From 0eda95cc5fcb445ae2e4996d43c7194d6514ae6c Mon Sep 17 00:00:00 2001
From: Jon Cox <jon.cox@alfresco.com>
Date: Fri, 24 Nov 2006 19:08:01 +0000
Subject: [PATCH]  Point checkin.

 Inserting a password-protected MBean and associated RMI-based
 MBeanServer into the Alfresco webapp context.

 Right now, it's just in "hello world" condition,
 but you can say:

        jconsole service:jmx:rmi:///jndi/rmi://your-alfresco-box:50500/alfresco/jmxrmi

 and browse the MBean  (assuming you know the associated jmxrolename/password).
 Just one property right now ("moo"), but fleshes out all the major issues
 for isolating the JMX for our MBean from the JMX for the JVM as a whole.




git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/WCM-DEV2/root@4441 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 config/alfresco/alfresco-jmxrmi.access        | 48 +++++++++++++
 config/alfresco/alfresco-jmxrmi.password      | 63 +++++++++++++++++
 config/alfresco/alfresco-shared.properties    | 14 ++++
 config/alfresco/core-services-context.xml     | 52 ++++++++++++++
 .../custom-db-and-data-context.xml.sample     |  3 +-
 config/alfresco/repository.properties         |  2 -
 .../util/RuntimeSystemPropertiesSetter.java   | 67 +++++++++++++++++++
 7 files changed, 246 insertions(+), 3 deletions(-)
 create mode 100644 config/alfresco/alfresco-jmxrmi.access
 create mode 100644 config/alfresco/alfresco-jmxrmi.password
 create mode 100644 config/alfresco/alfresco-shared.properties
 create mode 100644 source/java/org/alfresco/util/RuntimeSystemPropertiesSetter.java

diff --git a/config/alfresco/alfresco-jmxrmi.access b/config/alfresco/alfresco-jmxrmi.access
new file mode 100644
index 0000000000..765f118a36
--- /dev/null
+++ b/config/alfresco/alfresco-jmxrmi.access
@@ -0,0 +1,48 @@
+######################################################################
+#     Default Access Control File for Remote JMX(TM) Monitoring
+######################################################################
+#
+# Access control file for Remote JMX API access to monitoring.
+# This file defines the allowed access for different roles.  The
+# password file (jmxremote.password by default) defines the roles and their
+# passwords.  To be functional, a role must have an entry in
+# both the password and the access files.
+#
+# Default location of this file is $JRE/lib/management/jmxremote.access
+# You can specify an alternate location by specifying a property in 
+# the management config file $JRE/lib/management/management.properties
+# (See that file for details)
+#
+# The file format for password and access files is syntactically the same
+# as the Properties file format.  The syntax is described in the Javadoc
+# for java.util.Properties.load.
+# Typical access file has multiple  lines, where each line is blank,
+# a comment (like this one), or an access control entry.
+#
+# An access control entry consists of a role name, and an
+# associated access level.  The role name is any string that does not
+# itself contain spaces or tabs.  It corresponds to an entry in the
+# password file (jmxremote.password).  The access level is one of the
+# following:
+#       "readonly" grants access to read attributes of MBeans.
+#                   For monitoring, this means that a remote client in this
+#                   role can read measurements but cannot perform any action
+#                   that changes the environment of the running program.
+#       "readwrite" grants access to read and write attributes of MBeans,
+#                   to invoke operations on them, and to create or remove them.
+#		    This access should be granted to only trusted clients, 
+#                   since they can potentially interfere with the smooth
+#		    operation of a running program 
+#
+# A given role should have at most one entry in this file.  If a role
+# has no entry, it has no access.
+# If multiple entries are found for the same role name, then the last
+# access entry is used.
+#
+#
+# Default access control entries:
+# o The "monitorRole" role has readonly access.  
+# o The "controlRole" role has readwrite access.
+
+monitorRole   readonly
+controlRole   readwrite
diff --git a/config/alfresco/alfresco-jmxrmi.password b/config/alfresco/alfresco-jmxrmi.password
new file mode 100644
index 0000000000..6adad9adbd
--- /dev/null
+++ b/config/alfresco/alfresco-jmxrmi.password
@@ -0,0 +1,63 @@
+# ----------------------------------------------------------------------
+#           Template for jmxremote.password
+#
+# o Copy this template to jmxremote.password
+# o Set the user/password entries in jmxremote.password
+# o Change the permission of jmxremote.password to read-only
+#   by the owner.
+#
+# See below for the location of jmxremote.password file.
+# ----------------------------------------------------------------------
+
+##############################################################
+#        Password File for Remote JMX Monitoring
+##############################################################
+#
+# Password file for Remote JMX API access to monitoring.  This
+# file defines the different roles and their passwords.  The access
+# control file (jmxremote.access by default) defines the allowed
+# access for each role.  To be functional, a role must have an entry
+# in both the password and the access files.
+#
+# Default location of this file is $JRE/lib/management/jmxremote.password
+# You can specify an alternate location by specifying a property in 
+# the management config file $JRE/lib/management/management.properties
+# or by specifying a system property (See that file for details).
+
+
+##############################################################
+#    File permissions of the jmxremote.password file
+##############################################################
+#      Since there are cleartext passwords stored in this file,
+#      this file must be readable by ONLY the owner,
+#      otherwise the program will exit with an error. 
+#
+# The file format for password and access files is syntactically the same
+# as the Properties file format.  The syntax is described in the Javadoc
+# for java.util.Properties.load.
+# Typical password file has multiple  lines, where each line is blank,
+# a comment (like this one), or a password entry.
+#
+#
+# A password entry consists of a role name and an associated
+# password.  The role name is any string that does not itself contain
+# spaces or tabs.  The password is again any string that does not
+# contain spaces or tabs.  Note that passwords appear in the clear in
+# this file, so it is a good idea not to use valuable passwords.
+#
+# A given role should have at most one entry in this file.  If a role
+# has no entry, it has no access.
+# If multiple entries are found for the same role name, then the last one
+# is used.
+#
+# In a typical installation, this file can be read by anybody on the
+# local machine, and possibly by people on other machines.
+# For # security, you should either restrict the access to this file,
+# or specify another, less accessible file in the management config file
+# as described above.
+#
+# Following are two commented-out entries.  The "measureRole" role has
+# password "QED".  The "controlRole" role has password "R&D".
+#
+monitorRole  change_asap
+controlRole  change_asap
diff --git a/config/alfresco/alfresco-shared.properties b/config/alfresco/alfresco-shared.properties
new file mode 100644
index 0000000000..1fb1a0f69b
--- /dev/null
+++ b/config/alfresco/alfresco-shared.properties
@@ -0,0 +1,14 @@
+# 
+# Properties shared between the Alfresco server 
+# and its remote clients (e.g.: the virtualization server).
+#
+# Ports used by Alfresco AVM
+#
+# Note:  These ports are also used by the virtualization server
+#        (hence, they're in a seperate file that's can be copied easily).
+
+# MBeanServer registry  (protocol: RMI)
+avm.jmxrmi.port=50500
+
+# AVMRemote API         (protocol: RMI)
+avm.remote.port=1313
diff --git a/config/alfresco/core-services-context.xml b/config/alfresco/core-services-context.xml
index 47e209f688..7eea2f249d 100644
--- a/config/alfresco/core-services-context.xml
+++ b/config/alfresco/core-services-context.xml
@@ -8,6 +8,11 @@
     <!--  PERSISTENCE       -->
     <!--                    -->
 
+    <!-- Load runtime-dependent properties (e.g.: alfresco.jmx.dir).     -->
+    <!-- Note:  This bean relies on PropertyPlaceholderConfigurer        -->
+    <bean id="runtimeProperties"  class="org.alfresco.util.RuntimeSystemPropertiesSetter"/>
+
+
     <!-- load common properties -->
     <bean id="repository-properties" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
         <property name="ignoreUnresolvablePlaceholders">
@@ -15,6 +20,7 @@
         </property>
         <property name="locations">
             <list>
+                <value>classpath:alfresco/alfresco-shared.properties</value>
                 <value>classpath:alfresco/repository.properties</value>
                 <value>classpath:alfresco/version.properties</value>
                 <value>classpath:alfresco/domain/transaction.properties</value>
@@ -22,6 +28,52 @@
         </property>
     </bean>
 
+
+    <!-- Custom MBeanServer -->
+    <bean id="mbeanServer" class="org.springframework.jmx.support.MBeanServerFactoryBean"/>
+
+    <bean id="registry"   class="org.springframework.remoting.rmi.RmiRegistryFactoryBean">
+        <property name="port" value="${avm.jmxrmi.port}"/>
+    </bean>
+
+    <!-- MBeanServer Connector (registers itself with custom mbeanServer) -->
+    <bean id="serverConnector" 
+          class="org.springframework.jmx.support.ConnectorServerFactoryBean"
+          depends-on="registry">
+
+        <property name="objectName"  value="connector:name=rmi"/>
+        <property name="server" ref="mbeanServer"/>
+        <property name="serviceUrl"  value="service:jmx:rmi://localhost/jndi/rmi://localhost:${avm.jmxrmi.port}/alfresco/jmxrmi" />
+
+        <property name="environment">
+            <map>
+                <!-- The following keys are only valid when sun jmx is used -->
+                <entry key="jmx.remote.x.password.file" value="${alfresco.jmx.dir}/alfresco-jmxrmi.password"/>
+                <entry key="jmx.remote.x.access.file"   value="${alfresco.jmx.dir}/alfresco-jmxrmi.access"/>
+            </map>
+        </property>
+    </bean>
+
+    <bean id="exporter" class="org.springframework.jmx.export.MBeanExporter">
+       <property name="beans">
+         <map>
+
+           <!-- MBeans to register with mbeanServer -->
+           <entry key="Alfresco:Name=VirtServerRegistry" value-ref="VirtServerRegistry"/>
+         </map>
+
+       </property>
+       <property name="server" ref="mbeanServer"/>
+     </bean>
+
+    <!-- MBeans registered with mbeanServer -->
+    <bean id="VirtServerRegistry" class="org.alfresco.mbeans.VirtServerRegistry">
+        <property name="moo" value="1"/>
+    </bean>
+
+
+
+
     <!-- Datasource bean -->
     <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
         <property name="driverClassName">
diff --git a/config/alfresco/extension/custom-db-and-data-context.xml.sample b/config/alfresco/extension/custom-db-and-data-context.xml.sample
index 3f44bb33a4..b88e5838a7 100644
--- a/config/alfresco/extension/custom-db-and-data-context.xml.sample
+++ b/config/alfresco/extension/custom-db-and-data-context.xml.sample
@@ -15,6 +15,7 @@
         </property>
         <property name="locations">
             <list>
+                <value>classpath:alfresco/alfresco-shared.properties</value>
                 <value>classpath:alfresco/repository.properties</value>
                 <value>classpath:alfresco/version.properties</value>
                 <value>classpath:alfresco/domain/transaction.properties</value>
@@ -38,4 +39,4 @@
         </property>
     </bean>
     
-</beans>
\ No newline at end of file
+</beans>
diff --git a/config/alfresco/repository.properties b/config/alfresco/repository.properties
index af47e22408..a09be156f6 100644
--- a/config/alfresco/repository.properties
+++ b/config/alfresco/repository.properties
@@ -133,5 +133,3 @@ user.name.caseSensitive=false
 
 # AVM Specific properties.
 avm.remote.idlestream.timeout=30000
-avm.remote.port=1313
-
diff --git a/source/java/org/alfresco/util/RuntimeSystemPropertiesSetter.java b/source/java/org/alfresco/util/RuntimeSystemPropertiesSetter.java
new file mode 100644
index 0000000000..007936c3c3
--- /dev/null
+++ b/source/java/org/alfresco/util/RuntimeSystemPropertiesSetter.java
@@ -0,0 +1,67 @@
+/*-----------------------------------------------------------------------------
+*  Copyright 2006 Alfresco Inc.
+*  
+*  Licensed under the Mozilla Public License version 1.1
+*  with a permitted attribution clause. You may obtain a
+*  copy of the License at:
+*  
+*      http://www.alfresco.org/legal/license.txt
+*  
+*  Unless required by applicable law or agreed to in writing,
+*  software distributed under the License is distributed on an
+*  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+*  either express or implied. See the License for the specific
+*  language governing permissions and limitations under the
+*  License.
+*  
+*  
+*  Author  Jon Cox  <jcox@alfresco.com>
+*  File    RuntimeSystemPropertiesSetter.java
+*----------------------------------------------------------------------------*/
+
+package org.alfresco.util;
+
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.config.BeanFactoryPostProcessor; 
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.core.Ordered;
+
+
+
+/**
+*   Sets runtime JVM system properties for Spring Framework. 
+*
+*   This class is used by the Spring framework to inject system properties into
+*   the runtime environment (e.g.:  alfresco.jmx.dir).   The motivation for this 
+*   is that certain values must be set within spring must be computed in advance
+*   for org.springframework.beans.factory.config.PropertyPlaceholderConfigurer
+*   to work properly.
+*
+*/
+public class      RuntimeSystemPropertiesSetter 
+       implements BeanFactoryPostProcessor, Ordered
+{
+    // default: just before PropertyPlaceholderConfigurer
+    private int order = Integer.MAX_VALUE - 1;  
+
+    public void RuntimeSystemPropertiesSetter() { }
+
+    public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) 
+                throws BeansException 
+    {
+        ClassLoader loader = Thread.currentThread().getContextClassLoader();
+        String path=null;
+        try 
+        {
+            path = loader.getResource("alfresco/alfresco-jmxrmi.password").toURI().getPath();
+        }
+        catch (java.net.URISyntaxException e ) { e.printStackTrace(); }
+
+        String alfresco_jmx_dir =  
+               path.substring(0,path.lastIndexOf("/alfresco-jmxrmi.password"));
+
+        System.setProperty("alfresco.jmx.dir", alfresco_jmx_dir);
+    }
+    public void setOrder(int order) { this.order = order; }
+    public int getOrder()           { return order; }               
+}