inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Point checkin.

Browse Source 
Inserting a password-protected MBean and associated RMI-based 
 MBeanServer into the Alfresco webapp context.

 Right now, it's just in "hello world" condition,
 but you can say: 

        jconsole service:jmx:rmi:///jndi/rmi://your-alfresco-box:50500/alfresco/jmxrmi

 and browse the MBean  (assuming you know the associated jmxrolename/password).
 Just one property right now ("moo"), but fleshes out all the major issues
 for isolating the JMX for our MBean from the JMX for the JVM as a whole.




git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/WCM-DEV2/root@4441 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jon Cox
2006-11-24 19:08:01 +00:00
parent 65ba5f5024
commit 0eda95cc5f
7 changed files with 246 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
config/alfresco/alfresco-jmxrmi.access Normal file
View File

@@ -0,0 +1,48 @@
######################################################################
# Default Access Control File for Remote JMX(TM) Monitoring
######################################################################
#
# Access control file for Remote JMX API access to monitoring.
# This file defines the allowed access for different roles. The
# password file (jmxremote.password by default) defines the roles and their
# passwords. To be functional, a role must have an entry in
# both the password and the access files.
#
# Default location of this file is $JRE/lib/management/jmxremote.access
# You can specify an alternate location by specifying a property in
# the management config file $JRE/lib/management/management.properties
# (See that file for details)
#
# The file format for password and access files is syntactically the same
# as the Properties file format. The syntax is described in the Javadoc
# for java.util.Properties.load.
# Typical access file has multiple lines, where each line is blank,
# a comment (like this one), or an access control entry.
#
# An access control entry consists of a role name, and an
# associated access level. The role name is any string that does not
# itself contain spaces or tabs. It corresponds to an entry in the
# password file (jmxremote.password). The access level is one of the
# following:
# "readonly" grants access to read attributes of MBeans.
# For monitoring, this means that a remote client in this
# role can read measurements but cannot perform any action
# that changes the environment of the running program.
# "readwrite" grants access to read and write attributes of MBeans,
# to invoke operations on them, and to create or remove them.
# This access should be granted to only trusted clients,
# since they can potentially interfere with the smooth
# operation of a running program
#
# A given role should have at most one entry in this file. If a role
# has no entry, it has no access.
# If multiple entries are found for the same role name, then the last
# access entry is used.
#
#
# Default access control entries:
# o The "monitorRole" role has readonly access.
# o The "controlRole" role has readwrite access.
monitorRole readonly
controlRole readwrite

63
config/alfresco/alfresco-jmxrmi.password Normal file
View File

@@ -0,0 +1,63 @@
# ----------------------------------------------------------------------
# Template for jmxremote.password
#
# o Copy this template to jmxremote.password
# o Set the user/password entries in jmxremote.password
# o Change the permission of jmxremote.password to read-only
# by the owner.
#
# See below for the location of jmxremote.password file.
# ----------------------------------------------------------------------
##############################################################
# Password File for Remote JMX Monitoring
##############################################################
#
# Password file for Remote JMX API access to monitoring. This
# file defines the different roles and their passwords. The access
# control file (jmxremote.access by default) defines the allowed
# access for each role. To be functional, a role must have an entry
# in both the password and the access files.
#
# Default location of this file is $JRE/lib/management/jmxremote.password
# You can specify an alternate location by specifying a property in
# the management config file $JRE/lib/management/management.properties
# or by specifying a system property (See that file for details).
##############################################################
# File permissions of the jmxremote.password file
##############################################################
# Since there are cleartext passwords stored in this file,
# this file must be readable by ONLY the owner,
# otherwise the program will exit with an error.
#
# The file format for password and access files is syntactically the same
# as the Properties file format. The syntax is described in the Javadoc
# for java.util.Properties.load.
# Typical password file has multiple lines, where each line is blank,
# a comment (like this one), or a password entry.
#
#
# A password entry consists of a role name and an associated
# password. The role name is any string that does not itself contain
# spaces or tabs. The password is again any string that does not
# contain spaces or tabs. Note that passwords appear in the clear in
# this file, so it is a good idea not to use valuable passwords.
#
# A given role should have at most one entry in this file. If a role
# has no entry, it has no access.
# If multiple entries are found for the same role name, then the last one
# is used.
#
# In a typical installation, this file can be read by anybody on the
# local machine, and possibly by people on other machines.
# For # security, you should either restrict the access to this file,
# or specify another, less accessible file in the management config file
# as described above.
#
# Following are two commented-out entries. The "measureRole" role has
# password "QED". The "controlRole" role has password "R&D".
#
monitorRole change_asap
controlRole change_asap

14
config/alfresco/alfresco-shared.properties Normal file
View File

@@ -0,0 +1,14 @@
#
# Properties shared between the Alfresco server
# and its remote clients (e.g.: the virtualization server).
#
# Ports used by Alfresco AVM
#
# Note: These ports are also used by the virtualization server
# (hence, they're in a seperate file that's can be copied easily).
# MBeanServer registry (protocol: RMI)
avm.jmxrmi.port=50500
# AVMRemote API (protocol: RMI)
avm.remote.port=1313

52
config/alfresco/core-services-context.xml
View File

@@ -8,6 +8,11 @@
<!-- PERSISTENCE -->
<!-- -->
<!-- Load runtime-dependent properties (e.g.: alfresco.jmx.dir). -->
<!-- Note: This bean relies on PropertyPlaceholderConfigurer -->
<bean id="runtimeProperties" class="org.alfresco.util.RuntimeSystemPropertiesSetter"/>
<!-- load common properties -->
<bean id="repository-properties" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="ignoreUnresolvablePlaceholders">
@@ -15,6 +20,7 @@
</property>
<property name="locations">
<list>
<value>classpath:alfresco/alfresco-shared.properties</value>
<value>classpath:alfresco/repository.properties</value>
<value>classpath:alfresco/version.properties</value>
<value>classpath:alfresco/domain/transaction.properties</value>
@@ -22,6 +28,52 @@
</property>
</bean>
<!-- Custom MBeanServer -->
<bean id="mbeanServer" class="org.springframework.jmx.support.MBeanServerFactoryBean"/>
<bean id="registry" class="org.springframework.remoting.rmi.RmiRegistryFactoryBean">
<property name="port" value="${avm.jmxrmi.port}"/>
</bean>
<!-- MBeanServer Connector (registers itself with custom mbeanServer) -->
<bean id="serverConnector"
class="org.springframework.jmx.support.ConnectorServerFactoryBean"
depends-on="registry">
<property name="objectName" value="connector:name=rmi"/>
<property name="server" ref="mbeanServer"/>
<property name="serviceUrl" value="service:jmx:rmi://localhost/jndi/rmi://localhost:${avm.jmxrmi.port}/alfresco/jmxrmi" />
<property name="environment">
<map>
<!-- The following keys are only valid when sun jmx is used -->
<entry key="jmx.remote.x.password.file" value="${alfresco.jmx.dir}/alfresco-jmxrmi.password"/>
<entry key="jmx.remote.x.access.file" value="${alfresco.jmx.dir}/alfresco-jmxrmi.access"/>
</map>
</property>
</bean>
<bean id="exporter" class="org.springframework.jmx.export.MBeanExporter">
<property name="beans">
<map>
<!-- MBeans to register with mbeanServer -->
<entry key="Alfresco:Name=VirtServerRegistry" value-ref="VirtServerRegistry"/>
</map>
</property>
<property name="server" ref="mbeanServer"/>
</bean>
<!-- MBeans registered with mbeanServer -->
<bean id="VirtServerRegistry" class="org.alfresco.mbeans.VirtServerRegistry">
<property name="moo" value="1"/>
</bean>
<!-- Datasource bean -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName">

3
config/alfresco/extension/custom-db-and-data-context.xml.sample
View File

@@ -15,6 +15,7 @@
</property>
<property name="locations">
<list>
<value>classpath:alfresco/alfresco-shared.properties</value>
<value>classpath:alfresco/repository.properties</value>
<value>classpath:alfresco/version.properties</value>
<value>classpath:alfresco/domain/transaction.properties</value>
@@ -38,4 +39,4 @@
</property>
</bean>
</beans>
</beans>

2
config/alfresco/repository.properties
View File

@@ -133,5 +133,3 @@ user.name.caseSensitive=false
# AVM Specific properties.
avm.remote.idlestream.timeout=30000
avm.remote.port=1313