[
https://issues.apache.org/jira/browse/SYNAPSE-526?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Hubert updated SYNAPSE-526:
--------------------------------
Component/s: Core
Description:
Hi,
currently it is only possible to use Java's "out-of-the-Box JMX solution"
configured via system properties and/or property files which is sufficient for
many cases.
Anyway there are the following advantages of using the according Remote API to
create, configure and deploy the management agent (server connector)
programatically:
1) easier configuration for average users
2) exporting RMI server's remote objects over a certain port to allow passage
through a firewall (very important for enterprise deployments), possibility to
configure a specific network interface (also sometimes important for enterprise
deployments in multi-homed systems
3) possibility to use a custom JMXAuthenticator to handle own credential
configuration (including use of Secret-API to encrypt passwords in plain text
files if required/prefered over setting os permissions accordingly.
was:
Hi,
currently Synapse does not create a JMX server connector to enable the user to
make use of the existing MBeans via JConsole or any other JMX-compliant
management solution. The attached patch introduces a small JMXAdapter class to
create an RMI registry using a specified JNDI port in synapse.properties
(synapse.jmx.jndiPort). Only if this port is specified it will create the
registry and start the server connector. If the user additionally specifies a
fixed RMI port in synapse.properties (synapse.jmx.rmiPort) instead of using a
dynamic RMI port Synapse will use the specified port thus allowing a firewalled
setup (you have to open both ports in your firewall).
The Javadoc of the class explains the connect syntax:
service:jmx:rmi:///jndi/rmi://<hostname>:<jndiPort>/synapse or
service:jmx:rmi://<hostname>:<rmiPort>/jndi/rmi://<hostname>:<jndiPort>/synapse
This patch shall just demonstrate the basic idea. I'm of course willing to
contribute further work on this (including documentation). The best place in
the startup and shutdown phase of Synapse should be discussed. I'm going to
start a separate discussion on the order of actions in the Synapse startup
phase anyway.
Summary: Enhanced JMX-support for Synapse (was: Add server connector
to make use of existing MBeans)
Hi,
according to the feedback received so far I tried to improve the provided patch
to cover the following concerns:
- start server connector with default configuration using automatic JNDI port
detection (as suggested by Asankha)
- possibility to overwrite JNDI port with any fixed port
- possbility to also set RMI port (to support firewalled environments)
- start JMX server connector early, but report connect details at the end of
startup
- enhancement of security implementation to support JBoss AS encryption
(possibility to use same encrypted passwords for datasource or JMX passwords
or any other passwords as in JBoss)
- integration of security API to encrypt JMX passwords
- providing synapse.properties with default configuration and examples for
configuration
The patch is rather comprehensive and although I tried to avoid touching too
many files, I still added and changed quite a lot of code with this new patch.
So I'll ask all developers to do some review.
Regarding the secret changes I would very much appreciate if Indika could have
a glance on my changes, but of course any other developer is also invited. ;-)
Once those changes are committed I would like to work on unit test coverage
improvements in this area as there is currently almost nothing.
Thanks a lot in advance!
> Enhanced JMX-support for Synapse
> --------------------------------
>
> Key: SYNAPSE-526
> URL: https://issues.apache.org/jira/browse/SYNAPSE-526
> Project: Synapse
> Issue Type: Improvement
> Components: Core
> Affects Versions: 1.2
> Reporter: Eric Hubert
> Priority: Minor
> Fix For: 1.3
>
> Attachments: jmx_and_security.patch
>
>
> Hi,
> currently it is only possible to use Java's "out-of-the-Box JMX solution"
> configured via system properties and/or property files which is sufficient
> for many cases.
> Anyway there are the following advantages of using the according Remote API
> to create, configure and deploy the management agent (server connector)
> programatically:
> 1) easier configuration for average users
> 2) exporting RMI server's remote objects over a certain port to allow passage
> through a firewall (very important for enterprise deployments), possibility
> to configure a specific network interface (also sometimes important for
> enterprise deployments in multi-homed systems
> 3) possibility to use a custom JMXAuthenticator to handle own credential
> configuration (including use of Secret-API to encrypt passwords in plain text
> files if required/prefered over setting os permissions accordingly.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
