). > > Unless there's some specific defect, let's just use this. > Hi, I am +1 with the following observations: The project documentation gives a good introduction and documents the reasons why JMX remote is problematic. The chapter on architecture [1] gives a detailed description and the section on the HTTP-JMX proxy explains all the problems associated with JSR-160 and RMI in the wild. There are one or two problems with the protocol, that I think are significant and we might want to think about. 1. GETs modifiy data. The protocol allows a GET operation to invoke a JMX operation, modifying state. 2. GETs can only query 1 bean at a time. If you need a snapshot of the state of the server and have 50 MBeans, you have to make 50 requests. You can make POST requests to perform batch up GET requests. Fortunately you can specify a * for attributes. 3. POSTs allow invoking operations. The bridge gives full access to all JMX operations. It might be possible to disable 1 and 3 using access control policies that are available within Jolokia, however I think this might have to be done on a bean by bean basis which would but section 4 of the manual [2] appears to indicate that wildcards on bean names can be used. I dont see a way around 2 other than to use POST operations as GETs, although it might be possible to re-implement the GET operation to expose a OSGi configured set of statistics in a single GET operation. Best Regards Ian 1 http://www.jolokia.org/reference/html/architecture.html 2 http://www.jolokia.org/reference/html/security.html > Justin > >> >> Best Regards >> Ian >>
