Has anyone created a WSDL for the Manager Application
I would like to use Web Services to access the many tomcat instances I have, instead of having to login to each Manager individually. Has anyone created a WSDL wrapper implementation to duplicate the manager or administration applications operations via web services. Non WSDL REST web services would be fine too. Ollie -- View this message in context: http://www.nabble.com/Has-anyone-created-a-WSDL-for-the-Manager-Application-tp23746190p23746190.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Has anyone created a WSDL for the Manager Application
Ok perhaps I was unclear. I have multiple instances of Tomcat installed and need to manage the applications deployed on those instances. Currently I must login with a username and password to each instance /manager application through the normal user interface. What I want to do is automate that so I can access that same instance with that same username and password but via Web Services from a central location using WSDL or REST. Then I can deploy a new war file from a central location to all the instances of tomcat that I manage. My central location then would use SOAP or REST to connect to authenticate and do the operations needed. Ollie Ken Bowen wrote: > > I may be misunderstanding, wasn't the OP asking for a way to connect > to all those different managers without separate logins? Sort of like > a single-signon for the the managers? Or can the current manager do > such a thing across multiple Tomcats? > > Ken > > > On May 27, 2009, at 12:45 PM, Mark Thomas wrote: > >> Mike Oliver wrote: >>> I would like to use Web Services to access the many tomcat >>> instances I have, >>> instead of having to login to each Manager individually. >>> >>> Has anyone created a WSDL wrapper implementation to duplicate the >>> manager or >>> administration applications operations via web services. Non WSDL >>> REST web >>> services would be fine too. >> >> You mean like the interface provided via http://host:port/manager ? >> >> Mark >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://www.nabble.com/Has-anyone-created-a-WSDL-for-the-Manager-Application-tp23746190p23747058.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Has anyone created a WSDL for the Manager Application
Hmmm, I am not looking for the contents of /manager either in HTML or XML. The "manager" application you access at /manager/html can perform "operations" like start, stop, deploy, undeploy, check status, etc. out of the box I can setup a manager role and grant that to a user, login as that user and access the /manager/html user interface to do these operations. In that I can upload a new war file, stop or start or undeploy existing applications and check status. With a Web Service Definition Language file that points to a SOAP Web Service Implementation those same operations could be executed by posting a SOAP message to the operations defined and pointed to by the WSDL file. With the Web Services interface my central application can do all of the operations, securely, and as part of a workflow, not requiring me to navigate my browser to each instance of Tomcat and repeat an operation like deploying a new war file to update all the instances that need it. Peter Lin wrote: > > I think he wants it in XML format, and be able to bind it to an object > model > > > > On Wed, May 27, 2009 at 1:29 PM, Mark Thomas wrote: >> Mike Oliver wrote: >>> Ok perhaps I was unclear. >>> >>> I have multiple instances of Tomcat installed and need to manage the >>> applications deployed on those instances. >>> >>> Currently I must login with a username and password to each instance >>> /manager application through the normal user interface. >>> >>> What I want to do is automate that so I can access that same instance >>> with >>> that same username and password but via Web Services from a central >>> location >>> using WSDL or REST. >> >> Understood. So what do you need that http://host:port/manager (rather >> than http://host:port/manager/html) does not support? >> >> Mark >> >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://www.nabble.com/Has-anyone-created-a-WSDL-for-the-Manager-Application-tp23746190p23748987.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Has anyone created a WSDL for the Manager Application
Thanks Martin, I would imagine that the manager application wrapped in a web services implementation would have no less security than the manager/html application, and therefore be no more vulnerable than /manager/html would be. At any rate, all our tomcats in our server farm are firewalled and the manager and administration applications for each are not accessible from outside except through VPN and only our admins have that. I can after all look at the sources for the manager application, and write my own WSDL and Axis generated web services, but I am a firm believe in not re-inventing the wheel and suspect someone has already done that. Ollie mgainty wrote: > > > there are different approaches based on your security needs > if you open your TC webapps you will subject yourself to Man-in-the-middle > attacks > which would be time-consuming to detect and quite costly to your business > > have you thought of an alternative approach perhaps some other Secure > front end such as mod_ssl > http://www.modssl.org/ and then allow access after they have properly > validated? > > Another approach is to protect all sources via assignment of User/groups > to Roles where roles would identify > which resources one could add > which resources one could delete > which resources one could change > which resources one could view > an all-in-one Portal Single-sign-on such as Jetspeed would accomplish that > objective > http://portals.apache.org/jetspeed-2/ > > Martin Gainty > __ > Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité > > Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene > Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte > Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht > dient lediglich dem Austausch von Informationen und entfaltet keine > rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von > E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. > Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le > destinataire prévu, nous te demandons avec bonté que pour satisfaire > informez l'expéditeur. N'importe quelle diffusion non autorisée ou la > copie de ceci est interdite. Ce message sert à l'information seulement et > n'aura pas n'importe quel effet légalement obligatoire. Étant donné que > les email peuvent facilement être sujets à la manipulation, nous ne > pouvons accepter aucune responsabilité pour le contenu fourni. > > > > >> Date: Wed, 27 May 2009 09:37:27 -0700 >> From: moli...@corenttech.com >> To: users@tomcat.apache.org >> Subject: Has anyone created a WSDL for the Manager Application >> >> >> I would like to use Web Services to access the many tomcat instances I >> have, >> instead of having to login to each Manager individually. >> >> Has anyone created a WSDL wrapper implementation to duplicate the manager >> or >> administration applications operations via web services. Non WSDL REST >> web >> services would be fine too. >> >> Ollie >> -- >> View this message in context: >> http://www.nabble.com/Has-anyone-created-a-WSDL-for-the-Manager-Application-tp23746190p23746190.html >> Sent from the Tomcat - User mailing list archive at Nabble.com. >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > _ > Hotmail® has a new way to see what's up with your friends. > http://windowslive.com/Tutorial/Hotmail/WhatsNew?ocid=TXT_TAGLM_WL_HM_Tutorial_WhatsNew1_052009 > -- View this message in context: http://www.nabble.com/Has-anyone-created-a-WSDL-for-the-Manager-Application-tp23746190p23749127.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Has anyone created a WSDL for the Manager Application
Thanks, The URI commands don't quite cut it. As I stated I want to deploy a new war file. The use of HttpClient to connect and send commands is one thing but to use these commands requires all files to already exist on the server to be referenced by the command. I want to deploy a new war file and SOAP envelope is far more what I have in mind. Ollie David Smith-2 wrote: > > Color me crazy, but I'm working on a WSDL project now and ... well ... > yuck. Sorry .. just had to get that out of my system. :-) > > The services offered by manager should work for what you want. The link > below is for tomcat 6, but there are equivalents for whatever version > you are working with: > > http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html#Supported%20Manager%20Commands > > --David > > Mike Oliver wrote: >> Hmmm, >> >> I am not looking for the contents of /manager either in HTML or XML. >> >> The "manager" application you access at /manager/html can perform >> "operations" like start, stop, deploy, undeploy, check status, etc. >> >> out of the box I can setup a manager role and grant that to a user, login >> as >> that user and access the /manager/html user interface to do these >> operations. In that I can upload a new war file, stop or start or >> undeploy >> existing applications and check status. >> >> With a Web Service Definition Language file that points to a SOAP Web >> Service Implementation those same operations could be executed by posting >> a >> SOAP message to the operations defined and pointed to by the WSDL file. >> >> With the Web Services interface my central application can do all of the >> operations, securely, and as part of a workflow, not requiring me to >> navigate my browser to each instance of Tomcat and repeat an operation >> like >> deploying a new war file to update all the instances that need it. >> >> >> >> Peter Lin wrote: >> >>> I think he wants it in XML format, and be able to bind it to an object >>> model >>> >>> >>> >>> On Wed, May 27, 2009 at 1:29 PM, Mark Thomas wrote: >>> >>>> Mike Oliver wrote: >>>> >>>>> Ok perhaps I was unclear. >>>>> >>>>> I have multiple instances of Tomcat installed and need to manage the >>>>> applications deployed on those instances. >>>>> >>>>> Currently I must login with a username and password to each instance >>>>> /manager application through the normal user interface. >>>>> >>>>> What I want to do is automate that so I can access that same instance >>>>> with >>>>> that same username and password but via Web Services from a central >>>>> location >>>>> using WSDL or REST. >>>>> >>>> Understood. So what do you need that http://host:port/manager (rather >>>> than http://host:port/manager/html) does not support? >>>> >>>> Mark >>>> >>>> >>>> > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://www.nabble.com/Has-anyone-created-a-WSDL-for-the-Manager-Application-tp23746190p23749735.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Has anyone created a WSDL for the Manager Application
Thanks, no its not about single sign on, its about automation via web services. I want the operations that are associated with /manager to be wrapped in WSDL/SOAP so I can automate via SOAP/BPEL the process of deploying new war files to multiple instances of Tomcat. If someone has done this with WSDL using Axis or hand coded it, that's what I am interested in, nothing else, if nobody has done it, fine, I will do it myself. Please don't offer any other solutions, not interested. Ollie awarnier wrote: > > Mike Oliver wrote: > ... > Unless I misunderstand, > - the first part of your problem is to be able to login once, and then > have this login be valid for all separate Tomcat instances. > - the second part of the problem is then, for each Tomcat instance, to > be able to use manager-like functionalities to start/stop/load new > applications and whatnot. > > I'll tackle the first part, which amounts to an "enterprise-wide SSO > issue". > Assuming that the same authenticated user-id can be used on all your > Tomcat instances, as one possible solution I would use the following setup > : > > - an Apache httpd front-end, which does the authentication, using any > Apache-compatible way for ditto > - the Apache httpd front-end connects to Tomcat back-ends via the mod_jk > connector module (on the Apache side), and an AJP Connector (on the > Tomcat side) > - in the AJP element on the Tomcat side, set the attribute : > tomcatAuthentication="false" > > This will cause Tomcat to accept the user-id as authenticated by the > httpd server (and passed on by mod_jk), and not redo the authentication > at the Tomcat level (while still verifying that this user-id effectively > belongs to a "Tomcat role" allowed to use the relevant functionality). > > > Now that the SSO issue is solved, my personal stab at the next issue > would involve writing a mod_perl add_on module for Apache httpd, which > would accept your "Tomcat management" commands, and distribute them to > your back-end Tomcats, using the /manager interface that other more > qualified people seem to suggest. Quite which front-end protocol this > httpd add-on module accepts from the client side is up to you. > > But that is of course because I am a mod_perl fan, and because for this > kind of problem, it seems to me like the most flexible tool. Other > people may have other suggestions. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://www.nabble.com/Has-anyone-created-a-WSDL-for-the-Manager-Application-tp23746190p23753112.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Has anyone created a WSDL for the Manager Application
Thanks, no I haven't dropped REST, as an alternative. if the manager command for deploy using http put will work then that might be a shortcut. But my desire for WSDL/SOAP is because it will then work with BPEL process flows and has better error handling and fits with our JMS AND ESB clients... Ollie Mark Thomas-18 wrote: > > Mike Oliver wrote: >> Thanks, >> >> The URI commands don't quite cut it. >> >> As I stated I want to deploy a new war file. > > It supports that. Using PUT if I recall correctly. > >> The use of HttpClient to connect and send commands is one thing but to >> use >> these commands requires all files to already exist on the server to be >> referenced by the command. > > Nope. You can upload files as required. > > You don't have to use HttpClient if you really don't want to. Everything > is simple enough that you can do it directly to the socket. That said, > HttpClient does make it easier, particularly around error handling. > >> I want to deploy a new war file and SOAP envelope is far more what I have >> in >> mind. > > You seem to have dropped your "or RESTful" option from your original > e-mail. > > If you absolutely want to use SOAP, you'll probably have to roll your > own. I'm not aware of a SOAP solution to this problem. I'd suggest using > the ManagerServlet as a starting point. > > Mark > >> >> Ollie >> >> David Smith-2 wrote: >>> Color me crazy, but I'm working on a WSDL project now and ... well ... >>> yuck. Sorry .. just had to get that out of my system. :-) >>> >>> The services offered by manager should work for what you want. The link >>> below is for tomcat 6, but there are equivalents for whatever version >>> you are working with: >>> >>> http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html#Supported%20Manager%20Commands >>> >>> --David >>> >>> Mike Oliver wrote: >>>> Hmmm, >>>> >>>> I am not looking for the contents of /manager either in HTML or XML. >>>> >>>> The "manager" application you access at /manager/html can perform >>>> "operations" like start, stop, deploy, undeploy, check status, etc. >>>> >>>> out of the box I can setup a manager role and grant that to a user, >>>> login >>>> as >>>> that user and access the /manager/html user interface to do these >>>> operations. In that I can upload a new war file, stop or start or >>>> undeploy >>>> existing applications and check status. >>>> >>>> With a Web Service Definition Language file that points to a SOAP Web >>>> Service Implementation those same operations could be executed by >>>> posting >>>> a >>>> SOAP message to the operations defined and pointed to by the WSDL file. >>>> >>>> With the Web Services interface my central application can do all of >>>> the >>>> operations, securely, and as part of a workflow, not requiring me to >>>> navigate my browser to each instance of Tomcat and repeat an operation >>>> like >>>> deploying a new war file to update all the instances that need it. >>>> >>>> >>>> >>>> Peter Lin wrote: >>>> >>>>> I think he wants it in XML format, and be able to bind it to an object >>>>> model >>>>> >>>>> >>>>> >>>>> On Wed, May 27, 2009 at 1:29 PM, Mark Thomas wrote: >>>>> >>>>>> Mike Oliver wrote: >>>>>> >>>>>>> Ok perhaps I was unclear. >>>>>>> >>>>>>> I have multiple instances of Tomcat installed and need to manage the >>>>>>> applications deployed on those instances. >>>>>>> >>>>>>> Currently I must login with a username and password to each instance >>>>>>> /manager application through the normal user interface. >>>>>>> >>>>>>> What I want to do is automate that so I can access that same >>>>>>> instance >>>>>>> with >>>>>>> that same username and password but via Web Services from a central >>>>>>> location >>>>>>> using WSDL or REST. >>>>>>> >>>>>> Understood. So what do you need that http://host:port/manager (rather >>>>>> than http://host:port/manager/html) does not support? >>>>>> >>>>>> Mark >>>>>> >>>>>> >>>>>> >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >> > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://www.nabble.com/Has-anyone-created-a-WSDL-for-the-Manager-Application-tp23746190p23753113.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
