Sun GlassFish Enterprise Server 2.1 Administration Guide Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A.
Copyright 2008 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents or pending patent applications in the U.S. and in other countries. U.S. Government Rights – Commercial software.
Contents Preface ...................................................................................................................................................19 1 Enterprise Server Overview ...............................................................................................................23 Enterprise Server Overview and Concepts ....................................................................................... 23 Enterprise Server Overview .........................................
Contents Starting an Instance ..................................................................................................................... 35 Stopping an Instance ................................................................................................................... 35 Restarting an Instance ................................................................................................................. 35 Recreating the Domain Administration Server ....................................
Contents IBM Informix Type 4 Driver ...................................................................................................... 61 CloudScape 5.1 Type 4 Driver .................................................................................................... 61 4 Configuring Java Message Service Resources ................................................................................ 63 JMS Resources ...........................................................................................
Contents Managing Security Maps ............................................................................................................. 87 ▼ To Delete a Connector Connection Pool .................................................................................. 87 ▼ To Set Up EIS Access ................................................................................................................... 88 Managing Connector Resources .....................................................................
Contents Users ............................................................................................................................................ 105 Groups ......................................................................................................................................... 105 Roles ............................................................................................................................................ 106 Realms ............................................
Contents Actions of Request and Response Policy Configurations ...................................................... 134 Configuring Other Security Facilities ...................................................................................... 135 Configuring a JCE Provider ...................................................................................................... 135 Message Security Setup .......................................................................................................
Contents Viewing Deployed Web Services ............................................................................................. 156 Testing Web Services ................................................................................................................. 156 Web Services Security ................................................................................................................ 156 Using Web Services Registries ..................................................................
Contents Overview of Monitoring ........................................................................................................... 172 About the Tree Structure of Monitorable Objects ................................................................. 172 About Statistics for Monitored Components and Services ................................................... 175 Enabling and Disabling Monitoring ...............................................................................................
Contents C The asadmin Utility ............................................................................................................................231 The asadmin Utility ........................................................................................................................... 232 Common Options for Remote Commands ................................................................................... 234 The Multimode Command ..........................................................
Figures FIGURE 1–1 FIGURE 9–1 Enterprise Server Instance ........................................................................................ 29 Role Mapping ...........................................................................................................
Tables TABLE 1–1 TABLE 1–2 TABLE 6–1 TABLE 9–1 TABLE 10–1 TABLE 17–1 TABLE 18–1 TABLE 18–2 TABLE 18–3 TABLE 18–4 TABLE 18–5 TABLE 18–6 TABLE 18–7 TABLE 18–8 TABLE 18–9 TABLE 18–10 TABLE 18–11 TABLE 18–12 TABLE 18–13 TABLE 18–14 TABLE 18–15 TABLE 18–16 TABLE 18–17 TABLE 18–18 TABLE 18–19 TABLE 18–20 TABLE 18–21 TABLE 18–22 Features Available for Each Profile .......................................................................... 27 Enterprise Server Listeners that Use Ports ............................
Tables TABLE 18–23 TABLE 18–24 TABLE 18–25 TABLE 18–26 TABLE 18–27 TABLE 18–28 TABLE 18–29 TABLE 18–30 TABLE 18–31 TABLE 18–32 TABLE 18–33 TABLE C–1 TABLE C–2 TABLE C–3 TABLE C–4 TABLE C–5 TABLE C–6 TABLE C–7 TABLE C–8 TABLE C–9 TABLE C–10 TABLE C–11 TABLE C–12 TABLE C–13 TABLE C–14 TABLE C–15 TABLE C–16 TABLE C–17 TABLE C–18 TABLE C–19 TABLE C–20 TABLE C–21 TABLE C–22 TABLE C–23 TABLE C–24 TABLE C–25 16 JVM Statistics for Java SE - Thread Info ............................................................
Examples EXAMPLE 18–1 EXAMPLE 18–2 EXAMPLE 18–3 EXAMPLE 18–4 EXAMPLE 18–5 EXAMPLE 18–6 EXAMPLE 18–7 EXAMPLE 18–8 EXAMPLE C–1 Applications Node Tree Structure ......................................................................... 173 HTTP Service Schematic (DeveloperProfile Version) ........................................ 173 HTTP Service Schematic (Cluster and Enterprise Profile Version) .................. 174 Resources Schematic ........................................................................
Preface The Administration guide describes the administrative tasks of the Enterprise Server. This preface contains information about and conventions for the entire Sun GlassFishTM Enterprise Server documentation set. Sun GlassFish Enterprise Server Documentation Set TABLE P–1 Books in the Enterprise Server Documentation Set Book Title Description Documentation Center Enterprise Server documentation topics organized by task and subject.
Preface TABLE P–1 Books in the Enterprise Server Documentation Set (Continued) Book Title Description High Availability Administration Guide Setting up clusters, working with node agents, and using load balancers. Administration Reference Editing the Enterprise Server configuration file, domain.xml. Performance Tuning Guide Tuning the Enterprise Server to improve performance. Reference Manual Utility commands available with the Enterprise Server; written in man page style.
Preface Typographic Conventions The following table describes the typographic changes that are used in this book. TABLE P–3 Typographic Conventions Typeface Meaning Example AaBbCc123 The names of commands, files, and directories, and onscreen computer output Edit your .login file. Use ls -a to list all files. machine_name% you have mail.
Preface TABLE P–4 Symbol Conventions (Continued) Symbol Description Example Meaning → Indicates menu item selection in a graphical user interface. File → New → Templates From the File menu, choose New. From the New submenu, choose Templates. Documentation, Support, and Training The Sun web site provides information about the following additional resources: ■ ■ ■ Documentation (http://www.sun.com/documentation/) Support (http://www.sun.com/support/) Training (http://www.sun.
1 C H A P T E R 1 Enterprise Server Overview Sun GlassFish Enterprise Server administration includes many tasks such as deploying applications, creating and configuring domains, server instances and resources; controlling (starting and stopping) domains and server instances, managing profiles and clusters, monitoring and managing performance, and diagnosing and troubleshooting problems.
Enterprise Server Overview and Concepts Enterprise Server includes the Metro web services stack (http://metro.dev.java.net). Metro implements important WS-* standards and WS-I standardized interoperability profiles in order to assure interoperability between Java and .NET web services. Enterprise Server includes the implementation of Java Business Integration (JBI) specifications. JBI is a Java standard for structuring business systems according to a Service-Oriented Architecture (SOA).
Enterprise Server Overview and Concepts If your configuration includes remote server instances, create node agents to manage and facilitate remote server instances. It is the responsibility of the node agent to create, start, stop, and delete a server instance. Use the command line interface (CLI) commands to set up node agents. Command-line Interface (asadmin Utility) The asadmin utility is a command-line interface for the Sun GlassFish Enterprise Server.
Enterprise Server Concepts Enterprise Server Concepts The Enterprise Server consists of one or more domains. A domain is an administrative boundary or context. Each domain has an administration server (also called Domain Administration Server or DAS) associated with it and consists of zero or more standalone instances and/or clusters. Each cluster has one or more homogeneous server instances.
Enterprise Server Concepts carry out the requests. The DAS is sometimes referred to as the admin server or default server. It is referred to as the default server because it is the only server instance that gets created on Sun GlassFish Enterprise Server installation and can be used for deployments. The DAS is simply a server instance with additional administration capabilities. Each Admin Console session allows you to configure and manage a single domain.
Enterprise Server Concepts TABLE 1–1 Features Available for Each Profile (Continued) Feature Developer Profile Cluster Profile Enterprise Profile (not available with Sun GlassFish Communications Server) Security Manager Disabled Enabled Enabled HADB Not available Not available Available Load balancing Not available Available Available Node agents Not available Available Available Cluster A cluster is a named collection of server instances sharing the same set of applications, resourc
Enterprise Server Concepts Server Instance The server instance is a single Java EE compatible Java Virtual Machine hosting an Enterprise Server on a single node. Each server instance has a unique name in the domain. A clustered server instance is a member of a cluster and receives all of its applications, resources, and configuration from its parent cluster; ensuring that all instances in the cluster are homogeneous.
Enterprise Server Concepts names, IP Addresses, and some administration capabilities. For the users, it is almost as if they have their own web server, without the hardware and basic server maintenance. These virtual servers do not span application server instances. For more information about virtual servers, see Chapter 13, “Configuring the HTTP Service.” In operational deployments, for many purposes you can use virtual servers instead of multiple application server instances.
Basic Enterprise Server Commands Basic Enterprise Server Commands Administration of the Enterprise Server includes tasks such as creation, configuration, control and management of domains, clusters, node agents, and server instances.
Basic Enterprise Server Commands Caution – Do not create an enterprise domain unless you have HADB and the Network Security Services (NSS) keystore. You will not be able to start an enterprise domain unless you have HADB and NSS. For the preceding create-domain example, the domain’s log files, configuration files, and deployed applications now reside in the following directory: domain-root-dir/mydomain To create the domain’s directory in another location, specify the --domaindir option.
Basic Enterprise Server Commands Starting the Default Domain on Windows From the Windows Start Menu, select Programs -> Sun Microsystems -> Enterprise Server -> Start Admin Server. Stopping the Domain Stopping a domain shuts down its administration server and application server instance. When stopping a domain, the server instance stops accepting new connections and then waits for all outstanding connections to complete.
Basic Enterprise Server Commands For the full syntax, type asadmin help create-cluster. Starting a Cluster A cluster is started using the start-cluster command. The following example starts the cluster named mycluster. The command prompts for the administrative passwords. $ asadmin start-cluster --host myhost --port 1234 --user admin mycluster For the full syntax, type asadmin help start-cluster. Stopping a Cluster A cluster is stopped using the stop-cluster command.
Basic Enterprise Server Commands For the full syntax, type asadmin help start-node-agent. Stopping a Node Agent A node agent is stopped using the stop-node-agent command and specifying the node agent name. For example, to stop the node agent mynodeagent, type the following: $ asadmin stop-node-agent mynodeagent For the full syntax, type asadmin help stop-node-agent. Starting an Instance A server instance is started using the start-instance command.
Basic Enterprise Server Commands Recreating the Domain Administration Server For mirroring purposes, and to provide a working copy of the Domain Administration Server (DAS), you must have: ■ One machine (machine1) that contains the original DAS. ■ A second machine (machine2) that contains a cluster with server instances running applications and catering to clients. The cluster is configured using the DAS on the first machine.
Basic Enterprise Server Commands 4 Change domain-root-dir/domain1/generated/tmp directory permissions on the third machine to match the permissions of the same directory on first machine. The default permissions of this directory are: ?drwx------? (or 700). For example: chmod 700 domain-root-dir/domain1/generated/tmp The example above assumes you are backing up domain1. If you are backing up a domain by another name, you should replace domain1 above with the name of the domain being backed up.
2 C H A P T E R 2 Java Business Integration Java Business Integration (JBI) is an implementation of the JSR 208 specification (http://www.jcp.org/en/jsr/detail?id=208) for Java Business Integration, a standard developed under the Java Community Process (JCP) as an approach to implementing a service-oriented architecture (SOA). JBI defines an environment for plug-in components that interact using a services model based directly on Web Services Description Language (WSDL) 2.0.
JBI Environment Binding Components Binding Components are proxies for consumers or providers that are outside the JBI environment. Binding components typically are based on a standard communications protocol, such as FTP, JMS, or SMTP, or a call to an external service, such as SAP or WebSphere MQ. JBI components have the following lifecyle states: ■ ■ ■ Started Stopped Shutdown The JBI Runtime persists the life cycle states of JBI Components.
JBI Environment Note – The logging levels for JBI Components are often inherited from a parent logger such as the JBI logger. To view and set parent logging levels, in the Admin Console, select Common Tasks and then Application Server. Then, in the Enterprise Server panel, select Logging and then Log Levels. Look for the drop-down list for the JBI module to view and set the parent JBI logging level.
JBI Environment Shared Libraries A Shared Library provides Java classes that are not private to a single component and is typically shared by more than one JBI Component. For example, the Java EE Service Engine requires the WSDL Shared Library. You can do the following operations on Shared Libraries. For detailed steps, log on to the Admin Console, navigate to the JBI node, click Shared Libraries and then click Online Help. ■ ■ ■ ■ ■ View all Shared Libraries. Install Shared Libraries.
3 C H A P T E R 3 JDBC Resources This chapter explains how to configure JDBC resources, which are required by applications that access databases.
JDBC Connection Pools When creating a JDBC resource, you must identify: 1. The JNDI Name. By convention, the name begins with the jdbc/ string. For example: jdbc/payrolldb. Don’t forget the forward slash. 2. Select a connection pool to be associated with the new JDBC resource. 3. Specify the settings for the resource. 4. Identify the targets (clusters and standalone server instance) on which the resource is available.
Setting Up Database Access Behind the scenes, the application server retrieves a physical connection from the connection pool that corresponds to the database. The pool defines connection attributes such as the database name (URL), user name, and password. 3. Now that it is connected to the database, the application can read, modify, and add data to the database. The applications access the database by making calls to the JDBC API.
Working with JDBC Connection Pools Working with JDBC Connection Pools A JDBC connection pool is a group of reusable connections for a particular database. When creating the pool with the Admin Console, the Administrator is actually defining the aspects of a connection to a specific database. Before creating the pool, you must first install and integrate the JDBC driver. When building the Create Connection Pool pages, certain data specific to the JDBC driver and the database vendor must be entered.
Working with JDBC Connection Pools 9 Click OK. ▼ Creating a JDBC Connection Pool and JDBC Resource Using the CLI 1 Use the asadmin create-jdbc-connection-pool command to create a JDBC connection pool. Sample command to create a JDBC connection pool: asadmin create-jdbc-connection-pool --datasourceclassname oracle.jdbc.pool.OracleDataSource --restype javax.sql.
Working with JDBC Connection Pools Editing a JDBC Connection Pool The Edit JDBC Connection Pool page provides the means to change all of the settings for an existing pool except its name. 1. Change general settings. The values of the general settings depend on the specific JDBC driver that is installed. These settings are the names of classes or interfaces in the Java programming language.
Working with JDBC Connection Pools Optionally, the application server can validate connections before they are passed to applications. This validation allows the application server to automatically reestablish database connections if the database becomes unavailable due to network failure or database server crash. Validation of connections incurs additional overhead and slightly reduces performance. Parameter Description Connection Validation Select the Required checkbox to enable connection validation.
Working with JDBC Connection Pools Parameter Description Non-transactional Connections Click the check box if you want Application Server to return all non-transactional connections. Transaction Isolation Makes it possible to select the transaction isolation level for the connections of this pool. If left unspecified, the connections operate with default isolation levels provided by the JDBC driver. Guaranteed Isolation Level Only applicable if the isolation level has been specified.
Working with JDBC Connection Pools Attribute Description Validate Atmost Once Amount of time, in seconds, after which a connection is validated at most once. This will help reduce the number of validation requests by a connection. The default value 0 implies that connection validation is not enabled. Leak Timeout Amount of time, in seconds, to trace connection leaks in a connection pool. The default value 0 means that connection leak tracing is disabled.
Configurations for Specific JDBC Drivers Match Connections Use this option to switch on/off connection matching for the pool. It can be set to false if the administrator knows that the connections in the pool will always be homogeneous and hence a connection picked from the pool need not be matched by the resource adapter. Default value is false. Max Connection Usage Specify the number of times a connection should be reused by the pool.
Configurations for Specific JDBC Drivers Note – An Oracle database user running the capture-schema command needs ANALYZE ANY TABLE privileges if that user does not own the schema. These privileges are granted to the user by the database administrator. For information about capture-schema, see Sun GlassFish Enterprise Server 2.1 Reference Manual.
Configurations for Specific JDBC Drivers Sun GlassFish JDBC Driver for DB2 Databases The JAR files for this driver are smbase.jar, smdb2.jar, and smutil.jar. Configure the connection pool using the following settings: ■ Name: Use this name when you configure the JDBC resource later. ■ Resource Type: Specify the appropriate value. ■ Database Vendor: DB2 ■ DataSource Classname: com.sun.sql.jdbcx.db2.
Configurations for Specific JDBC Drivers Sun GlassFish JDBC Driver for Microsoft SQL Server Databases The JAR files for this driver are smbase.jar, smsqlserver.jar, and smutil.jar. Configure the connection pool using the following settings: ■ Name: Use this name when you configure the JDBC resource later. ■ Resource Type: Specify the appropriate value. ■ Database Vendor: mssql ■ DataSource Classname: com.sun.sql.jdbcx.sqlserver.
Configurations for Specific JDBC Drivers IBM DB2 8.1 Type 2 Driver The JAR files for the DB2 driver are db2jcc.jar, db2jcc_license_cu.jar, and db2java.zip. Set environment variables as follows: LD_LIBRARY_PATH=/usr/db2user/sqllib/lib:${Java EE.home}/lib DB2DIR=/opt/IBM/db2/V8.1 DB2INSTANCE=db2user INSTHOME=/usr/db2user VWSPATH=/usr/db2user/sqllib THREADS_FLAG=native Configure the connection pool using the following settings: ■ Name: Use this name when you configure the JDBC resource later.
Configurations for Specific JDBC Drivers ■ password - Set as appropriate. ■ databaseName - Set as appropriate. Do not specify the complete URL, only the database name. ■ BE_AS_JDBC_COMPLIANT_AS_POSSIBLE - Set to true. ■ FAKE_METADATA - Set to true. MySQL Type 4 Driver The JAR file for the MySQL driver is mysql-connector-java-version-bin-g.jar, for example, mysql-connector-java-5.0.5-bin-g.jar.
Configurations for Specific JDBC Drivers ■ DataSource Classname: com.inet.ora.OraDataSource ■ Properties: ■ user - Specify the database user. ■ password - Specify the database password. ■ serviceName - Specify the URL of the database.
Configurations for Specific JDBC Drivers ■ password - Set as appropriate. Inet Sybelux JDBC Driver for Sybase Databases The JAR file for the Inet Sybase driver is Sybelux.jar. Configure the connection pool using the following settings: ■ Name: Use this name when you configure the JDBC resource later. ■ Resource Type: Specify the appropriate value. ■ Database Vendor: Sybase ■ DataSource Classname: com.inet.syb.
Configurations for Specific JDBC Drivers For example: jdbc:oracle:thin:@localhost:1521:customer_db ■ xa-driver-does-not-support-non-tx-operations - Set to the value true. Optional: only needed if both non-XA and XA connections are retrieved from the same connection pool. Might degrade performance. As an alternative to setting this property, you can create two connection pools, one for non-XA connections and one for XA connections.
Configurations for Specific JDBC Drivers ■ xa-driver-does-not-support-non-tx-operations - Set to the value true. Optional: only needed if both non-XA and XA connections are retrieved from the same connection pool. Might degrade performance. As an alternative to setting this property, you can create two connection pools, one for non-XA connections and one for XA connections.
4 C H A P T E R 4 Configuring Java Message Service Resources The Enterprise Server implements the Java Message Service (JMS) API by integrating the Message Queue software into the Enterprise Server. For basic JMS API administration tasks, use the Enterprise Server Admin Console. For advanced tasks, including administering a Message Queue cluster, use the tools provided in the MQ-as-install/imq/bin directory. For details about administering Message Queue, see the Message Queue Administration Guide.
The Relationship Between JMS Resources and Connector Resources ■ TopicConnectionFactory objects, used for publish-subscribe communication ■ ConnectionFactory objects, which can be used for both point-to-point and publish-subscribe communications; these are recommended for new applications There are two kinds of destinations: ■ ■ Queue objects, used for point-to-point communication Topic objects, used for publish-subscribe communication The chapters on JMS in the Java EE 5 Tutorial provide details on
JMS Physical Destinations JMS Connection Factories JMS connection factories are objects that allow an application to create other JMS objects programmatically. These administered objects implement the ConnectionFactory, QueueConnectionFactory, and TopicConnectionFactory interfaces. Using the Enterprise Server Admin Console, you can create, edit, or delete a JMS Connection Factory. The creation of a new JMS connection factory also creates a connector connection pool for the factory and a connector resource.
Configuring JMS Provider Properties To create a physical destination from the Admin Console, select Configuration >Physical Destinations. In the Create Physical Destinations page, specify a name for the physical destination and choose the type of destination, which can be topic or queue. For more details about the fields and properties in the Physical Destinations page, refer the Admin Console Online Help. For production purposes, always create physical destinations.
Foreign JMS Providers ■ In the MQ Scheme and MQ Service fields, type the Message Queue address scheme name and the Message Queue connection service name if a non-default scheme or service is to be used. Values of all these properties can be updated at run time too. However, only those connection factories that are created after the properties are updated, will get the updated values. The existing connection factories will continue to have the original property values.
Foreign JMS Providers Configuring the Generic Resource Adapter Prior to deploying the resource adapter, JMS client libraries should be made available to the Enterprise Server. For some JMS providers, client libraries may also include native libraries. In such cases, these native libraries should also be made available to the JVM(s). 1. Deploy the generic resource adapter the same way you would deploy a connector module. 2. Create a connector connection pool. 3. Create a connector resource. 4.
Foreign JMS Providers Property Name Valid Values TopicConnectionFactory Name of the class available ClassName in the application server classpath , for example: Default Value Description None Class name of javax.jms.TopicConnectionFactory implementation of the JMS client. Used if ProviderIntegrationMode is specified as javabean. None Class name of javax.jms.ConnectionFactory implementation of the JMS client. Used if ProviderIntegrationMode is specified as javabean. None Class name of javax.jms.
Foreign JMS Providers 70 Property Name Valid Values Default Value Description JndiProperties Name value pairs separated by comma None Specifies the JNDI provider properties to be used for connecting to the JMS provider's JNDI. Used only if ProviderIntegrationMode is jndi. CommonSetter MethodName Method name None Specifies the common setter method name that some JMS vendors use to set the properties on their administered objects. Used only if ProviderIntegrationMode is javabean.
Foreign JMS Providers Property Name Valid Values Default Value RMPolicy ProviderManaged or Provider OnePerPhysicalConnection Managed Description The isSameRM method on an XAResource is used by the Transaction Manager to determine if the Resource Manager instance represented by two XAResources are the same.
Foreign JMS Providers Property Name Valid Value Default Value Description ClientId A valid client ID None ClientID as specified by JMS 1.1 specification. ConnectionFactory JndiName JNDI Name None JNDI name of the connection factory bound in the JNDI tree of the JMS provider. The administrator should provide all connection factory properties (except clientID) in the JMS provider itself. This property name will be used only if ProviderIntegratinMode is jndi.
Foreign JMS Providers Property Name Valid Value Default Value Description MaxPoolSize An integer 8 Maximum size of server session pool internally created by the resource adapter for achieving concurrent message delivery. This should be equal to the maximum pool size of MDB objects. MaxWaitTime An integer 3 The resource adapter will wait for the time in seconds specified by this property to obtain a server session from its internal pool. If this limit is exceeded, message delivery will fail.
Foreign JMS Providers 74 Property Name Valid Value Default Value RedeliveryAttempts integer Number of times a message will be delivered if a message causes a runtime exception in the MDB. RedeliveryInterval time in seconds Interval between repeated deliveries, if a message causes a runtime exception in the MDB. SendBadMessages ToDMD true/false False Indicates whether the resource adapter should send the messages to a dead message destination, if the number of delivery attempts is exceeded.
5 C H A P T E R 5 Configuring JavaMail Resources The Enterprise Server includes the JavaMail API. The JavaMail API is a set of abstract APIs that model a mail system. The API provides a platform-independent and protocol-independent framework to build mail and messaging applications. The JavaMail API provides facilities for reading and sending electronic messages. Service providers implement particular protocols. Using the JavaMail API you can add email capabilities to your applications.
Creating a JavaMail Session To create a JavaMail session using the Admin Console, select Resources —> JavaMail Sessions. Specify the JavaMail settings as follows: ■ JNDI Name: The unique name for the mail session. Use the naming sub-context prefix mail/ for JavaMail resources. For example: mail/MySession. ■ Mail Host: The host name of the default mail server. The connect methods of the Store and Transport objects use this value if a protocol-specific host property is not supplied.
6 C H A P T E R 6 JNDI Resources The Java Naming and Directory Interface (JNDI) is an application programming interface (API) for accessing different kinds of naming and directory services. Java EE components locate objects by invoking the JNDI lookup method. JNDI is the acronym for the Java Naming and Directory Interface API. By making calls to this API, applications locate resources and other program objects.
Naming References and Binding Information application component's environment allows the application component to be customized without the need to access or change the application component's source code. A Java EE container implements the application component's environment, and provides it to the application component instance as a JNDI naming context.
Using External JNDI Repositories and Resources TABLE 6–1 JNDI Lookups and Their Associated References JNDI Lookup Name Associated Reference java:comp/env Application environment entries java:comp/env/jdbc JDBC DataSource resource manager connection factories java:comp/env/ejb EJB References java:comp/UserTransaction UserTransaction references java:comp/env/mail JavaMail Session Connection Factories java:comp/env/url URL Connection Factories java:comp/env/jms JMS Connection Factories and De
Using External JNDI Repositories and Resources -- and jndi-lookup-name refers to the JNDI name to lookup to fetch the -- designated (in this case the java) object. --> PAGE 817 C H A P T E R 7 Connector Resources This chapter explains how to configure connectors, which are used to access enterprise information systems (EISs).
Managing Connector Connection Pools Managing Connector Connection Pools ■ ■ ■ ■ ▼ Before You Begin “To Create a Connector Connection Pool” on page 82 “To Edit a Connector Connection Pool” on page 83 “To Edit Connector Connection Pool Advanced Attributes” on page 85 “To Edit Connection Pool Properties” on page 87 To Create a Connector Connection Pool Before creating the pool, deploy the connector module (resource adapter) associated with the pool.
Managing Connector Connection Pools c. In the Additional Properties table, add any required properties. In the previous Create Connector Connection Pool page, you selected a class in the Connection Definition combo box. If this class is in the server’s classpath, then the Additional Properties table displays default properties. 6 More Information Click Finish.
Managing Connector Connection Pools 84 On Any Failure If you select the checkbox labelled Close All Connections, if a single connection fails, then the application server will close all connections in the pool and then reestablish them. If you do not select the checkbox, then individual connections will be reestablished only when they are used. Transaction Support Use the Transaction Support list to select the type of transaction support for the connection pool.
Managing Connector Connection Pools More Information Using the asadmin commands to change connection pool properties. You can use the asadmin get and set commands to view and change the values of the connection pool properties. To list all the connector connection pools in the server: asadmin list domain.resources.connector-connection-pool.* To view the properties of the connector connection pool, you can use the following command: asadmin get domain.resources.connector-connection-pool.conectionpoolname.
Managing Connector Connection Pools Lazy Association Connections are lazily associated when an operation is performed on them. Also, they are disassociated when the transaction is completed and a component method ends, which helps reuse of the physical connections. Default value is false. Lazy Connection Enlistment Enable this option to enlist a resource to the transaction only when it is actually used in a method.
Managing Connector Connection Pools ▼ To Edit Connection Pool Properties 1 Use the Additional Properties tab to modify the properties of an existing pool. The properties specified depend on the resource adapter used by this pool. The name-value pairs specified by the deployer using this table can be used to override the default values for the properties defined by the resource-adapter vendor. 2 Click Save for the changes to take effect.
Managing Connector Resources More Information Equivalent asadmin command delete-connector-connection-pool ▼ To Set Up EIS Access 1 Deploy (install) a connector. 2 Create a connection pool for the connector. 3 Create a connector resource that is associated with the connection pool.
Managing Connector Resources d. Do one of the following: 5 More Information ■ If you are using the cluster profile, you will see the Targets section of the page. in the Targets section of the page, select the domain, cluster, or server instances where the connector resource will reside, from the Available field and click Add. If you do not want to deploy the connector resource to one of the domains, clusters, or server instances listed in the Selected field, select it from the field and click Remove.
Managing Administered Object Resources 3 On the Connector Resources page, select the checkbox for the resource to be deleted. 4 Click Delete. More Information Equivalent asadmin command delete-connector-resource ▼ To Configure the Connector Service Use the Connector Service screen to configure the connector container for all resource adapters deployed to this cluster or server instance. 1 Select Configurations from the tree.
Managing Administered Object Resources To create, edit, and delete Connector Connection Pools, click Resources —> Administered Object Resources in the Admin Console. Consult the Admin Console Online Help for detailed instructions on managing connector connection pools.
Managing Administered Object Resources g. Click Finish. More Information Equivalent asadmin command create-admin-object ▼ To Edit an Administered Object Resource 1 In the tree component, expand the Resource node and then the Connectors node. 2 Expand the Administered Object Resources node. 3 Select the node for the administered object resource to be edited. 4 On the Edit Administered Object Resources page, modify values specified in Creating an Administered Object Resource.
8 C H A P T E R 8 Web and EJB Containers Containers provide runtime support for application components. Application components use the protocols and methods of the container to access other application components and services provided by the server. The Enterprise Server provides an application client container, an applet container, a Web container, and an EJB container. For a diagram that shows the containers, see the section “Enterprise Server Overview” on page 23.
The SIP Servlet Container Editing the Properties of the SIP Container The sub-elements of the SIP container are session-managerand session-properties. store-properties, manager-properties are sub-elements of session-manager. For a complete list of SIP container properties, see TBDlink. To change the properties of the SIP container using the Admin Console, select the Configuration node, select the configuration name, and the SIP Container node.
The EJB Container Editing SIP Container Session Manager Properties To view the sub-elements of the SIP container session manager properties, use the following command: list server.sip-container.session-config.session-manager.* The two sub-elements are store-properties, manager-properties. To view the attributes of store-properties, use the following command: get server.sip-container.session-config.session-manager.store-properties.
9 C H A P T E R 9 Configuring Security Security is about protecting data: how to prevent unauthorized access or damage to it in storage or transit. The Enterprise Server; has a dynamic, extensible security architecture based on the Java EE standard. Built in security features include cryptography, authentication and authorization, and public key infrastructure.
Tools for Managing Security ■ In declarative security, the container (the Enterprise Server) handles security through an application's deployment descriptors. You can control declarative security by editing deployment descriptors directly or with a tool such as deploytool. Because deployment descriptors can change after an application is developed, declarative security allows for more flexibility.
Managing Security of Passwords For more information on using certutil, pk12util, and other NSS security tools, see NSS Security Tools at http://www.mozilla.org/projects/security/pki/nss/tools. Managing Security of Passwords In the Enterprise Server, the file domain.xml, which contains the specifications for a particular domain, initially contains the password of the Message Queue broker in clear text. The element in the domain.
Managing Security of Passwords Note – Enclose the alias password in single quotes as shown in the example. 3. Restart the Enterprise Server for the relevant domain. Protecting Files with Encoded Passwords Some files contain encoded passwords that need protecting using file system permissions. These files include the following: ■ domain-dir/master-password This file contains the encoded master password and should be protected with file system permissions 600.
Managing Security of Passwords Caution – At this point in time, server instances that are running must not be started and running server instances must not be restarted until the SMP on their corresponding node agent has been changed. If a server instance is restarted before changing its SMP, it will fail to come up. 3. Stop each node agent and its related servers one at a time. Run the asadmin change-master-password command again, and then restart the node agent and its related servers. 4.
About Authentication and Authorization About Authentication and Authorization Authentication and authorization are central concepts of application server security.
About Authentication and Authorization TABLE 9–1 DIGEST Enterprise Server Authentication Methods (Continued) HTTP and SIP Server authenticates the client based SSL and TLS on an encrypted response. Verifying Single Sign-On Single sign-on enables multiple applications in one virtual server instance to share the user authentication state. With single sign-on, a user who logs in to one application becomes implicitly logged in to other applications that require the same authentication information.
Understanding Users, Groups, Roles, and Realms Configuring Message Security Message Security enables a server to perform end-to-end authentication of web service invocations and responses at the message layer. The Enterprise Server implements message security using message security providers on the SOAP layer. The message security providers provide information such as the type of authentication that is required for the request and response messages.
Understanding Users, Groups, Roles, and Realms Note – Users and groups are designated for the entire Enterprise Server, whereas each application defines its own roles. When the application is being packaged and deployed, the application specifies mappings between users/groups and roles, as illustrated in the following figure. FIGURE 9–1 Role Mapping Users A user is an individual (or application program) identity that has been defined in the Enterprise Server. A user can be associated with a group.
Understanding Users, Groups, Roles, and Realms Roles A role defines which applications and what parts of each application users can access and what they can do. In other words, roles determine users' authorization levels. For example, in a personnel application all employees might have access to phone numbers and email addresses, but only managers would have access to salary information.
Understanding Users, Groups, Roles, and Realms In the JDBC realm, the server gets user credentials from a database. The Enterprise Server uses the database information and the enabled JDBC realm option in the configuration file. For digest authentication, a JDBC realm should be created with jdbcDigestRealm as the JAAS context. In the solaris realm the server gets user credentials from the Solaris operating system. This realm is supported on the Solaris 9 OS and later.
Introduction to Certificates and SSL 5 Assign a security role to users in the realm. To assign a security role to a user, add a security-role-mapping element to the deployment descriptor that you modified in Step 4. The following example shows a security-role-mapping element that assigns the security role Employee to user Calvin.
Introduction to Certificates and SSL Most importantly, a certificate binds the owner's public key to the owner's identity. Like a passport binds a photograph to personal information about its holder, a certificate binds a public key to information about its owner. In addition to the public key, a certificate typically includes information such as: ■ The name of the holder and other identification, such as the URL of the Web server using the certificate, or an individual's email address.
Introduction to Certificates and SSL When a Web browser (client) wants to connect to a secure site, an SSL handshake happens: ■ The browser sends a message over the network requesting a secure session (typically, by requesting a URL that begins with https instead of http). ■ The server responds by sending its certificate (including its public key). ■ The browser verifies that the server's certificate is valid and is signed by a CA whose certificate is in the browser's database (and who is trusted).
About Certificate Files If all virtual hosts on a single IP address need to authenticate against the same certificate, the addition of multiple virtual hosts probably will not interfere with normal SSL operations on the server. Be aware, however, that most browsers will compare the server's domain name against the domain name listed in the certificate, if any (applicable primarily to official, CA-signed certificates). If the domain names do not match, these browsers display a warning.
Using Java Secure Socket Extension (JSSE) Tools In the Developer Profile, on the server side, the Enterprise Server uses the JSSE format, which uses keytool to manage certificates and key stores. In the Clusters and Enterprise Profile, on the server side, the Enterprise Server uses NSS, which uses certutil to manage the NSS database which stores private keys and certificates. In both profiles, the client side (appclient or stand-alone), uses the JSSE format.
Using Java Secure Socket Extension (JSSE) Tools ■ Create a self-signed certificate in a keystore of type JKS using an RSA key algorithm. RSA is public-key encryption technology developed by RSA Data Security, Inc. The acronym stands for Rivest, Shamir, and Adelman, the inventors of the technology. keytool -genkey -noprompt -trustcacerts -keyalg RSA -alias ${cert.alias} -dname ${dn.name} -keypass ${key.pass} -keystore ${keystore.file} -storepass ${keystore.
Using Java Secure Socket Extension (JSSE) Tools keytool -delete -noprompt -alias ${cert.alias} -keystore ${keystore.file} -storepass ${keystore.pass} Another example of deleting a certificate from a keystore is shown in “Deleting a Certificate Using the keytool Utility” on page 115 Generating a Certificate Using the keytool Utility Use keytool to generate, import, and export certificates. By default, keytool creates a keystore file in the directory where it is run. 1.
Using Java Secure Socket Extension (JSSE) Tools 6. If you have changed the keystore or private key password from their default, then substitute the new password for changeit in the above command. The tool displays information about the certificate and prompts whether you want to trust the certificate. 7. Type yes, then press Enter. Then keytool displays something like this: Certificate was added to keystore [Saving cacerts.jks] 8. Restart the Enterprise Server.
Using Network Security Services (NSS) Tools keytool -delete -alias keyAlias -keystore keystore-name -storepass password Using Network Security Services (NSS) Tools In the Clusters and Enterprise Profile, use Network Security Services (NSS) digital certificates on the server-side to manage the database that stores private keys and certificates. For the client side (appclient or stand-alone), use the JSSE format as discussed in “Using Java Secure Socket Extension (JSSE) Tools” on page 112.
Using Network Security Services (NSS) Tools Using the certutil Utility Before running certutil, make sure that LD_LIBRARY_PATH points to the location of the libraries required for this utility to run. This location can be identified from the value of AS_NSS_LIB in asenv.conf (product wide configuration file). The certificate database tool, certutil, is an NSS command-line utility that can create and modify the Netscape Communicator cert8.db and key3.db database files.
Using Network Security Services (NSS) Tools ■ Import an RFC text-formatted certificate into an NSS certificate database. certutil -A -a -n ${cert.nickname} -t ${cert.trust.options} -f ${pass.file} -i ${cert.rfc.file} -d ${admin.domain.dir}/${admin.domain}/config ■ Export a certificate from an NSS certificate database in RFC format. certutil -L -a -n ${cert.nickname} -f ${pass.file} -d ${admin.domain.dir}/${admin.domain}/config > cert.rfc ■ Delete a certificate from an NSS certificate database.
Using Network Security Services (NSS) Tools pk12util -o -n ${cert.nickname} -h ${token.name} -k ${pass.file} -w ${cert.pass.file} -d ${admin.domain.dir}/${admin.domain}/config ■ Convert a PKCS12 certificate into JKS format (requires a Java source): <target name="convert-pkcs12-to-jks" depends="init-common"> <delete file="${jks.file}" failonerror="false"/> <java classname="com.sun.enterprise.security.KeyTool"> <arg line="-pkcs12"/> <arg line="-pkcsFile ${pkcs12.
Using Hardware Crypto Accelerator With Enterprise Server Using Hardware Crypto Accelerator With Enterprise Server You can use hardware accelerator tokens to improve the cryptographic performance and to furnish a secure key storage facility. Additionally, you can provide end users with mobile secure key storage through smart cards.
Using Hardware Crypto Accelerator With Enterprise Server For the Microsoft Windows environment, add the location of NSS libraries AS_NSS and the NSS tools directory, AS_NSS_BIN to the PATH environment variable. For simplicity, the procedures described in this section use UNIX commands only. You should replace the UNIX variables with the Windows variables, where appropriate.
Using Hardware Crypto Accelerator With Enterprise Server Using database directory /var/opt/SUNWappserver/domains/domain1/config ... Listing of PKCS#11 Modules ----------------------------------------------------------1. NSS Internal PKCS#11 Module slots: 2 slots attached status: loaded slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services slot: NSS User Private Key and Certificate Services token: NSS Certificate DB 2.
Using Hardware Crypto Accelerator With Enterprise Server Listing Keys and Certificates ■ To list the keys and certificates in the configured PKCS#11 tokens, run the following command: certutil -L -d AS_NSS_DB [-h tokenname] For example, to list the contents of the default NSS soft token, type: certutil -L -d AS_NSS_DB The standard output will be similar to the following: verisignc1g1 verisignc1g2 verisignc1g3 verisignc2g3 verisignsecureserver verisignc2g1 verisignc2g2 verisignc3g1 verisignc3g2 verisignc
Using Hardware Crypto Accelerator With Enterprise Server Working With Private Keys and Certificates Use certutil to create self-signed certificates and to import or export certificates. To import or export private keys, use the pk12util utility. For more details, see “Using Network Security Services (NSS) Tools” on page 116 Caution – In Enterprise Server, do not modify the NSS password directly with the NSS tools certutil and modutil. If you do so, security data in Enterprise Server might be corrupted.
Using Hardware Crypto Accelerator With Enterprise Server To create a custom configuration file: 1. Create a configuration file called as-install/mypkcs11.cfg with the following code and save the file. name=HW1000 library=/opt/SUNWconn/crypto/lib/libpkcs11.so slotListIndex=0 disabledMechanisms = { CKM_RSA_PKCS CKM_RSA_PKCS_KEY_PAIR_GEN } omitInitialize=true 2. Update the NSS database, if necessary. In this case, update the NSS database so that it will disable RSA.
10 C H A P T E R 1 0 Configuring Message Security Some of the material in this chapter assumes a basic understanding of security and web services concepts. This chapter describes the configuration of message layer security for web services in the Enterprise Server.
Understanding Message Security in the Enterprise Server Understanding Message Security in the Enterprise Server The Enterprise Server offers integrated support for the WS-Security standard in its web services client and server-side containers.
Understanding Message Security in the Enterprise Server Application Deployer The application deployer is responsible for: ■ Specifying (at application assembly) any required application-specific message protection policies if such policies have not already been specified by upstream roles (the developer or assembler).
Understanding Message Security in the Enterprise Server About Digital Signatures The Enterprise Server uses XML Digital signatures to bind an authentication identity to message content. Clients use digital signatures to establish their caller identity, analogous to the way basic authentication or SSL client certificate authentication have been used to do the same thing when transport layer security is being used.
Understanding Message Security in the Enterprise Server Glossary of Message Security Terminology The terminology used in this document is described below. The concepts are also discussed in “Configuring the Enterprise Server for Message Security” on page 133. ■ Authentication Layer The authentication layer is the message layer on which authentication processing must be performed. The Enterprise Server enforces web services message security at the SOAP layer.
Securing a Web Service The response policy defines the authentication policy requirements associated with response processing performed by the authentication provider. Policies are expressed in message sender order such that a requirement that encryption occur after content would mean that the message receiver would expect to decrypt the message before validating the signature.
Configuring the Enterprise Server for Message Security Configuring Application-Specific Web Services Security Application-specific web services security functionality is configured (at application assembly) by defining message-security-binding elements in the Sun-specific deployment descriptors of the application.
Configuring the Enterprise Server for Message Security Actions of Request and Response Policy Configurations The following table shows message protection policy configurations and the resulting message security operations performed by the WS-Security SOAP message security providers for that configuration.
Configuring the Enterprise Server for Message Security TABLE 10–1 Message protection policy to WS-Security SOAP message security operation mapping (Continued) Message Protection Policy Resulting WS-Security SOAP message protection operations auth-recipient="before-content" The content of the SOAP message Body is encrypted and replaced with the resulting xend:EncryptedData. The message contains a wsse:Security header that contains an xenc:EncryptedKey.
Configuring the Enterprise Server for Message Security If you are running the Enterprise Server on version 1.5 of the Java SDK, the JCE provider is already configured properly. If you are running the Enterprise Server on version 1.4.x of the Java SDK, you can add a JCE provider statically as part of your JDK environment, as follows. 1. Download and install a JCE provider JAR (Java ARchive) file. The following URL provides a list of JCE providers that support RSA encryption: http://java.sun.
Message Security Setup 6. Restart the Enterprise Server. Message Security Setup Most of the steps for setting up the Enterprise Server for using message security can be accomplished using the Admin Console, the asadmin command-line tool, or by manually editing system files.
Message Security Setup ■ To specify the default server provider: asadmin set --user admin-user --port admin-port server-config.security-service.message-security-config.SOAP. default_provider=ServerProvider ■ To specify the default client provider: asadmin set --user admin-user --port admin-port server-config.security-service.message-security-config.SOAP.
Message Security Setup Creating a Message Security Provider To configure an existing provider using the Admin Console, select Configuration node > the instance to Configure> Security node > Message Security node > SOAP node > Providers tab. For more detailed instructions on creating a message security provider, see the Admin Console online help.
Message Security Setup PAGE 14111 C H A P T E R 1 1 Configuring the Diagnostic Service The Diagnostic Service provides more visibility into and control of the runtime performance of a server and its applications, allowing you to diagnose and isolate faults as they occur.
Diagnostic Service Framework Installation specific details are collected only for file-based installations. ■ Capture System Information: The following system information is collected by default: ■ ■ ■ Network Settings OS details Hardware information Data collected using native code is not available on the Platform Edition of Application Server. ■ Capture Application Deployment Descriptor: Deployment descriptors such as ejb-jar.xml, sun-ejb-jar.xml, web.xml, sun-web.xml, and sun-sip.
12 C H A P T E R 1 2 Transactions By enclosing one or more steps in an indivisible unit of work, a transaction ensures data integrity and consistency.
About Transactions See Also: ■ ■ “Transactions in Java EE Technology” on page 144 “Configuring Transactions” on page 145 Transactions in Java EE Technology Transaction processing involves the following five participants: ■ ■ ■ ■ ■ Transaction Manager Enterprise Server Resource Manager(s) Resource Adapter(s) User Application.
Admin Console Tasks for Transactions Workarounds for Specific Databases The Enterprise Server provides workarounds for some known issues with the recovery implementations of the following JDBC drivers. These workarounds are used unless explicitly disabled. ■ Oracle thin driver - The XAResource.recover method repeatedly returns the same set of in-doubt Xids regardless of the input flag.
Admin Console Tasks for Transactions When the transaction spans across servers, the server that started the transaction can contact the other servers to get the outcome of the transactions. If the other servers are unreachable, the transaction uses the Heuristic Decision field to determine the outcome. 1 In the tree component select the Configurations node. 2 Select the instance to configure: ■ To configure a particular instance, select the instance’s config node.
Admin Console Tasks for Transactions 2 Select the instance to configure: ■ To configure a particular instance, select the instance’s config node. For example, the default instance, server, select the server-config node. ■ To configure the default settings for all instances, select the default-config node. 3 Select the Transaction Service node. 4 Enter the number of seconds before the transaction times out, in the Transaction Timeout field. The default value of Transaction Timeout is 0 seconds.
Admin Console Tasks for Transactions 6 Restart the Enterprise Server. ▼ To set the keypoint interval Keypoint operations compress the transaction log file. The keypoint interval is the number of transactions between keypoint operations on the log. Keypoint operations can reduce the size of the transaction log files. A larger number of keypoint intervals (for example, 2048) results in larger transaction log files, but fewer keypoint operations, and potentially better performance.
13 C H A P T E R 1 3 Configuring the HTTP Service The HTTP service is the component of the Enterprise Server that provides facilities for deploying web applications and for making deployed web applications accessible by HTTP clients. These facilities are provided by means of two kinds of related objects, virtual servers and HTTP listeners.
HTTP Listeners http://www.aaa.com:8080/web1 http://www.bbb.com:8080/web2 http://www.ccc.com:8080/web3 The first URL is mapped to virtual host www.aaa.com, the second URL is mapped to virtual host www.bbb.com, and the third is mapped to virtual host www.ccc.com. On the other hand, the following URL results in a 404 return code, because web3 isn’t registered with www.bbb.com: http://www.bbb.com:8080/web3 For this mapping to work, make sure that www.aaa.com, www.bbb.com, and www.ccc.
HTTP Listeners However, if an HTTP listener uses the 0.0.0.0 IP address, which listens on all IP addresses on a port, you cannot create HTTP listeners for additional IP addresses that listen on the same port for a specific IP address. For example, if an HTTP listener uses 0.0.0.0:8080 (all IP addresses on port 8080), another HTTP listener cannot use 1.2.3.4:8080. Because the system running the Enterprise Server typically has access to only one IP address, HTTP listeners typically use the 0.0.0.
HTTP Listeners The Keep-Alive subsystem periodically polls such idle connections and queues those connections with activity into the connection queue for future processing. From there, a request processing thread again retrieves the connection and processes its request. The Keep-Alive subsystem is multi-threaded, as it manages potentially tens of thousands of connections.
14 C H A P T E R 1 4 Managing Web Services This chapter describes web services management with Enterprise Server. Admin Console and the asadmin tool enable you deploy, test, and manage web services. You can quickly visualize, understand, monitor, and manage complex web services. You can see all web services deployed in a domain just as you see Java EE applications and application components such as EJBs. You can also: ■ Track and graph response times and invocation counts for web services in real time.
Overview of Web Services simple, flexible, text-based markup language. XML data is marked using tags enclosed in angled brackets. The tags contain the meaning of the data they mark. Such markup allows different systems to easily exchange data with each other. A Document Type Definition (DTD) or XML Schema Definition (XSD) describes the structure of an XML document. It has information on the tags the corresponding XML document can have, the order of those tags, and so forth.
Deploying and Testing Web Services service endpoints, along with corresponding WSDL descriptions, and clients. A JAX-RPC based web service can interact with clients that are not based on Java. Similarly, a JAX-RPC based client can interact with a non-Java-based web service implementation. Java API for XML registries (JAXR), a Java API for accessing business registries, has a flexible architecture that supports UDDI, and other registry specifications (such as ebXML).
Using Web Services Registries Viewing Deployed Web Services To test a web service with Admin Console, select Applications > Web Services > web-service-name | General. Admin Console displays t the attributes of the web service: ■ Name: the name of the web service. ■ Endpoint Address URI: the URI of the web service endpoint. ■ Application: Click on the link to display the properties of the web application or enterprise application.
Using Web Services Registries Adding a Registry Add or remove a web services registry with Admin Console at Application Server > Web Services | Registry. Use this page to create a Registry Access Point (RAP). When you add a registry, specify the following paramters: ■ JNDI Name: the connection resource pool (JNDI) name of the registry. The JNDI Name of this connector resource is the JNDI Name of the registry. ■ Choose the type of the registry to add: UDDI 3.0 or ebXML.
Transforming Messages with XSLT Filters Transforming Messages with XSLT Filters You can apply XSLT transformation rules to a web service end point. This enables fine-grained control of web service requests and responses. You can apply multiple XSLT rules to a web service end point method, and you can configure the order in which you apply the transformations. All the XSLT files are stored in the generated/xml/appOrModule directory of the central repository.
Monitoring Web Services ■ OFF- Disables monitoring. Enter a value for the Message History. The default is 25. Click the Reset button to clear all statistics and the running averages are restarted. Viewing Web Service Statistics Enterprise Server provides capabilities to track and graphically display the operational statistics of a web service. View monitoring statistics at Applications > Web Services > web-service-name | Monitor | Statistics.
15 C H A P T E R 1 5 Configuring the Object Request Broker This chapter describes how to configure the Object Request Broker (ORB) and IIOP listeners.
Configuring the ORB What is the ORB? The Object Request Broker (ORB) is the central component of CORBA. The ORB provides the required infrastructure to identify and locate objects, handle connection management, deliver data, and request communication. A CORBA object never talks directly with another. Instead, the object makes requests through a remote stub to the ORB running on the local machine.
16 C H A P T E R 1 6 Thread Pools The Java Virtual Machine (JVM) can support many threads of execution at once. To help performance, the Enterprise Server maintains one or more thread pools. It is possible to assign specific thread pools to connector modules and to the ORB. One thread pool can serve multiple connector modules and enterprise beans. Request threads handle user requests for application components.
Working with Thread Pools Working with Thread Pools To create a thread pool using the Admin Console, go to Configuration > Thread Pools > Current Pools > New. ■ Enter the name of the thread pool in the Thread Pool ID field. ■ Enter the minimum number of threads in the thread pool servicing requests in this queue in the Minimum Thread Pool Size field. These threads are created up front when this thread pool is instantiated.
17 C H A P T E R 1 7 Configuring Logging This chapter briefly describes how to configure logging and view the server log. It contains the following sections: ■ ■ “About Logging” on page 165 “Configuring Logging” on page 168 About Logging ■ ■ “Log Records” on page 165 “The Logger Namespace Hierarchy” on page 166 Log Records The Enterprise Server uses the Java EE platform Logging API specified in JSR 047.
About Logging [#|2006-10-21T13:25:53.852-0400|INFO|sun-appserver9.1|javax.enterprise. system.core|_ThreadID=13;|CORE5004: Resource Deployed: [cr:jms/DurableConnectionFactory].|#] In this example, ■ [# and #] mark the beginning and end of the record. ■ The vertical bar (|) separates the record fields. ■ 2006-10-21T13:25:53.852-0400 specifies the date and time. ■ The Log Level is INFO. This level may have any of the following values: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, and FINEST.
About Logging TABLE 17–1 Enterprise Server Logger Namespaces (Continued) Module Name Namespace Group Management Service (cluster and enterprise profiles only) javax.ee.enterprise.system.gms JavaMail javax.enterprise.resource.javamail JAXR javax.enterprise.resource.webservices.registry JAXRPC javax.enterprise.resource.webservices.rpc JAXWS javax.enterprise.resource.webservices.javaws JBI com.sun.jbi JMS javax.enterprise.resource.jms JTA javax.enterprise.resource.jta JTS javax.
Configuring Logging Configuring Logging This section contains the following topics: ■ ■ ■ “Configuring General Logging Settings” on page 168 “Configuring Log Levels” on page 168 “Viewing Server Logs” on page 169 Configuring General Logging Settings To configure the general logging settings using the Admin Console: ■ ■ For the developer profile, go to Application Server → Logging → General For the cluster and enterprise profiles, go to Configurations → Configuration → Logging Settings → General On the G
Configuring Logging Viewing Server Logs To view the log files: ■ ■ In the developer profile, go to Applications Server → Logging → View Log Files. In the cluster and enterprise profiles, go to Configurations → Configuration → Logger Settings → General, and click View Log Files. Use the options provided in the Search Criteria area to display log results based on your preferences. ■ Instance Name — Choose an instance name from the drop-down list to view the log for that server instance.
Configuring Logging A window labeled Log Entry Detail appears, with a formatted version of the message. At the end of the list of entries, click the buttons to view earlier or later entries in the log file. Click Advanced Search in the Search Criteria area to make additional refinements to the log viewer. Use the Advanced Options fields as follows: ■ Logger — To filter by module, choose one or more namespaces from the drop-down list. Use shift-click or control-click to choose multiple namespaces.
18 C H A P T E R 1 8 Monitoring Components and Services This chapter contains information about monitoring components using the Enterprise Server Admin Console.
About Monitoring Overview of Monitoring To monitor the Enterprise Server, perform these steps: 1. Enable the monitoring of specific services and components using either the Admin Console or the asadmin tool. For more information on this step, refer to “Enabling and Disabling Monitoring” on page 191. 2. View monitoring data for the specified services or components using either the Admin Console or the asadmin tool. For more information on this step, refer to “Viewing Monitoring Data” on page 193.
About Monitoring EXAMPLE 18–1 Applications Node Tree Structure applications |--- application1 | |--- ejb-module-1 | | |--- ejb1 * | | |--- cache (for entity/sfsb) * | | |--- pool (for slsb/mdb/entity) * | | |--- methods | | |---method1 * | | |---method2 * | | |--- stateful-session-store (for sfsb)* | | |--- timers (for s1sb/entity/mdb) * | |--- web-module-1 | | |--- virtual-server-1 * | | |---servlet1 * | | |---servlet2 * |--- standalone-web-module-1 | | |----- virtual-server-2 * | | |---servlet3 * | | |
About Monitoring EXAMPLE 18–3 HTTP Service Schematic (Cluster and Enterprise Profile Version) http-service * |---connection-queue * |---dns * |---file-cache * |---keep-alive * |---virtual-server-1* | |--- request * |---virtual-server-2* | |--- request * The Resources Tree The resources node holds monitorable attributes for pools such as the JDBC connection pool and connector connection pool. The following schematic shows the top and child nodes for the various resource components.
About Monitoring EXAMPLE 18–6 JMS Service Schematic jms-service |-- connection-factories [AKA conn. pools in the RA world] | |-- connection-factory-1 (All CF stats for this CF) |-- work-management (All work mgmt stats for the MQ-RA) The ORB Tree The ORB node holds monitorable attributes for connection managers. The following schematic shows the top and child nodes for the ORB components. The nodes at which monitoring statistics are available are marked with an asterisk (*).
About Monitoring ■ ■ ■ ■ “Thread Pools Statistics” on page 186 “Transaction Service Statistics” on page 186 “Java Virtual Machine (JVM) Statistics” on page 187 “JVM Statistics in Java SE” on page 187 EJB Container Statistics The EJB container statistics are described in the following tables: ■ ■ ■ ■ ■ ■ Table 18–1 Table 18–2 Table 18–3 Table 18–4 Table 18–5 Table 18–6 EJB statistics are described in the following table.
About Monitoring TABLE 18–2 EJB Method Statistics Attribute Name Data Type Description methodstatistic TimeStatistic Number of times an operation is called; the total time that is spent during the invocation, and so on. totalnumerrors CountStatistic Number of times the method execution resulted in an exception. This is collected for stateless and stateful session beans and entity beans if monitoring is enabled for the EJB container.
About Monitoring TABLE 18–3 EJB Session Store Statistics (Continued) Attribute Name Data Type Description activationErrorCount CountStatistic Time (ms) spent executing the method for the last successful/unsuccessful attempt to execute the operation. This is collected for stateless and stateful session beans and entity beans, if monitoring is enabled on the EJB container. passivationCount CountStatistic Number of sessions passivated (inactivated) using this store.
About Monitoring TABLE 18–4 EJB Pool Statistics Attribute Name Data Type Description numbeansinpool BoundedRangeStatistic Number of EJB’s in the associated pool, providing an idea about how the pool is changing. numthreadswaiting BoundedRangeStatistic Number of threads waiting for free beans, giving an indication of possible congestion of requests. totalbeanscreated CountStatistic Number of beans created in associated pool since the gathering of data started.
About Monitoring TABLE 18–5 EJB Cache Statistics (Continued) Attribute Name Data Type Description numpassivationsuccess CountStatistic Number of times passivation completed successfully. Applies only to stateful session beans. The statistics available for Timers are listed in the following table. TABLE 18–6 Timer Statistics Statistic Data Type Description numtimerscreated CountStatistic Number of timers created in the system.
About Monitoring TABLE 18–8 Web Container (Web Module) Statistics Statistic Data Type Comments jspcount CountStatistic Number of JSP pages that have been loaded in the web module. jspreloadcount CountStatistic Number of JSP pages that have been reloaded in the web module. sessionstotal CountStatistic Total number of sessions that have been created for the web module. activesessionscurrent CountStatistic Number of currently active sessions for the web module.
About Monitoring TABLE 18–9 HTTP Service Statistics (Developer Profile) Statistic Units Data Type Comments bytesreceived Bytes CountStatistic The cumulative value of the bytes received by each of the request processors. bytessent Bytes CountStatistic The cumulative value of the bytes sent by each of the request processors. currentthreadcount Number CountStatistic The number of processing threads currently in the listener thread pool.
About Monitoring The statistics available for the JDBC connection pool are shown in the following table. TABLE 18–10 JDBC Connection Pool Statistics Statistic Units Data Type Description numconnfailedvalidation Number CountStatistic The total number of connections in the connection pool that failed validation from the start time until the last sample time. numconnused Number RangeStatistic Provides connection usage statistics.
About Monitoring TABLE 18–10 JDBC Connection Pool Statistics (Continued) Statistic Units Data Type Description numconnacquired Number CountStatistic Number of logical connections acquired from the pool. numconnreleased Number CountStatistic Number of logical connections released to the pool. JMS/Connector Service Statistics The statistics available for the connector connection pools are shown in Table 18–11. Statistics for Connector Work Management are shown in Table 18–12.
About Monitoring TABLE 18–11 Connector Connection Pool Statistics (Continued) Statistic Units Data Type Description numconndestroyed Number CountStatistic Number of physical connections that were destroyed since the last reset. numconnacquired Number CountStatistic Number of logical connections acquired from the pool. numconnreleased Number CountStatistic Number of logical connections released to the pool.
About Monitoring TABLE 18–13 Connection Manager (in an ORB) Statistics (Continued) Statistic Units Data Type Description totalconnections Number BoundedRangeStatistic Total number of connections to the ORB. Thread Pools Statistics The statistics available for the thread pool are shown in the following table.
About Monitoring TABLE 18–15 Transaction Service Statistics (Continued) Statistic Data Type Description committedcount CountStatistic Number of transactions that have been committed. rolledbackcount CountStatistic Number of transactions that have been rolled back. state StringStatistic Indicates whether or not the transaction has been frozen. Java Virtual Machine (JVM) Statistics The JVM has monitorable attributes that are always enabled.
About Monitoring TABLE 18–17 JVM Statistics for Java SE- Class Loading (Continued) Statistic Data Type Description totalloadedclasscount CountStatistic Total number of classes that have been loaded since the JVM began execution. unloadedclasscount CountStatistic Number of classes that have been unloaded from the JVM since the JVM began execution. The statistics available for compilation in the JVM in Java SE are shown in the following table.
About Monitoring TABLE 18–20 JVM Statistics for Java SE- Memory (Continued) Statistic Data Type Description committedheapsize CountStatistic Amount of memory (in bytes) that is committed for the JVM to use. initnonheapsize CountStatistic Size of the non-heap area initially requested by the JVM. usednonheapsize CountStatistic Size of the non-heap area currently in use. maxnonheapsize CountStatistic Maximum amount of memory (in bytes) that can be used for memory management.
About Monitoring TABLE 18–22 JVM Statistics for Java SE - Runtime (Continued) Statistic Data Type Description managementspecversion StringStatistic Management spec. version implemented by the JVM. classpath StringStatistic Classpath that is used by the system class loader to search for class files. librarypath StringStatistic Java library path. bootclasspath StringStatistic Classpath that is used by the bootstrap class loader to search for class files.
Enabling and Disabling Monitoring TABLE 18–23 JVM Statistics for Java SE - Thread Info (Continued) Statistic Data Type Description lockownerid CountStatistic ID of the thread that holds the monitor lock of an object on which this thread is blocking. lockownername StringStatistic Name of the thread that holds the monitor lock of the object this thread is blocking on. stacktrace StringStatistic Stack trace associated with this thread.
Enabling and Disabling Monitoring Configuring Monitoring Levels Using the Admin Console To configure monitoring in the Admin Console: ■ ■ For the developer profile, go to Configuration → Monitoring For the cluster and enterprise profiles, go to Configurations → Configuration → Monitoring By default, monitoring is turned off for all components and services. To turn monitoring on, select LOW or HIGH from the combo box. To turn monitoring off, select OFF from the combo box.
Viewing Monitoring Data Viewing Monitoring Data ■ ■ “Viewing Monitoring Data in the Admin Console” on page 193 “Viewing Monitoring Data With the asadmin Tool” on page 193 Viewing Monitoring Data in the Admin Console In the developer profile, to view monitoring data, go to Application Server → Monitor. In the cluster and enterprise profiles, to view monitoring data for a stand-alone instance, go to Stand-Alone Instances → Instance → Monitor.
Viewing Monitoring Data servlet, connection, connectorpool, endpoint, entitybean, messagedriven, statefulsession, statelesssession, httpservice, or webmodule. For example, to view data for jvm on server, enter the following: asadmin>monitor --type jvm --user adminuser server JVM Monitoring UpTime(ms) current 327142979 2 min 0 HeapSize(bytes) max low high 531628032 0 45940736 count 45940736 To view monitoring data and send the output to a CSV file, use the filename option.
Viewing Monitoring Data 2 To display monitoring statistics for an application component or subsystem for which monitoring has been enabled, use the asadmin get command. To get the statistics, type the asadmin get command in a terminal window, specifying a name displayed by the list command in the preceding step. The following example attempts to get all attributes from a subsystem for a specific object: asadmin> get --user adminuser --monitor server.jvm.
Viewing Monitoring Data Another example, application, is a valid monitorable object type and is not a singleton. To address a non-singleton child node representing, for example, the application PetStore, the dotted name is: server.applications.petstore The dotted names can also address specific attributes in monitorable objects. For example, http-service has a monitorable attribute called bytesreceived-lastsampletime. The following name addresses the bytesreceived attribute: server.http-service.server.
Viewing Monitoring Data Examples for the list --user admin-user --monitor Command The list command provides information about the application components and subsystems currently being monitored for the specified server instance name. Using this command, you can see the monitorable components and subcomponents for a server instance. For a more complete listing of list examples, see “Expected Output for list and get Commands at All Levels” on page 202.
Viewing Monitoring Data When an attribute is requested that does not exist for a particular component or subsystem, an error is returned. Similarly, when a specific attribute is requested that is not active for a component or subsystem, an error is returned. Refer to “Expected Output for list and get Commands at All Levels” on page 202 for more information on the use of the get command.
Viewing Monitoring Data Example 3 Attempt to get a specific attribute from a subsystem: asadmin> get --user admin-user --monitor server.jvm.uptime-lastsampletime Returns: server.jvm.uptime-lastsampletime = 1093215374813 Example 4 Attempt to get an unknown attribute from within a subsystem attribute: asadmin> get --user admin-user --monitor server.jvm.badname Returns: No such attribute found from reflecting the corresponding Stats interface: [badname] CLI137 Command get failed.
Viewing Monitoring Data server.http-service server.resources server.thread-pools The list of monitorable components includes thread-pools, http-service, resources, and all deployed (and enabled) applications. 4 List the monitorable subcomponents in the PetStore application (-m can be used instead of --monitor): asadmin> list -m server.applications.petstore Returns: server.applications.petstore.signon-ejb_jar server.applications.petstore.catalog-ejb_jar server.applications.petstore.uidgen-ejb_jar server.
Viewing Monitoring Data Returns: Nothing to list at server.applications.petstore.signon-ejb_jar. UserEJB.bean-methods.getUserName. To get the valid names beginning with a string, use the wildcard "*" character. For example, to list all names that begin with "server", use "list server*". 8 There are no monitorable subcomponents for methods. Get all monitorable statistics for the method getUserName. asadmin> get -m server.applications.petstore.signon-ejb_jar.UserEJB.bean-methods.getUserName.
Viewing Monitoring Data server.applications.petstore.signon-ejb_jar.UserEJB.bean-methods. getUserName.totalnumerrors-count = 0 server.applications.petstore.signon-ejb_jar.UserEJB.bean-methods. getUserName.totalnumerrors-description = Provides the total number of errors that occured during invocation or execution of an operation. server.applications.petstore.signon-ejb_jar.UserEJB.bean-methods. getUserName.totalnumerrors-lastsampletime = 1079981809273 server.applications.petstore.signon-ejb_jar.UserEJB.
Viewing Monitoring Data TABLE 18–25 Top Level Command Dotted Name Output list -m server server.applicationsserver.thread-poolsserver. resourcesserver.http-serviceserver.transactionserviceserver.orb.connection-managersserver.orb. connection-managers.orb\.Connections\.Inbound\. AcceptedConnectionsserver.jvm list -m server.* Hierarchy of child nodes below this node. get -m server.* No output except a message saying there are no attributes at this node.
Viewing Monitoring Data TABLE 18–27 Applications - Enterprise Applications and Standalone Modules Command Dotted Name Output list -m server.applications.app1 ejb-module1_jarweb-module2_warejbmodule3_jarweb-module3_war... or *app1 Note: this level is only applicable if an enterprise application has been deployed. It is not applicable if a standalone module is deployed. list -m server.applications.app1.* Hierarchy of child nodes below this node. or *app1.* get -m server.applications.app1.
Viewing Monitoring Data TABLE 18–27 Applications - Enterprise Applications and Standalone Modules (Continued) Command Dotted Name Output list -m server.applications.app1. ejb-module1_jar.bean1 List of child nodes: bean-poolbean-cachebean-method Note: In standalone modules, the node containing the application name (app1 in this example) will not appear. list -m server.applications.app1. ejb-module1_jar.
Viewing Monitoring Data TABLE 18–27 Applications - Enterprise Applications and Standalone Modules (Continued) Command Dotted Name Output list -m server.applications.app1. ejb-module1_jar.bean1.bean-cache No attributes, but a message saying “Use get command with the --monitor option to view this node’s attributes and values.” Note: In standalone modules, the node containing the application name (app1 in this example) will not appear. get -m server.applications.app1. ejb-module1_jar.bean1.
Viewing Monitoring Data TABLE 18–28 HTTP-Service Level Command Dotted Name Output list -m server.http-service List of virtual servers. get -m server.http-service.* No output except message saying there are no attributes at this node. list -m server.http-service.server List of HTTP Listeners. get -m server.http-service.server.* No output except message saying there are no attributes at this node. list -m server.http-service.server.
Viewing Monitoring Data TABLE 18–30 Resources Level Command Dotted Name Output list -m server.resources List of pool names. get -m server.resources.* No output except message saying there are no attributes at this node. list -m server.resources.jdbc-connection-pool-pool. No attributes, but a message connection-pool1 saying “Use get command with the --monitor option to view this node’s attributes and values.” get -m server.resources.jdbc-connection-pool-pool.
Using JConsole TABLE 18–32 ORB Level (Continued) Command Dotted Name Output get -m server.orb.connection-managers.* No output except message saying there are no attributes at this node. list -m server.orb.connection-managers. orb\.Connections\.Inbound\ .AcceptedConnections No attributes, but a message saying “Use get command with the --monitor option to view this node’s attributes and values.” get -m server.orb.connection-managers. orb\.Connections\.Inbound\ .AcceptedConnections.
Using JConsole To view all the MBeans, Enterprise Server provides a configuration of the Standard JMX Connector Server called System JMX Connector Server. As part of Enterprise Server startup, an instance of this JMX Connector Server is started. Any compliant JMX connector client can connect to the server using this Connector Server. Java SE also provides tools to connect to an MBean Server and view MBeans registered with it.
Using JConsole The security-enabled flag for the JMX Connector is false. If you are running the cluster or enterprise profile, or if you have turned on security for the JMX Connector in the developer profile, this flag is set to true. ...
Using JConsole 3 In the Connect to Agent tab of JConsole, enter user name, password, host name and port (8686, by default). The user name refers to the administration user name and password refers to the administration password of the domain. 4 Click Connect. In the JConsole window you will see all your MBeans, VM information etc., in various tabs.
Using JConsole 6 Start JConsole by running JDK_HOME/bin/jconsole 7 In the Connect to Agent tab of JConsole, enter user name, password, host name and port (8686, by default). The user name refers to the administration user name and password refers to the administration password of the domain. 8 Click Connect. In the JConsole window you will see all your MBeans, VM information etc., in various tabs.
19 C H A P T E R 1 9 Configuring Management Rules This section contains information about setting administration policies to automate routine administration tasks, configure self-tuning of the application server for diverse runtime conditions and improve availability by preventing failures. This section also contains information on the self-management templates, which are predefined management rules that you can customize.
Configuring Management Rules notifications and take appropriate action. For details on developing a custom MBean and deploying it, see Chapter 14, “Developing Custom MBeans,” in Sun GlassFish Enterprise Server 2.1 Developer’s Guide. The Enterprise Server provides some useful events, which you can further extend by writing custom MBeans to emit notifications. Each event can be further customized by changing its properties.
Configuring Management Rules In addition, to enable a individual management rule, you must enable the rule on this page by clicking the box next to the rule and clicking Enable. A rule's MBeans must also be enabled on a target. To enable MBeans, go to Custom MBeans → MBean. On the Edit Custom MBean page, click the Target tab to access the Custom MBean Targets page, where you can enable the MBeans on some or all of the targets. For details, see the online help.
20 C H A P T E R 2 0 Java Virtual Machine and Advanced Settings The Java Virtual Machine (JVM) is an interpretive computing engine responsible for running the byte codes in a compiled Java program. The JVM translates the Java byte codes into the native instructions of the host machine. The Enterprise Server, being a Java process, requires a JVM in order to run and support the Java applications running on it. JVM settings are part of an application server configuration.
Configuring Advanced Settings ■ Debug Options: Specify the JPDA options passed to the JVM when the debugging is enabled. ■ RMI Compile Options: Enter the command-line options for the rmic compiler. The Enterprise Server runs the rmic compiler when EJB components are deployed. ■ Bytecode Preprocessor: Enter a comma separated list of class names. Each class must implement the com.sun.appserv.BytecodePreprocessor interface. The classes are called in the order specified.
A A P P E N D I X A Automatically Restarting a Domain or Node Agent If your domain or node agent is stopped unexpectedly (for example, if you need to restart your machine), you can configure your system to automatically restart the domain or node agent.
Restarting Automatically on Solaris 10 To determine if a user has the net_privaddr privilege, log in as that user and type the command ppriv -l | grep net_privaddr. To run the asadmin create-service command, you must have solaris.smf.* authorization. See the useradd and usermod man pages to find out how to set the authorizations. You must also have write permission in the directory tree: /var/svc/manifest/application/SUNWappserver. Usually, the superuser has both these permissions.
Restarting Automatically on the Microsoft Windows Platform Restarting Automatically Using inittab on Solaris 9 and Linux Platforms To restart your domain on the Solaris 9 or Linux platform, add a line of text to the /etc/inittab file. If you use /etc/rc.local, or your system’s equivalent, place a line in /etc/rc.local that calls the desired asadmin command. For example, to restart domain1 for an Enterprise Server installed in the opt/SUNWappserver directory, using a password file called password.
Restarting Automatically on the Microsoft Windows Platform C:\winnt\system32\sc.exe create service-name binPath= \"fully-qualified-path-to-appservService.exe \"fully-qualified-path-to-asadmin.bat start-command\" \"fully-qualified-path-to-asadmin.bat stop-command\"" start= auto DisplayName= "display-name" Note – There is no space between binpath and the equals sign (=). There must be a space after the equals sign and before the path.
Security for Automatic Restarts Preventing the Service From Shutting Down When a User Logs Out By default, the Java VM catches signals from Windows that indicate that the operating system is shutting down, or that a user is logging out, and shuts itself down cleanly. This behavior causes the Enterprise Server service to shut down when a user logs out of Windows. To prevent the service from shutting down when a user logs out, set the -Xrs Java VM option (http://java.sun.com/j2se/1.
Security for Automatic Restarts If the “interact with desktop” option is not set, the service stays in a “start-pending” state and appears to hang. Kill the service process to recover from this state. ■ On Windows or UNIX, create a domain using the --savemasterpassword=true option and create a password file to store the admin password. When starting the component, use the --passwordfile option to point to the file that contains the password. For example: 1. Create domain with a saved master password.
B A P P E N D I X B Dotted Name Attributes for domain.xml This appendix describes the dotted name attributes that can be used to address the MBean and its attributes. Every element in the domain.xml file has a corresponding MBean. Because the syntax for using these names involves separating names between periods, these names are called dotted names.
Top Level Elements Element Name Dotted Name Prefix clusters domain.clusters Every cluster contained in this element is accessible as cluster-name. Where cluster-name is the value of the name attribute for the cluster subelement. node-agents domain.node-agents lb-configs domain.lb-configs Applicable only for Sun GlassFish Enterprise Server system-property domain.system-property converged-lb-configs domain.
Elements Not Aliased Dotted Name Aliased to target.admin-service config-name.admin-service target.web-container config-name.web-container target.sip-container config-name.sip-container Applicable only for Sun GlassFish Communications Server target.ejb-container config-name.ejb-container target.mdb-container config-name.mdb-container target.jms-service config-name.jms-service target.sip-service config-name.sip-service Applicable only for Sun GlassFish Communications Server target.
C A P P E N D I X C The asadmin Utility The Application Server includes a command-line administration utility known as asadmin. Theasadmin utility is used to start and stop the Application Server, manage users, resources, and applications.
The asadmin Utility The asadmin Utility Use the asadmin utility to perform any administrative tasks for the Application Server. You can use this asadmin utility in place of using the Administrator interface. The asadmin utility invokes subcommands that identify the operation or task you wish to perform. Subcommands are case-sensitive. Short option arguments have a single dash (-); while long option arguments have two dashes (--). Options control how the utility performs a subcommand.
The asadmin Utility ■ -s --secure if true, uses SSL/TLS to communicate with the domain application server. ■ -t --terse indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-formatted data for consumption by a script. Default is false. ■ -e --echo setting to true will echo the command line statement on the standard output. Default is false. ■ -I --interactive if set to true (default), only the required password options are prompted.
Common Options for Remote Commands To use the --secure option, you must use the set command to enable the security --enabled flag in the admin http-listener in the domain.xml. When you use the asadmin subcommands to create and/or delete, you must restart the server for the newly created command to take affect. Use the start-domain command to restart the server.
The Multimode Command TABLE C–1 Remote Commands Required Options (Continued) Option Definition --passwordfile The --passwordfile option specifies the name of a file containing the password entries in a specific format. The entry for the password must have the AS_ADMIN_ prefix followed by the password name in uppercase letters.
The Get, Set, and List Commands invokemultimode from within a multimodesession; once you exit the second multimode environment, you return to your original multimode environment. The Get, Set, and List Commands The asadmin get, set and list commands work in tandem to provide a navigation mechanism for the Application Server's abstract hierarchy. There are two hierarchies: configuration and monitoring and these commands operate on both.
Server Lifecycle Commands ■ The list command treats this complete dotted name as the complete name of a parent node in the abstract hierarchy. Upon providing this name to list command, it simply returns the names of the immediate children at that level. For example,list server.applications.web-module will list all the web modules deployed to the domain or the default server.
List and Status Commands TABLE C–2 Server Lifecycle Commands (Continued) Command Definition start-domain Starts a domain. If the domain directory is not specified, the domain in the default install_dir/domains directory is started. If there are two or more domains, the domain_name operand must be specified. stop-domain Stops the Domain Administration Server of the specified domain. restore-domain Restores files under the domain from a backup directory. list-domains Lists the domain.
Deployment Commands TABLE C–3 List and Status Commands (Continued) list-components Lists all deployed Java EE 5 components. If the --typeoption is not specified, all components are listed. list-sub-components Lists EJBs or Servlets in a deployed module or in a module of the deployed application. If a module is not identified, all modules are listed. enable Enables the specified component. If the component is already enabled, then it is re-enabled.
Version Commands Version Commands The version commands return the version string, display a list of all the asadmin commands, and allow you to install the license file. TABLE C–5 Version Commands Command Definition version Displays the version information. If the command cannot communicate with the administration server with the given user/password and host/port, then the command will retrieve the version locally and display a warning message.
Resource Management Commands Resource Management Commands The resource commands allow you to manage the various resources used in your application. TABLE C–7 Resource Management Commands Command Definition create-jdbc-connection-pool Registers a new JDBC connection pool with the specified JDBC connection pool name. delete-jdbc-connection-pool Deletes a JDBC connection pool. The operand identifies the JDBC connection pool to be deleted.
Resource Management Commands TABLE C–7 Resource Management Commands (Continued) Command Definition delete-custom-resource Removes a custom resource. list-custom-resources Lists the custom resources. create-connector-connection-pool Adds a new connector connection pool with the specified connection pool name. delete-connector-connection-pool Removes the connector connection pool specified using the operand connector_connection_pool_name.
Configuration Commands Configuration Commands The configuration commands allow you to construct IIOP listeners, lifecycle modules, HTTP and IIOP listeners, profilers, and other subsystems.
Configuration Commands TABLE C–9 Lifecycle Module Commands Command Definition create-lifecycle-module Creates a lifecycle module. The lifecycle modules provide a means of running short or long duration Java-based tasks within the application server environment. delete-lifecycle-module Removes the specified lifecycle module. list-lifecycle-modules Lists the existing lifecycle module. create-audit-module Adds the named audit module for the plug-in module that implements the audit capabilities.
Configuration Commands TABLE C–11 JVM Options and Virtual Server Commands Command Definition create-jvm-option Creates JVM options in the Java configuration or profiler elements of the domain.xml file. If JVM options are created for a profiler, they are used to record the settings needed to get a particular profiler going. You must restart the server for newly created JVM options to take effect. delete-jvm-option Removes JVM options from the Java configuration or profiler elements of the domain.
User Management Commands TABLE C–13 Transaction Commands Command Definition freeze-transaction Freezes the transaction subsystem during which time all the inflight transactions are suspended. Invoke this command before rolling back any inflight transactions. Invoking this command on an already frozen transaction subsystem has no effect. unfreeze-transaction Resumes all the suspended inflight transactions. Invoke this command on an already frozen transaction.
Database Commands TABLE C–15 User Management Commands (Continued) Command Definition update-file-user Updates an existing entry in the keyfile using the specified user_name, user_password and groups. Multiple groups can be entered by separating them, with a colon (:). list-file-users Creates a list of file users supported by file realm authentication. list-file-groups Administers file users and groups supported by the file realm authentication.
Diagnostic and Logging Commands TABLE C–17 Database Commands Command Definition start-database Starts the Java DB server that is available with the Application Server. Use this command only for working with applications deployed to the Application Server. stop-database Stops a process of the Java DB server. Java DB server is available with the Application Server. Diagnostic and Logging Commands The diagnostic and logging commands help you troubleshoot problems with the application server.
Security Service Commands TABLE C–19 Web Service Commands (Continued) Command Definition delete-transformation-rule Deletes an XSLT transformation rule of a given web service. list-transformation-rules Lists all the transformation rules of a given web service in the order they are applied. publish-to-registry Publishes the web service artifacts to registries. unpublish-from-registry Unpublishes the web service artifacts from the registries.
Password Commands TABLE C–20 Security Commands (Continued) Command Definition delete-message-security-provide Enables administrators to delete a provider-config sub-element for the given message layer (message-security-config element of domain.xml, the file that specifies parameters and properties to the Application Server).
Service Command Verify Command The XML verifier command verifies the content of the domain.xml file. TABLE C–22 Verify Command Command Definition verify-domain-xml Verifies the content of the domain.xml file. Custom MBean Commands The MBean commands allow you to manage and register custom MBeans. The commands are supported in remote mode only. TABLE C–23 Custom MBean Commands Command Definition create-mbean Creates and registers a custom MBean.
Property Command Property Command Shared server instances will often need to override attributes defined in their referenced configuration. Any configuration attribute in a server instance can be overridden through a system property of the corresponding name. Use the system property commands to manage these shared server instances. TABLE C–25 252 Property Command Command Definition create-system-property Creates one system property of the domain, configuration, or server instance, at a time.
Index A ACC See containers application client, 93 acceptor threads, in HTTP listeners, 151 Admin Console, 24 applets, 93 asadmin utility, 25 containers (Continued) web, 93, 95 CORBA, 161 threads, 163 create-domain command, 31 custom resources, using, 79 D B bean-cache, monitoring attribute names, 179-180 Binding Components, overview, 40 databases JNDI names, 77 resource references, 78 supported, 52 delete-domain command, 32 destinations, JMS, overview, 63-64 domains, creating, 31-32 C cache-hits, 179 c
Index external repositories, accessing, 79 F Foreign Providers, JMS, 67-74 G get command, monitoring data, 197 H high availability, 28 HTTP listeners acceptor threads, 151 default virtual server, 151 overview, 150-152 HTTP service HTTP listeners, 150-152 Keep-Alive subsystem, 152 request processing threads, 151 virtual servers, 149-150 JCE provider configuring, 135 JDBC drivers, 144 supported drivers, 52 JMS Foreign Providers, 67-74 Resource Adapter, Generic, 67-74 JMS resources connection factory reso
Index logging (Continued) viewing the server log, 169-170 ORB (Continued) service, monitoring, 185-186 M P man pages, 25 monitoring bean-cache attributes, 179-180 container subsystems, 172-173 ORB service, 185-186 transaction service, 186-187 using get command, 197 using list command, 197 MSSQL Inet JDBC driver, 58-59 MSSQL/SQL Server2000 Data Direct JDBC driver, 55 MySQL Type 4 JDBC driver, non-XA, 57 performance, thread pools, 163 Port listeners, 30 N naming, JNDI and resource reference, 78 numbean
Index T thread pools, 163 performance, 163 thread starvation, 163 threads, See thread pools, 163 topics, JMS, 63-64 total-beans-created, 179 totalbeansdestroyed, 179 totalnumerrors, 177 totalnumsuccess, 177 Transaction Manager See transactions managers, 144 transaction service, monitoring, 186-187 transactions, 143 associating, 144 attributes, 144 committing, 143 completing, 144 demarcations, 144 distributed, 144 logging, 147-148 managers, 144 recovering, 144, 145-146 rolling back, 143 timeouts, 146-147 tr
