Page 1 Sun GlassFish Enterprise Server 2.1 Administration Guide Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 820–4335–10 December 2008...
Page 2 Etats-Unis et dans d'autres pays; elle est licenciée exclusivement par X/Open Company, Ltd. Sun, Sun Microsystems, le logo Sun, le logo Solaris, le logo Java Coffee Cup, docs.sun.com, Java et Solaris sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc., ou ses filiales, aux Etats-Unis et dans d'autres pays.
Page 3: Table Of Contents
Contents Preface ..............................19 Enterprise Server Overview .......................23 Enterprise Server Overview and Concepts ..................23 Enterprise Server Overview ......................23 Tools for Administration ......................24 Enterprise Server Concepts ........................ 26 Domain ............................26 Domain Administration Server (DAS) ..................26 Usage Profiles ..........................27 Cluster ............................
Page 4 Contents Starting an Instance ........................35 Stopping an Instance ........................35 Restarting an Instance ......................... 35 Recreating the Domain Administration Server ................ 36 Java Business Integration ........................39 JBI Environment ..........................39 JBI Components ........................... 39 Service Assemblies ........................41 Shared Libraries ........................... 42 JBI Descriptors ..........................
Page 5 Contents IBM Informix Type 4 Driver ...................... 61 CloudScape 5.1 Type 4 Driver ....................61 Configuring Java Message Service Resources ................63 JMS Resources ............................63 The Relationship Between JMS Resources and Connector Resources ......... 64 JMS Connection Factories ........................65 JMS Destination Resources ........................
Page 6 Contents Managing Security Maps ......................87 ▼ To Delete a Connector Connection Pool .................. 87 ▼ To Set Up EIS Access ........................88 Managing Connector Resources ....................... 88 ▼ To Create a Connector Resource ....................88 ▼ To Edit a Connector Resource ....................89 ▼...
Page 7 Contents Users ............................105 Groups ............................105 Roles ............................106 Realms ............................106 Introduction to Certificates and SSL ....................108 About Digital Certificates ......................108 About Secure Sockets Layer ...................... 109 About Firewalls ..........................111 About Certificate Files ........................111 Changing the Location of Certificate Files ................
Page 8 Contents Actions of Request and Response Policy Configurations ............134 Configuring Other Security Facilities ..................135 Configuring a JCE Provider ...................... 135 Message Security Setup ........................137 Enabling Providers for Message Security ................137 Configuring the Message Security Provider ................138 Creating a Message Security Provider ..................
Page 9 Contents Viewing Deployed Web Services ..................... 156 Testing Web Services ......................... 156 Web Services Security ........................ 156 Using Web Services Registries ......................156 Adding a Registry ........................157 Publishing a Web Service to a Registry ..................157 Transforming Messages with XSLT Filters ..................158 Monitoring Web Services .........................
Page 10 Contents Overview of Monitoring ......................172 About the Tree Structure of Monitorable Objects ..............172 About Statistics for Monitored Components and Services ........... 175 Enabling and Disabling Monitoring ....................191 Configuring Monitoring Levels Using the Admin Console ..........192 ▼ To Configure Monitoring Levels Using asadmin ..............192 Viewing Monitoring Data ........................
Page 11 Contents The asadmin Utility ..........................231 The asadmin Utility ........................... 232 Common Options for Remote Commands ................... 234 The Multimode Command ......................235 The Get, Set, and List Commands ....................236 Server Lifecycle Commands ......................237 List and Status Commands ....................... 238 Deployment Commands ........................
Page 13 Figures Enterprise Server Instance ..................29 FIGURE 1–1 Role Mapping ......................105 FIGURE 9–1...
Page 15 Tables Features Available for Each Profile ................27 TABLE 1–1 Enterprise Server Listeners that Use Ports ............. 30 TABLE 1–2 JNDI Lookups and Their Associated References ........... 79 TABLE 6–1 Enterprise Server Authentication Methods ............102 TABLE 9–1 Message protection policy to WS-Security SOAP message security operation TABLE 10–1 mapping ........................
Page 16 Tables JVM Statistics for Java SE - Thread Info ............... 190 TABLE 18–23 JVM Statistics for Java SE - Threads ..............191 TABLE 18–24 Top Level ........................203 TABLE 18–25 Applications Level ....................203 TABLE 18–26 Applications - Enterprise Applications and Standalone Modules ..... 204 TABLE 18–27 HTTP-Service Level ....................
Page 17 Examples Applications Node Tree Structure ................. 173 EXAMPLE 18–1 HTTP Service Schematic (DeveloperProfile Version) ........173 EXAMPLE 18–2 HTTP Service Schematic (Cluster and Enterprise Profile Version) ....174 EXAMPLE 18–3 Resources Schematic ....................174 EXAMPLE 18–4 Connector Service Schematic ................174 EXAMPLE 18–5 JMS Service Schematic ....................
Page 19: Preface
Preface The Administration guide describes the administrative tasks of the Enterprise Server. This preface contains information about and conventions for the entire Sun GlassFish Enterprise Server documentation set. Sun GlassFish Enterprise Server Documentation Set Books in the Enterprise Server Documentation Set TABLE P–1 Book Title Description...
Page 20 Preface Books in the Enterprise Server Documentation Set (Continued) TABLE P–1 Book Title Description High Availability Administration Setting up clusters, working with node agents, and using load balancers. Guide Administration Reference Editing the Enterprise Server configuration file, domain.xml. Performance Tuning Guide Tuning the Enterprise Server to improve performance.
Page 21: Typographic Conventions
Preface Typographic Conventions The following table describes the typographic changes that are used in this book. Typographic Conventions TABLE P–3 Typeface Meaning Example The names of commands, files, and Edit your .login file. AaBbCc123 directories, and onscreen computer Use ls -a to list all files. output machine_name% you have mail.
Page 22: Sun Welcomes Your Comments
Preface Symbol Conventions (Continued) TABLE P–4 Symbol Description Example Meaning → File → New → Templates Indicates menu item From the File menu, choose New. selection in a graphical user From the New submenu, choose interface. Templates. Documentation, Support, and Training The Sun web site provides information about the following additional resources: Documentation (http://www.sun.com/documentation/) ■...
Page 23: Enterprise Server Overview
C H A P T E R Enterprise Server Overview Sun GlassFish Enterprise Server administration includes many tasks such as deploying applications, creating and configuring domains, server instances and resources; controlling (starting and stopping) domains and server instances, managing profiles and clusters, monitoring and managing performance, and diagnosing and troubleshooting problems.
Page 24: Tools For Administration
Enterprise Server Overview and Concepts Enterprise Server includes the Metro web services stack (http://metro.dev.java.net). Metro implements important WS-* standards and WS-I standardized interoperability profiles in order to assure interoperability between Java and .NET web services. Enterprise Server includes the implementation of Java Business Integration (JBI) specifications. JBI is a Java standard for structuring business systems according to a Service-Oriented Architecture (SOA).
Page 25 Enterprise Server Overview and Concepts If your configuration includes remote server instances, create node agents to manage and facilitate remote server instances. It is the responsibility of the node agent to create, start, stop, and delete a server instance. Use the command line interface (CLI) commands to set up node agents.
Page 26: Enterprise Server Concepts
Enterprise Server Concepts Enterprise Server Concepts The Enterprise Server consists of one or more domains. A domain is an administrative boundary or context. Each domain has an administration server (also called Domain Administration Server or DAS) associated with it and consists of zero or more standalone instances and/or clusters.
Page 27: Usage Profiles
Enterprise Server Concepts carry out the requests. The DAS is sometimes referred to as the admin server or default server. It is referred to as the default server because it is the only server instance that gets created on Sun GlassFish Enterprise Server installation and can be used for deployments.
Page 28: Cluster
Enterprise Server Concepts Features Available for Each Profile (Continued) TABLE 1–1 Enterprise Profile (not available with Sun GlassFish Feature Developer Profile Cluster Profile Communications Server) Security Manager Disabled Enabled Enabled HADB Not available Not available Available Load balancing Not available Available Available Node agents...
Page 29: Server Instance
Enterprise Server Concepts Server Instance The server instance is a single Java EE compatible Java Virtual Machine hosting an Enterprise Server on a single node. Each server instance has a unique name in the domain. A clustered server instance is a member of a cluster and receives all of its applications, resources, and configuration from its parent cluster;...
Page 30: Enterprise Server Listeners That Use Ports
Enterprise Server Concepts names, IP Addresses, and some administration capabilities. For the users, it is almost as if they have their own web server, without the hardware and basic server maintenance. These virtual servers do not span application server instances. For more information about virtual servers, Chapter 13, “Configuring the HTTP Service.
Page 31: Basic Enterprise Server Commands
Basic Enterprise Server Commands Basic Enterprise Server Commands Administration of the Enterprise Server includes tasks such as creation, configuration, control and management of domains, clusters, node agents, and server instances. This section contains the following topics: “Creating a Domain” on page 31 ■...
Page 32: Deleting A Domain
Basic Enterprise Server Commands Do not create an enterprise domain unless you have HADB and the Network Security Caution – Services (NSS) keystore. You will not be able to start an enterprise domain unless you have HADB and NSS. For the preceding create-domain example, the domain’s log files, configuration files, and deployed applications now reside in the following directory: domain-root-dir/mydomain To create the domain’s directory in another location, specify the --domaindir option.
Page 33: Starting The Default Domain On Windows
Basic Enterprise Server Commands Starting the Default Domain on Windows From the Windows Start Menu, select Programs -> Sun Microsystems -> Enterprise Server -> Start Admin Server. Stopping the Domain Stopping a domain shuts down its administration server and application server instance. When stopping a domain, the server instance stops accepting new connections and then waits for all outstanding connections to complete.
Page 34: Starting A Cluster
Basic Enterprise Server Commands For the full syntax, type asadmin help create-cluster. Starting a Cluster A cluster is started using the start-cluster command. The following example starts the cluster named mycluster. The command prompts for the administrative passwords. $ asadmin start-cluster --host myhost --port 1234 --user admin mycluster For the full syntax, type asadmin help start-cluster.
Page 35: Stopping A Node Agent
Basic Enterprise Server Commands For the full syntax, type asadmin help start-node-agent. Stopping a Node Agent A node agent is stopped using the stop-node-agent command and specifying the node agent name. For example, to stop the node agent mynodeagent, type the following: $ asadmin stop-node-agent mynodeagent For the full syntax, type asadmin help stop-node-agent.
Page 36: Recreating The Domain Administration Server
Basic Enterprise Server Commands Recreating the Domain Administration Server For mirroring purposes, and to provide a working copy of the Domain Administration Server (DAS), you must have: One machine (machine1) that contains the original DAS. ■ A second machine (machine2) that contains a cluster with server instances running ■...
Page 37 Basic Enterprise Server Commands Change domain-root-dir/domain1/generated/tmp directory permissions on the third machine to match the permissions of the same directory on first machine. The default permissions of this directory are: ?drwx------? (or 700). For example: chmod 700 domain-root-dir/domain1/generated/tmp The example above assumes you are backing up domain1. If you are backing up a domain by another name, you should replace domain1 above with the name of the domain being backed Change the host values for the properties in the domain.xml file for the third machine: Update the domain-root-dir/domain1/config/domain.xml on the third machine.
Page 39: Java Business Integration
C H A P T E R Java Business Integration Java Business Integration (JBI) is an implementation of the JSR 208 specification (http://www.jcp.org/en/jsr/detail?id=208) for Java Business Integration, a standard developed under the Java Community Process (JCP) as an approach to implementing a service-oriented architecture (SOA).
Page 40 JBI Environment Binding Components Binding Components are proxies for consumers or providers that are outside the JBI environment. Binding components typically are based on a standard communications protocol, such as FTP, JMS, or SMTP, or a call to an external service, such as SAP or WebSphere MQ. JBI components have the following lifecyle states: Started ■...
Page 41: Service Assemblies
JBI Environment The logging levels for JBI Components are often inherited from a parent logger such as Note – the JBI logger. To view and set parent logging levels, in the Admin Console, select Common Tasks and then Application Server. Then, in the Enterprise Server panel, select Logging and then Log Levels.
Page 42: Shared Libraries
JBI Environment Shared Libraries A Shared Library provides Java classes that are not private to a single component and is typically shared by more than one JBI Component. For example, the Java EE Service Engine requires the WSDL Shared Library. You can do the following operations on Shared Libraries.
Page 43: Jdbc Resources
C H A P T E R JDBC Resources This chapter explains how to configure JDBC resources, which are required by applications that access databases. This chapter contains the following sections: “JDBC Resources” on page 43 ■ “JDBC Connection Pools” on page 44 ■...
Page 44: Jdbc Connection Pools
JDBC Connection Pools When creating a JDBC resource, you must identify: 1. The JNDI Name. By convention, the name begins with the jdbc/ string. For example: jdbc/payrolldb. Don’t forget the forward slash. 2. Select a connection pool to be associated with the new JDBC resource. 3.
Page 45: Setting Up Database Access
Setting Up Database Access Behind the scenes, the application server retrieves a physical connection from the connection pool that corresponds to the database. The pool defines connection attributes such as the database name (URL), user name, and password. 3. Now that it is connected to the database, the application can read, modify, and add data to the database.
Page 46: Working With Jdbc Connection Pools
Working with JDBC Connection Pools Working with JDBC Connection Pools A JDBC connection pool is a group of reusable connections for a particular database. When creating the pool with the Admin Console, the Administrator is actually defining the aspects of a connection to a specific database.
Page 47 Working with JDBC Connection Pools Click OK. ▼ Creating a JDBC Connection Pool and JDBC Resource Using the CLI Use the asadmin create-jdbc-connection-pool command to create a JDBC connection pool. Sample command to create a JDBC connection pool: asadmin create-jdbc-connection-pool --datasourceclassname oracle.jdbc.pool.OracleDataSource --restype javax.sql.DataSource --property user=dbuser:password=dbpassword:url="jdbc:oracle\:thin\:@localhost\:1521\:ORCL"...
Page 48: Editing A Jdbc Connection Pool
Working with JDBC Connection Pools Editing a JDBC Connection Pool The Edit JDBC Connection Pool page provides the means to change all of the settings for an existing pool except its name. 1. Change general settings. The values of the general settings depend on the specific JDBC driver that is installed. These settings are the names of classes or interfaces in the Java programming language.
Page 49 Working with JDBC Connection Pools Optionally, the application server can validate connections before they are passed to applications. This validation allows the application server to automatically reestablish database connections if the database becomes unavailable due to network failure or database server crash.
Page 50: Editing Jdbc Connection Pool Advanced Attributes
Working with JDBC Connection Pools Parameter Description Non-transactional Connections Click the check box if you want Application Server to return all non-transactional connections. Transaction Isolation Makes it possible to select the transaction isolation level for the connections of this pool. If left unspecified, the connections operate with default isolation levels provided by the JDBC driver.
Page 51 Working with JDBC Connection Pools Attribute Description Validate Atmost Once Amount of time, in seconds, after which a connection is validated at most once. This will help reduce the number of validation requests by a connection. The default value 0 implies that connection validation is not enabled.
Page 52: Configurations For Specific Jdbc Drivers
Configurations for Specific JDBC Drivers Match Connections Use this option to switch on/off connection matching for the pool. It can be set to false if the administrator knows that the connections in the pool will always be homogeneous and hence a connection picked from the pool need not be matched by the resource adapter.
Page 53: Java Db Type 4 Driver
Configurations for Specific JDBC Drivers An Oracle database user running the capture-schema command needs ANALYZE ANY Note – TABLE privileges if that user does not own the schema. These privileges are granted to the user by the database administrator. For information about capture-schema, see Sun GlassFish Enterprise Server 2.1 Reference Manual.
Page 54: Sun Glassfish Jdbc Driver For Db2 Databases
Configurations for Specific JDBC Drivers Sun GlassFish JDBC Driver for DB2 Databases The JAR files for this driver are smbase.jar, smdb2.jar, and smutil.jar. Configure the connection pool using the following settings: Name: Use this name when you configure the JDBC resource later. ■...
Page 55: Sun Glassfish Jdbc Driver For Microsoft Sql Server Databases
Configurations for Specific JDBC Drivers Sun GlassFish JDBC Driver for Microsoft SQL Server Databases The JAR files for this driver are smbase.jar, smsqlserver.jar, and smutil.jar. Configure the connection pool using the following settings: Name: Use this name when you configure the JDBC resource later. ■...
Page 56: Ibm Db2 8.1 Type 2 Driver
Configurations for Specific JDBC Drivers IBM DB2 8.1 Type 2 Driver The JAR files for the DB2 driver are db2jcc.jar, db2jcc_license_cu.jar, and db2java.zip. Set environment variables as follows: LD_LIBRARY_PATH=/usr/db2user/sqllib/lib:${Java EE.home}/lib DB2DIR=/opt/IBM/db2/V8.1 DB2INSTANCE=db2user INSTHOME=/usr/db2user VWSPATH=/usr/db2user/sqllib THREADS_FLAG=native Configure the connection pool using the following settings: Name: Use this name when you configure the JDBC resource later.
Page 57: Mysql Type 4 Driver
Configurations for Specific JDBC Drivers password - Set as appropriate. ■ databaseName - Set as appropriate. Do not specify the complete URL, only the database ■ name. BE_AS_JDBC_COMPLIANT_AS_POSSIBLE - Set to true. ■ FAKE_METADATA - Set to true. ■ MySQL Type 4 Driver The JAR file for the MySQL driver is mysql-connector-java-version-bin-g.jar, for example, mysql-connector-java-5.0.5-bin-g.jar.
Page 58: Inet Merlia Jdbc Driver For Microsoft Sql Server Databases
Configurations for Specific JDBC Drivers DataSource Classname: com.inet.ora.OraDataSource ■ Properties: ■ user - Specify the database user. ■ password - Specify the database password. ■ serviceName - Specify the URL of the database. The syntax is as follows: ■ jdbc:inetora:server:port:dbname For example: jdbc:inetora:localhost:1521:payrolldb In this example,localhost is the host name of the machine running the Oracle server,...
Page 59: Inet Sybelux Jdbc Driver For Sybase Databases
Configurations for Specific JDBC Drivers password - Set as appropriate. ■ Inet Sybelux JDBC Driver for Sybase Databases The JAR file for the Inet Sybase driver is Sybelux.jar. Configure the connection pool using the following settings: Name: Use this name when you configure the JDBC resource later. ■...
Page 60: Oci Oracle Type 2 Driver For Oracle 8.1.7 And 9.X Databases
Configurations for Specific JDBC Drivers For example: jdbc:oracle:thin:@localhost:1521:customer_db xa-driver-does-not-support-non-tx-operations - Set to the value true. Optional: ■ only needed if both non-XA and XA connections are retrieved from the same connection pool. Might degrade performance. As an alternative to setting this property, you can create two connection pools, one for non-XA connections and one for XA connections.
Page 61: Ibm Informix Type 4 Driver
Configurations for Specific JDBC Drivers xa-driver-does-not-support-non-tx-operations - Set to the value true. Optional: ■ only needed if both non-XA and XA connections are retrieved from the same connection pool. Might degrade performance. As an alternative to setting this property, you can create two connection pools, one for non-XA connections and one for XA connections.
Page 63: Configuring Java Message Service Resources
C H A P T E R Configuring Java Message Service Resources The Enterprise Server implements the Java Message Service (JMS) API by integrating the Message Queue software into the Enterprise Server. For basic JMS API administration tasks, use the Enterprise Server Admin Console. For advanced tasks, including administering a Message Queue cluster, use the tools provided in the MQ-as-install/imq/bin directory.
Page 64: The Relationship Between Jms Resources And Connector Resources
The Relationship Between JMS Resources and Connector Resources TopicConnectionFactory objects, used for publish-subscribe communication ■ ConnectionFactory objects, which can be used for both point-to-point and ■ publish-subscribe communications; these are recommended for new applications There are two kinds of destinations: Queue objects, used for point-to-point communication ■...
Page 65: Jms Connection Factories
JMS Physical Destinations JMS Connection Factories JMS connection factories are objects that allow an application to create other JMS objects programmatically. These administered objects implement the ConnectionFactory, QueueConnectionFactory, and TopicConnectionFactory interfaces. Using the Enterprise Server Admin Console, you can create, edit, or delete a JMS Connection Factory. The creation of a new JMS connection factory also creates a connector connection pool for the factory and a connector resource.
Page 66: Configuring Jms Provider Properties
Configuring JMS Provider Properties To create a physical destination from the Admin Console, select Configuration >Physical Destinations. In the Create Physical Destinations page, specify a name for the physical destination and choose the type of destination, which can be topic or queue. For more details about the fields and properties in the Physical Destinations page, refer the Admin Console Online Help.
Page 67: Accessing Remote Servers
Foreign JMS Providers In the MQ Scheme and MQ Service fields, type the Message Queue address scheme name ■ and the Message Queue connection service name if a non-default scheme or service is to be used. Values of all these properties can be updated at run time too. However, only those connection factories that are created after the properties are updated, will get the updated values.
Page 68: Resource Adapter Properties
Foreign JMS Providers Configuring the Generic Resource Adapter Prior to deploying the resource adapter, JMS client libraries should be made available to the Enterprise Server. For some JMS providers, client libraries may also include native libraries. In such cases, these native libraries should also be made available to the JVM(s). 1.
Page 69 Foreign JMS Providers Property Name Valid Values Default Value Description Name of the class available None Class name of TopicConnectionFactory in the application server ClassName javax.jms.TopicConnectionFactory classpath , for example: implementation of the JMS client. Used if ProviderIntegrationMode is com.sun.messaging. specified as javabean.
Page 70 Foreign JMS Providers Property Name Valid Values Default Value Description Name value pairs separated None Specifies the JNDI provider properties JndiProperties by comma to be used for connecting to the JMS provider's JNDI. Used only if ProviderIntegrationMode is jndi. Method name None Specifies the common setter method CommonSetter...
Page 71: Managedconnectionfactory Properties
Foreign JMS Providers Property Name Valid Values Default Value Description ProviderManaged or The isSameRM method on an RMPolicy Provider XAResource is used by the OnePerPhysicalConnection Managed Transaction Manager to determine if the Resource Manager instance represented by two XAResources are the same.
Page 72: Administered Object Resource Properties
Foreign JMS Providers Property Name Valid Value Default Value Description A valid client ID None ClientID as specified by JMS 1.1 ClientId specification. JNDI Name None JNDI name of the connection factory ConnectionFactory bound in the JNDI tree of the JMS JndiName provider.
Page 73 Foreign JMS Providers Property Name Valid Value Default Value Description An integer Maximum size of server session pool MaxPoolSize internally created by the resource adapter for achieving concurrent message delivery. This should be equal to the maximum pool size of MDB objects.
Page 74 Foreign JMS Providers Property Name Valid Value Default Value Description integer Number of times a message will be RedeliveryAttempts delivered if a message causes a runtime exception in the MDB. time in seconds Interval between repeated deliveries, if RedeliveryInterval a message causes a runtime exception in the MDB.
Page 75: Configuring Javamail Resources
C H A P T E R Configuring JavaMail Resources The Enterprise Server includes the JavaMail API. The JavaMail API is a set of abstract APIs that model a mail system. The API provides a platform-independent and protocol-independent framework to build mail and messaging applications. The JavaMail API provides facilities for reading and sending electronic messages.
Page 76 Creating a JavaMail Session To create a JavaMail session using the Admin Console, select Resources —> JavaMail Sessions. Specify the JavaMail settings as follows: JNDI Name: The unique name for the mail session. Use the naming sub-context prefix mail/ ■ for JavaMail resources.
Page 77: Jndi Resources
C H A P T E R JNDI Resources The Java Naming and Directory Interface (JNDI) is an application programming interface (API) for accessing different kinds of naming and directory services. Java EE components locate objects by invoking the JNDI lookup method. JNDI is the acronym for the Java Naming and Directory Interface API.
Page 78: Naming References And Binding Information
Naming References and Binding Information application component's environment allows the application component to be customized without the need to access or change the application component's source code. A Java EE container implements the application component's environment, and provides it to the application component instance as a JNDI naming context.
Page 79: Using Custom Resources
Using External JNDI Repositories and Resources JNDI Lookups and Their Associated References TABLE 6–1 JNDI Lookup Name Associated Reference Application environment entries java:comp/env JDBC DataSource resource manager connection factories java:comp/env/jdbc EJB References java:comp/env/ejb UserTransaction references java:comp/UserTransaction JavaMail Session Connection Factories java:comp/env/mail URL Connection Factories java:comp/env/url...
Page 80 Using External JNDI Repositories and Resources -- and jndi-lookup-name refers to the JNDI name to lookup to fetch the -- designated (in this case the java) object. --> <external-jndi-resource jndi-name="test/myBean" jndi-lookup-name="cn=myBean" res-type="test.myBean" factory-class="com.sun.jndi.ldap.LdapCtxFactory"> <property name="PROVIDER-URL" value="ldap://ldapserver:389/o=myObjects" /> <property name="SECURITY_AUTHENTICATION" value="simple" /> <property name="SECURITY_PRINCIPAL", value="cn=joeSmith, o=Engineering"...
Page 81: Connector Resources
C H A P T E R Connector Resources This chapter explains how to configure connectors, which are used to access enterprise information systems (EISs). This chapter contains the following sections: “An Overview of Connectors” on page 81 ■ “Managing Connector Connection Pools” on page 82 ■...
Page 82: Managing Connector Connection Pools
Managing Connector Connection Pools Managing Connector Connection Pools “To Create a Connector Connection Pool” on page 82 ■ “To Edit a Connector Connection Pool” on page 83 ■ “To Edit Connector Connection Pool Advanced Attributes” on page 85 ■ “To Edit Connection Pool Properties” on page 87 ■...
Page 83: To Edit A Connector Connection Pool
Managing Connector Connection Pools c. In the Additional Properties table, add any required properties. In the previous Create Connector Connection Pool page, you selected a class in the Connection Definition combo box. If this class is in the server’s classpath, then the Additional Properties table displays default properties.
Page 84 Managing Connector Connection Pools On Any Failure If you select the checkbox labelled Close All Connections, if a single connection fails, then the application server will close all connections in the pool and then reestablish them. If you do not select the checkbox, then individual connections will be reestablished only when they are used.
Page 85: To Edit Connector Connection Pool Advanced Attributes
Managing Connector Connection Pools Using the asadmin commands to change connection pool properties. More Information You can use the asadmin get and set commands to view and change the values of the connection pool properties. To list all the connector connection pools in the server: asadmin list domain.resources.connector-connection-pool.* To view the properties of the connector connection pool, you can use the following command: asadmin get domain.resources.connector-connection-pool.conectionpoolname.*...
Page 86 Managing Connector Connection Pools Lazy Association Connections are lazily associated when an operation is performed on them. Also, they are disassociated when the transaction is completed and a component method ends, which helps reuse of the physical connections. Default value is false. Lazy Connection Enable this option to enlist a resource to the transaction only when it is actually Enlistment...
Page 87: To Edit Connection Pool Properties
Managing Connector Connection Pools ▼ To Edit Connection Pool Properties Use the Additional Properties tab to modify the properties of an existing pool. The properties specified depend on the resource adapter used by this pool. The name-value pairs specified by the deployer using this table can be used to override the default values for the properties defined by the resource-adapter vendor.
Page 88: To Set Up Eis Access
Managing Connector Resources Equivalent asadmin command More Information delete-connector-connection-pool ▼ To Set Up EIS Access Deploy (install) a connector. Create a connection pool for the connector. Create a connector resource that is associated with the connection pool. Managing Connector Resources “To Create a Connector Resource”...
Page 89: To Edit A Connector Resource
Managing Connector Resources d. Do one of the following: If you are using the cluster profile, you will see the Targets section of the page. in the ■ Targets section of the page, select the domain, cluster, or server instances where the connector resource will reside, from the Available field and click Add.
Page 90: To Configure The Connector Service
Managing Administered Object Resources On the Connector Resources page, select the checkbox for the resource to be deleted. Click Delete. Equivalent asadmin command More Information delete-connector-resource ▼ To Configure the Connector Service Use the Connector Service screen to configure the connector container for all resource adapters deployed to this cluster or server instance.
Page 91: To Create An Administered Object Resource
Managing Administered Object Resources To create, edit, and delete Connector Connection Pools, click Resources —> Administered Object Resources in the Admin Console. Consult the Admin Console Online Help for detailed instructions on managing connector connection pools. “To Create an Administered Object Resource” on page 91 ■...
Page 92: To Edit An Administered Object Resource
Managing Administered Object Resources g. Click Finish. Equivalent asadmin command More Information create-admin-object ▼ To Edit an Administered Object Resource In the tree component, expand the Resource node and then the Connectors node. Expand the Administered Object Resources node. Select the node for the administered object resource to be edited. On the Edit Administered Object Resources page, modify values specified in Creating an Administered Object Resource.
Page 93: Web And Ejb Containers
C H A P T E R Web and EJB Containers Containers provide runtime support for application components. Application components use the protocols and methods of the container to access other application components and services provided by the server. The Enterprise Server provides an application client container, an applet container, a Web container, and an EJB container.
Page 94: Editing The Properties Of The Sip Container
The SIP Servlet Container Editing the Properties of the SIP Container The sub-elements of the SIP container are session-managerand session-properties. store-properties, manager-properties are sub-elements of session-manager. For a complete list of SIP container properties, see TBDlink. To change the properties of the SIP container using the Admin Console, select the Configuration node, select the configuration name, and the SIP Container node.
Page 95: The Web Container
The EJB Container Editing SIP Container Session Manager Properties To view the sub-elements of the SIP container session manager properties, use the following command: list server.sip-container.session-config.session-manager.* The two sub-elements are store-properties, manager-properties. To view the attributes of store-properties, use the following command: get server.sip-container.session-config.session-manager.store-properties.* To view the attributes of manager-properties, use the following command: get server.sip-container.session-config.session-manager.manager-properties.*...
Page 97: Configuring Security
C H A P T E R Configuring Security Security is about protecting data: how to prevent unauthorized access or damage to it in storage or transit. The Enterprise Server; has a dynamic, extensible security architecture based on the Java EE standard. Built in security features include cryptography, authentication and authorization, and public key infrastructure.
Page 98: Tools For Managing Security
Tools for Managing Security In declarative security, the container (the Enterprise Server) handles security through an ■ application's deployment descriptors. You can control declarative security by editing deployment descriptors directly or with a tool such as deploytool. Because deployment descriptors can change after an application is developed, declarative security allows for more flexibility.
Page 99: Managing Security Of Passwords
Managing Security of Passwords For more information on using certutil, pk12util, and other NSS security tools, see NSS Security Tools at http://www.mozilla.org/projects/security/pki/nss/tools. Managing Security of Passwords In the Enterprise Server, the file domain.xml, which contains the specifications for a particular domain, initially contains the password of the Message Queue broker in clear text.
Page 100: Protecting Files With Encoded Passwords
Managing Security of Passwords Enclose the alias password in single quotes as shown in the example. Note – 3. Restart the Enterprise Server for the relevant domain. Protecting Files with Encoded Passwords Some files contain encoded passwords that need protecting using file system permissions. These files include the following: domain-dir/master-password ■...
Page 101: Working With The Master Password And Keystores
Managing Security of Passwords At this point in time, server instances that are running must not be started and Caution – running server instances must not be restarted until the SMP on their corresponding node agent has been changed. If a server instance is restarted before changing its SMP, it will fail to come up.
Page 102: About Authentication And Authorization
About Authentication and Authorization About Authentication and Authorization Authentication and authorization are central concepts of application server security. The following topics are discussed related to authentication and authorization: “Authenticating Entities” on page 102 ■ “Authorizing Users” on page 103 ■ “Specifying JACC Providers”...
Page 103: Authorizing Users
About Authentication and Authorization Enterprise Server Authentication Methods (Continued) TABLE 9–1 DIGEST HTTP and SIP Server authenticates the client based SSL and TLS on an encrypted response. Verifying Single Sign-On Single sign-on enables multiple applications in one virtual server instance to share the user authentication state.
Page 104: Configuring Message Security
Understanding Users, Groups, Roles, and Realms Configuring Message Security Message Security enables a server to perform end-to-end authentication of web service invocations and responses at the message layer. The Enterprise Server implements message security using message security providers on the SOAP layer. The message security providers provide information such as the type of authentication that is required for the request and response messages.
Page 105: Users
Understanding Users, Groups, Roles, and Realms Users and groups are designated for the entire Enterprise Server, whereas each Note – application defines its own roles. When the application is being packaged and deployed, the application specifies mappings between users/groups and roles, as illustrated in the following figure.
Page 106: Roles
Understanding Users, Groups, Roles, and Realms Roles A role defines which applications and what parts of each application users can access and what they can do. In other words, roles determine users' authorization levels. For example, in a personnel application all employees might have access to phone numbers and email addresses, but only managers would have access to salary information.
Page 107 Understanding Users, Groups, Roles, and Realms In the JDBC realm, the server gets user credentials from a database. The Enterprise Server uses the database information and the enabled JDBC realm option in the configuration file. For digest authentication, a JDBC realm should be created with jdbcDigestRealm as the JAAS context.
Page 108: Introduction To Certificates And Ssl
Introduction to Certificates and SSL Assign a security role to users in the realm. To assign a security role to a user, add a security-role-mapping element to the deployment descriptor that you modified in Step The following example shows a security-role-mapping element that assigns the security role Employee to user Calvin.
Page 109: About Secure Sockets Layer
Introduction to Certificates and SSL Most importantly, a certificate binds the owner's public key to the owner's identity. Like a passport binds a photograph to personal information about its holder, a certificate binds a public key to information about its owner. In addition to the public key, a certificate typically includes information such as: The name of the holder and other identification, such as the URL of the Web server using ■...
Page 110 Introduction to Certificates and SSL When a Web browser (client) wants to connect to a secure site, an SSL handshake happens: The browser sends a message over the network requesting a secure session (typically, by ■ requesting a URL that begins with https instead of http). The server responds by sending its certificate (including its public key).
Page 111: About Firewalls
About Certificate Files If all virtual hosts on a single IP address need to authenticate against the same certificate, the addition of multiple virtual hosts probably will not interfere with normal SSL operations on the server. Be aware, however, that most browsers will compare the server's domain name against the domain name listed in the certificate, if any (applicable primarily to official, CA-signed certificates).
Page 112: Changing The Location Of Certificate Files
Using Java Secure Socket Extension (JSSE) Tools In the Developer Profile, on the server side, the Enterprise Server uses the JSSE format, which uses keytool to manage certificates and key stores. In the Clusters and Enterprise Profile, on the server side, the Enterprise Server uses NSS, which uses certutil to manage the NSS database which stores private keys and certificates.
Page 113 Using Java Secure Socket Extension (JSSE) Tools Create a self-signed certificate in a keystore of type JKS using an RSA key algorithm. RSA is ■ public-key encryption technology developed by RSA Data Security, Inc. The acronym stands for Rivest, Shamir, and Adelman, the inventors of the technology. keytool -genkey -noprompt -trustcacerts -keyalg RSA -alias ${cert.alias} -dname ${dn.name} -keypass ${key.pass} -keystore ${keystore.file} -storepass ${keystore.pass}...
Page 114: Generating A Certificate Using The Keytool Utility
Using Java Secure Socket Extension (JSSE) Tools keytool -delete -noprompt -alias ${cert.alias} -keystore ${keystore.file} -storepass ${keystore.pass} Another example of deleting a certificate from a keystore is shown in “Deleting a Certificate Using the keytool Utility” on page 115 Generating a Certificate Using the keytool Utility Use keytool to generate, import, and export certificates.
Page 115: Signing A Digital Certificate Using The Keytool Utility
Using Java Secure Socket Extension (JSSE) Tools 6. If you have changed the keystore or private key password from their default, then substitute the new password for changeit in the above command. The tool displays information about the certificate and prompts whether you want to trust the certificate.
Page 116: Using Network Security Services (Nss) Tools
Using Network Security Services (NSS) Tools keytool -delete -alias keyAlias -keystore keystore-name -storepass password Using Network Security Services (NSS) Tools In the Clusters and Enterprise Profile, use Network Security Services (NSS) digital certificates on the server-side to manage the database that stores private keys and certificates. For the client side (appclient or stand-alone), use the JSSE format as discussed in “Using Java Secure Socket Extension (JSSE) Tools”...
Page 117: Using The Certutil Utility
In this example, domain-dir/config. The serverseed.txt and clientseed.txt files can contain any random text. This random text will be used for generating the key pair. certutil -S -n $SERVER_CERT_NAME -x -t "u,u,u" -s "CN=$HOSTNAME.$HOSTDOMAIN, OU=Java Software, O=Sun Microsystems Inc., L=Santa Clara, ST=CA, C=US" -m 25001 -o $CERT_DB_DIR/Server.crt -d $CERT_DB_DIR -f passfile <$CERT_UTIL_DIR/serverseed.txt...
Page 118: Importing And Exporting Certificates Using The Pk12Util Utility
Using Network Security Services (NSS) Tools Import an RFC text-formatted certificate into an NSS certificate database. ■ certutil -A -a -n ${cert.nickname} -t ${cert.trust.options} -f ${pass.file} -i ${cert.rfc.file} -d ${admin.domain.dir}/${admin.domain}/config Export a certificate from an NSS certificate database in RFC format. ■...
Page 119: Adding And Deleting Pkcs11 Modules Using Modutil
Using Network Security Services (NSS) Tools pk12util -o -n ${cert.nickname} -h ${token.name} -k ${pass.file} -w ${cert.pass.file} -d ${admin.domain.dir}/${admin.domain}/config Convert a PKCS12 certificate into JKS format (requires a Java source): ■ <target name="convert-pkcs12-to-jks" depends="init-common"> <delete file="${jks.file}" failonerror="false"/> <java classname="com.sun.enterprise.security.KeyTool"> <arg line="-pkcs12"/> <arg line="-pkcsFile ${pkcs12.file}"/>...
Page 120: Using Hardware Crypto Accelerator With Enterprise Server
Using Hardware Crypto Accelerator With Enterprise Server Using Hardware Crypto Accelerator With Enterprise Server You can use hardware accelerator tokens to improve the cryptographic performance and to furnish a secure key storage facility. Additionally, you can provide end users with mobile secure key storage through smart cards.
Page 121: Configuring Pkcs#11 Tokens
Using Hardware Crypto Accelerator With Enterprise Server For the Microsoft Windows environment, add the location of NSS libraries AS_NSS and the NSS tools directory, AS_NSS_BIN to the PATH environment variable. For simplicity, the procedures described in this section use UNIX commands only. You should replace the UNIX variables with the Windows variables, where appropriate.
Page 122: Managing Keys And Certificates
Using Hardware Crypto Accelerator With Enterprise Server Using database directory /var/opt/SUNWappserver/domains/domain1/config ... Listing of PKCS#11 Modules ----------------------------------------------------------- 1. NSS Internal PKCS#11 Module slots: 2 slots attached status: loaded slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services slot: NSS User Private Key and Certificate Services token: NSS Certificate DB 2.
Page 123 Using Hardware Crypto Accelerator With Enterprise Server Listing Keys and Certificates To list the keys and certificates in the configured PKCS#11 tokens, run the following ■ command: certutil -L -d AS_NSS_DB [-h tokenname] For example, to list the contents of the default NSS soft token, type: certutil -L -d AS_NSS_DB The standard output will be similar to the following: verisignc1g1...
Page 124: Configuring J2Se 5.0 Pkcs#11 Providers
Using Hardware Crypto Accelerator With Enterprise Server Working With Private Keys and Certificates Use certutil to create self-signed certificates and to import or export certificates. To import or export private keys, use the pk12util utility. For more details, see “Using Network Security Services (NSS) Tools”...
Page 125 Using Hardware Crypto Accelerator With Enterprise Server To create a custom configuration file: 1. Create a configuration file called as-install/mypkcs11.cfg with the following code and save the file. name=HW1000 library=/opt/SUNWconn/crypto/lib/libpkcs11.so slotListIndex=0 disabledMechanisms = { 	CKM_RSA_PKCS 	CKM_RSA_PKCS_KEY_PAIR_GEN omitInitialize=true 2. Update the NSS database, if necessary. In this case, update the NSS database so that it will disable RSA.
Page 127: Configuring Message Security
Web Services Security that was developed in OASIS by a collaboration of all the major providers of web services technology (including Sun Microsystems). WS-Security is a message security mechanism that uses XML Encryption and XML Digital Signature to secure web services messages sent over SOAP.
Page 128: Understanding Message Security In The Enterprise Server
Understanding Message Security in the Enterprise Server Understanding Message Security in the Enterprise Server The Enterprise Server offers integrated support for the WS-Security standard in its web services client and server-side containers. This functionality is integrated such that web services security is enforced by the containers of the Enterprise Server on behalf of applications, and such that it can be applied to protect any web service application without requiring changes to the implementation of the application.
Page 129: About Security Tokens And Security Mechanisms
Understanding Message Security in the Enterprise Server Application Deployer The application deployer is responsible for: Specifying (at application assembly) any required application-specific message protection ■ policies if such policies have not already been specified by upstream roles (the developer or assembler).
Page 130 Understanding Message Security in the Enterprise Server About Digital Signatures The Enterprise Server uses XML Digital signatures to bind an authentication identity to message content. Clients use digital signatures to establish their caller identity, analogous to the way basic authentication or SSL client certificate authentication have been used to do the same thing when transport layer security is being used.
Page 131: Glossary Of Message Security Terminology
Understanding Message Security in the Enterprise Server Glossary of Message Security Terminology The terminology used in this document is described below. The concepts are also discussed in “Configuring the Enterprise Server for Message Security” on page 133. Authentication Layer ■ The authentication layer is the message layer on which authentication processing must be performed.
Page 132: Securing A Web Service
Securing a Web Service The response policy defines the authentication policy requirements associated with response processing performed by the authentication provider. Policies are expressed in message sender order such that a requirement that encryption occur after content would mean that the message receiver would expect to decrypt the message before validating the signature.
Page 133: Configuring Application-Specific Web Services Security
Configuring the Enterprise Server for Message Security Configuring Application-Specific Web Services Security Application-specific web services security functionality is configured (at application assembly) by defining message-security-binding elements in the Sun-specific deployment descriptors of the application. These message-security-binding elements are used to associate a specific provider or message protection policy with a web services endpoint or service reference, and may be qualified so that they apply to a specific port or method of the corresponding endpoint or referenced service.
Page 134: Actions Of Request And Response Policy Configurations
Configuring the Enterprise Server for Message Security Actions of Request and Response Policy Configurations The following table shows message protection policy configurations and the resulting message security operations performed by the WS-Security SOAP message security providers for that configuration. Message protection policy to WS-Security SOAP message security operation mapping TABLE 10–1 Message Protection Policy Resulting WS-Security SOAP message protection operations...
Page 135: Configuring Other Security Facilities
Configuring the Enterprise Server for Message Security Message protection policy to WS-Security SOAP message security operation mapping TABLE 10–1 (Continued) Message Protection Policy Resulting WS-Security SOAP message protection operations auth-recipient="before-content" The content of the SOAP message Body is encrypted and replaced with the resulting xend:EncryptedData.
Page 136 Configuring the Enterprise Server for Message Security If you are running the Enterprise Server on version 1.5 of the Java SDK, the JCE provider is already configured properly. If you are running the Enterprise Server on version 1.4.x of the Java SDK, you can add a JCE provider statically as part of your JDK environment, as follows.
Page 137: Message Security Setup
Message Security Setup 6. Restart the Enterprise Server. Message Security Setup Most of the steps for setting up the Enterprise Server for using message security can be accomplished using the Admin Console, the asadmin command-line tool, or by manually editing system files. In general, editing system files is discouraged due to the possibility of making unintended changes that prevent the Enterprise Server from running properly, therefore, where possible, steps for configuring the Enterprise Server using the Admin Console are shown first, with the asadmin tool command shown after.
Page 138: Configuring The Message Security Provider
Message Security Setup To specify the default server provider: ■ asadmin set --user admin-user --port admin-port server-config.security-service.message-security-config.SOAP. default_provider=ServerProvider To specify the default client provider: ■ asadmin set --user admin-user --port admin-port server-config.security-service.message-security-config.SOAP. default_client_provider=ClientProvider Configuring the Message Security Provider Typically, a provider would be re-configured to modify its message protection policies, although the provider type, implementation class, and provider-specific configuration properties may also be modified.
Page 139: Creating A Message Security Provider
Message Security Setup Creating a Message Security Provider To configure an existing provider using the Admin Console, select Configuration node > the instance to Configure> Security node > Message Security node > SOAP node > Providers tab. For more detailed instructions on creating a message security provider, see the Admin Console online help.
Page 140: Further Information
Message Security Setup <log-service file="" level="WARNING"/> <message-security-config auth-layer="SOAP" default-client-provider="ClientProvider"> <provider-config class-name="com.sun.enterprise.security.jauth.ClientAuthModule" provider-id="ClientProvider" provider-type="client"> <request-policy auth-source="sender | content" auth-recipient="after-content | before-content"/> <response-policy auth-source="sender | content" auth-recipient="after-content | before-content"/> <property name="security.config" value="as-install/lib/appclient/wss-client-config.xml"/> </provider-config> </message-security-config> </client-container> Valid values for auth-source include sender and content. Valid values for auth-recipient include before-content and after-content.
Page 141: Configuring The Diagnostic Service
C H A P T E R Configuring the Diagnostic Service The Diagnostic Service provides more visibility into and control of the runtime performance of a server and its applications, allowing you to diagnose and isolate faults as they occur. This chapter contains the following sections: “What is the Diagnostic Framework?”...
Page 142: Generating A Diagnostic Report
Diagnostic Service Framework Installation specific details are collected only for file-based installations. Capture System Information: The following system information is collected by default: ■ Network Settings ■ OS details ■ Hardware information ■ Data collected using native code is not available on the Platform Edition of Application Server.
Page 143: Transactions
C H A P T E R Transactions By enclosing one or more steps in an indivisible unit of work, a transaction ensures data integrity and consistency. This chapter contains the following sections: “About Transactions” on page 143 ■ “Admin Console Tasks for Transactions” on page 145 ■...
Page 144: Transactions In Java Ee Technology
About Transactions See Also: “Transactions in Java EE Technology” on page 144 ■ “Configuring Transactions” on page 145 ■ Transactions in Java EE Technology Transaction processing involves the following five participants: Transaction Manager ■ Enterprise Server ■ Resource Manager(s) ■ Resource Adapter(s) ■...
Page 145: Workarounds For Specific Databases
Admin Console Tasks for Transactions Workarounds for Specific Databases The Enterprise Server provides workarounds for some known issues with the recovery implementations of the following JDBC drivers. These workarounds are used unless explicitly disabled. Oracle thin driver - The XAResource.recover method repeatedly returns the same set of ■...
Page 146 Admin Console Tasks for Transactions When the transaction spans across servers, the server that started the transaction can contact the other servers to get the outcome of the transactions. If the other servers are unreachable, the transaction uses the Heuristic Decision field to determine the outcome. In the tree component select the Configurations node.
Page 147 Admin Console Tasks for Transactions Select the instance to configure: To configure a particular instance, select the instance’s config node. For example, the default ■ instance, server, select the server-config node. To configure the default settings for all instances, select the default-config node. ■...
Page 148 Admin Console Tasks for Transactions Restart the Enterprise Server. ▼ To set the keypoint interval Keypoint operations compress the transaction log file. The keypoint interval is the number of transactions between keypoint operations on the log. Keypoint operations can reduce the size of the transaction log files.
Page 149: Configuring The Http Service
C H A P T E R Configuring the HTTP Service The HTTP service is the component of the Enterprise Server that provides facilities for deploying web applications and for making deployed web applications accessible by HTTP clients. These facilities are provided by means of two kinds of related objects, virtual servers and HTTP listeners.
Page 150: Http Listeners
HTTP Listeners http://www.aaa.com:8080/web1 http://www.bbb.com:8080/web2 http://www.ccc.com:8080/web3 The first URL is mapped to virtual host www.aaa.com, the second URL is mapped to virtual host www.bbb.com, and the third is mapped to virtual host www.ccc.com. On the other hand, the following URL results in a 404 return code, because web3 isn’t registered with www.bbb.com: http://www.bbb.com:8080/web3 For this mapping to work, make sure that www.aaa.com, www.bbb.com, and www.ccc.com all...
Page 151 HTTP Listeners However, if an HTTP listener uses the 0.0.0.0 IP address, which listens on all IP addresses on a port, you cannot create HTTP listeners for additional IP addresses that listen on the same port for a specific IP address. For example, if an HTTP listener uses 0.0.0.0:8080 (all IP addresses on port 8080), another HTTP listener cannot use 1.2.3.4:8080.
Page 152 HTTP Listeners The Keep-Alive subsystem periodically polls such idle connections and queues those connections with activity into the connection queue for future processing. From there, a request processing thread again retrieves the connection and processes its request. The Keep-Alive subsystem is multi-threaded, as it manages potentially tens of thousands of connections. Efficient polling techniques are used, by dividing the number of connections into smaller subsets, to determine which connections are ready with requests and which of those connections have idled for sufficient time to deem them closed (beyond a maximum...
Page 153: Managing Web Services
C H A P T E R Managing Web Services This chapter describes web services management with Enterprise Server. Admin Console and the asadmin tool enable you deploy, test, and manage web services. You can quickly visualize, understand, monitor, and manage complex web services. You can see all web services deployed in a domain just as you see Java EE applications and application components such as EJBs.
Page 154: Web Services Standards
Overview of Web Services simple, flexible, text-based markup language. XML data is marked using tags enclosed in angled brackets. The tags contain the meaning of the data they mark. Such markup allows different systems to easily exchange data with each other. A Document Type Definition (DTD) or XML Schema Definition (XSD) describes the structure of an XML document.
Page 155: Deploying And Testing Web Services
Deploying and Testing Web Services service endpoints, along with corresponding WSDL descriptions, and clients. A JAX-RPC based web service can interact with clients that are not based on Java. Similarly, a JAX-RPC based client can interact with a non-Java-based web service implementation. Java API for XML registries (JAXR), a Java API for accessing business registries, has a flexible architecture that supports UDDI, and other registry specifications (such as ebXML).
Page 156: Sun Glassfish Enterprise Server 2.1 Administration Guide • December
Using Web Services Registries Viewing Deployed Web Services To test a web service with Admin Console, select Applications > Web Services > web-service-name | General. Admin Console displays t the attributes of the web service: Name: the name of the web service. ■...
Page 157: Adding A Registry
Using Web Services Registries Adding a Registry Add or remove a web services registry with Admin Console at Application Server > Web Services | Registry. Use this page to create a Registry Access Point (RAP). When you add a registry, specify the following paramters: JNDI Name: the connection resource pool (JNDI) name of the registry.
Page 158: Transforming Messages With Xslt Filters
Transforming Messages with XSLT Filters Transforming Messages with XSLT Filters You can apply XSLT transformation rules to a web service end point. This enables fine-grained control of web service requests and responses. You can apply multiple XSLT rules to a web service end point method, and you can configure the order in which you apply the transformations.
Page 159: Viewing Web Service Statistics
Monitoring Web Services OFF- Disables monitoring. ■ Enter a value for the Message History. The default is 25. Click the Reset button to clear all statistics and the running averages are restarted. Viewing Web Service Statistics Enterprise Server provides capabilities to track and graphically display the operational statistics of a web service.
Page 161: Configuring The Object Request Broker
C H A P T E R Configuring the Object Request Broker This chapter describes how to configure the Object Request Broker (ORB) and IIOP listeners. It has the following sections: “An Overview of the Object Request Broker” on page 161 ■...
Page 162: What Is The Orb
Configuring the ORB What is the ORB? The Object Request Broker (ORB) is the central component of CORBA. The ORB provides the required infrastructure to identify and locate objects, handle connection management, deliver data, and request communication. A CORBA object never talks directly with another. Instead, the object makes requests through a remote stub to the ORB running on the local machine.
Page 163: Thread Pools
C H A P T E R Thread Pools The Java Virtual Machine (JVM) can support many threads of execution at once. To help performance, the Enterprise Server maintains one or more thread pools. It is possible to assign specific thread pools to connector modules and to the ORB. One thread pool can serve multiple connector modules and enterprise beans.
Page 164: Working With Thread Pools
Working with Thread Pools Working with Thread Pools To create a thread pool using the Admin Console, go to Configuration > Thread Pools > Current Pools > New. Enter the name of the thread pool in the Thread Pool ID field. ■...
Page 165: Configuring Logging
C H A P T E R Configuring Logging This chapter briefly describes how to configure logging and view the server log. It contains the following sections: “About Logging” on page 165 ■ “Configuring Logging” on page 168 ■ About Logging “Log Records”...
Page 166: The Logger Namespace Hierarchy
About Logging [#|2006-10-21T13:25:53.852-0400|INFO|sun-appserver9.1|javax.enterprise. system.core|_ThreadID=13;|CORE5004: Resource Deployed: [cr:jms/DurableConnectionFactory].|#] In this example, [# and #] mark the beginning and end of the record. ■ The vertical bar (|) separates the record fields. ■ 2006-10-21T13:25:53.852-0400 specifies the date and time. ■ The Log Level is INFO. This level may have any of the following values: SEVERE, WARNING, ■...
Page 167 About Logging Enterprise Server Logger Namespaces (Continued) TABLE 17–1 Module Name Namespace Group Management Service (cluster and javax.ee.enterprise.system.gms enterprise profiles only) JavaMail javax.enterprise.resource.javamail JAXR javax.enterprise.resource.webservices.registry JAXRPC javax.enterprise.resource.webservices.rpc JAXWS javax.enterprise.resource.webservices.javaws com.sun.jbi javax.enterprise.resource.jms javax.enterprise.resource.jta javax.enterprise.system.core.transaction MDB Container javax.enterprise.system.container.ejb.mdb Naming javax.enterprise.system.core.naming Persistence oracle.toplink.essentials, javax.enterprise.resource.jdo, javax.enterprise.system.container.cmp Node Agent (cluster and enterprise profiles...
Page 168: Configuring Logging
Configuring Logging Configuring Logging This section contains the following topics: “Configuring General Logging Settings” on page 168 ■ “Configuring Log Levels” on page 168 ■ “Viewing Server Logs” on page 169 ■ Configuring General Logging Settings To configure the general logging settings using the Admin Console: For the developer profile, go to Application Server →...
Page 169: Viewing Server Logs
Configuring Logging Viewing Server Logs To view the log files: In the developer profile, go to Applications Server → Logging → View Log Files. ■ In the cluster and enterprise profiles, go to Configurations → Configuration → Logger ■ Settings → General, and click View Log Files. Use the options provided in the Search Criteria area to display log results based on your preferences.
Page 170 Configuring Logging A window labeled Log Entry Detail appears, with a formatted version of the message. At the end of the list of entries, click the buttons to view earlier or later entries in the log file. Click Advanced Search in the Search Criteria area to make additional refinements to the log viewer.
Page 171: Monitoring Components And Services
C H A P T E R Monitoring Components and Services This chapter contains information about monitoring components using the Enterprise Server Admin Console. This chapter contains the following sections: “About Monitoring” on page 171 ■ “Enabling and Disabling Monitoring” on page 191 ■...
Page 172: Overview Of Monitoring
About Monitoring Overview of Monitoring To monitor the Enterprise Server, perform these steps: 1. Enable the monitoring of specific services and components using either the Admin Console or the asadmin tool. For more information on this step, refer to “Enabling and Disabling Monitoring” on page 191.
Page 173: Applications Node Tree Structure
About Monitoring Applications Node Tree Structure EXAMPLE 18–1 applications |--- application1 |--- ejb-module-1 |--- ejb1 * |--- cache (for entity/sfsb) * |--- pool (for slsb/mdb/entity) * |--- methods |---method1 * |---method2 * |--- stateful-session-store (for sfsb)* |--- timers (for s1sb/entity/mdb) * |--- web-module-1 |--- virtual-server-1 * |---servlet1 *...
Page 174: Resources Schematic
About Monitoring HTTP Service Schematic (Cluster and Enterprise Profile Version) EXAMPLE 18–3 http-service * |---connection-queue * |---dns * |---file-cache * |---keep-alive * |---virtual-server-1* |--- request * |---virtual-server-2* |--- request * The Resources Tree The resources node holds monitorable attributes for pools such as the JDBC connection pool and connector connection pool.
Page 175: About Statistics For Monitored Components And Services
About Monitoring JMS Service Schematic EXAMPLE 18–6 jms-service |-- connection-factories [AKA conn. pools in the RA world] |-- connection-factory-1 (All CF stats for this CF) |-- work-management (All work mgmt stats for the MQ-RA) The ORB Tree The ORB node holds monitorable attributes for connection managers. The following schematic shows the top and child nodes for the ORB components.
Page 176: Table
About Monitoring “Thread Pools Statistics” on page 186 ■ “Transaction Service Statistics” on page 186 ■ “Java Virtual Machine (JVM) Statistics” on page 187 ■ “JVM Statistics in Java SE” on page 187 ■ EJB Container Statistics The EJB container statistics are described in the following tables: Table 18–1 ■...
Page 177: Ejb Method Statistics
About Monitoring EJB Method Statistics TABLE 18–2 Attribute Name Data Type Description TimeStatistic Number of times an operation is methodstatistic called; the total time that is spent during the invocation, and so on. CountStatistic Number of times the method totalnumerrors execution resulted in an exception.
Page 178 About Monitoring EJB Session Store Statistics (Continued) TABLE 18–3 Attribute Name Data Type Description CountStatistic Time (ms) spent executing the activationErrorCount method for the last successful/unsuccessful attempt to execute the operation. This is collected for stateless and stateful session beans and entity beans, if monitoring is enabled on the EJB container.
Page 179: Ejb Pool Statistics
About Monitoring EJB Pool Statistics TABLE 18–4 Attribute Name Data Type Description BoundedRangeStatistic Number of EJB’s in the associated pool, numbeansinpool providing an idea about how the pool is changing. BoundedRangeStatistic Number of threads waiting for free numthreadswaiting beans, giving an indication of possible congestion of requests.
Page 180: Timer Statistics
About Monitoring EJB Cache Statistics (Continued) TABLE 18–5 Attribute Name Data Type Description CountStatistic Number of times passivation completed numpassivationsuccess successfully. Applies only to stateful session beans. The statistics available for Timers are listed in the following table. Timer Statistics TABLE 18–6 Statistic Data Type...
Page 181 About Monitoring Web Container (Web Module) Statistics TABLE 18–8 Statistic Data Type Comments CountStatistic Number of JSP pages that have jspcount been loaded in the web module. CountStatistic Number of JSP pages that have jspreloadcount been reloaded in the web module. CountStatistic Total number of sessions that sessionstotal...
Page 182: Http Service Statistics (Developer Profile)
About Monitoring HTTP Service Statistics (Developer Profile) TABLE 18–9 Statistic Units Data Type Comments Bytes CountStatistic The cumulative value of the bytes bytesreceived received by each of the request processors. Bytes CountStatistic The cumulative value of the bytes sent by bytessent each of the request processors.
Page 183: Jdbc Connection Pool Statistics
About Monitoring The statistics available for the JDBC connection pool are shown in the following table. JDBC Connection Pool Statistics TABLE 18–10 Statistic Units Data Type Description Number CountStatistic The total number of connections numconnfailedvalidation in the connection pool that failed validation from the start time until the last sample time.
Page 184: Connector Connection Pool Statistics
About Monitoring JDBC Connection Pool Statistics (Continued) TABLE 18–10 Statistic Units Data Type Description Number CountStatistic Number of logical connections numconnacquired acquired from the pool. Number CountStatistic Number of logical connections numconnreleased released to the pool. JMS/Connector Service Statistics The statistics available for the connector connection pools are shown in Table 18–11.
Page 185: Connector Work Management Statistics
About Monitoring Connector Connection Pool Statistics (Continued) TABLE 18–11 Statistic Units Data Type Description Number CountStatistic Number of physical connections that numconndestroyed were destroyed since the last reset. Number CountStatistic Number of logical connections acquired numconnacquired from the pool. Number CountStatistic Number of logical connections released numconnreleased...
Page 186: Thread Pool Statistics
About Monitoring Connection Manager (in an ORB) Statistics (Continued) TABLE 18–13 Statistic Units Data Type Description Number BoundedRangeStatistic Total number of connections to the totalconnections ORB. Thread Pools Statistics The statistics available for the thread pool are shown in the following table. Thread Pool Statistics TABLE 18–14 Statistic...
Page 187: Transaction Service Statistics
About Monitoring Transaction Service Statistics (Continued) TABLE 18–15 Statistic Data Type Description CountStatistic Number of transactions that have been committedcount committed. CountStatistic Number of transactions that have been rolledbackcount rolled back. StringStatistic Indicates whether or not the transaction state has been frozen. Java Virtual Machine (JVM) Statistics The JVM has monitorable attributes that are always enabled.
Page 188: Jvm Statistics For Java Se- Compilation
About Monitoring JVM Statistics for Java SE- Class Loading (Continued) TABLE 18–17 Statistic Data Type Description CountStatistic Total number of classes that have been totalloadedclasscount loaded since the JVM began execution. CountStatistic Number of classes that have been unloadedclasscount unloaded from the JVM since the JVM began execution.
Page 189: Jvm Statistics For Java Se - Operating System
About Monitoring JVM Statistics for Java SE- Memory (Continued) TABLE 18–20 Statistic Data Type Description CountStatistic Amount of memory (in bytes) that is committedheapsize committed for the JVM to use. CountStatistic Size of the non-heap area initially initnonheapsize requested by the JVM. CountStatistic Size of the non-heap area currently in use.
Page 190: Jvm Statistics For Java Se - Thread Info
About Monitoring JVM Statistics for Java SE - Runtime (Continued) TABLE 18–22 Statistic Data Type Description StringStatistic Management spec. version implemented managementspecversion by the JVM. StringStatistic Classpath that is used by the system class classpath loader to search for class files. StringStatistic Java library path.
Page 191: Enabling And Disabling Monitoring
Enabling and Disabling Monitoring JVM Statistics for Java SE - Thread Info (Continued) TABLE 18–23 Statistic Data Type Description CountStatistic ID of the thread that holds the monitor lockownerid lock of an object on which this thread is blocking. StringStatistic Name of the thread that holds the monitor lockownername lock of the object this thread is blocking...
Page 192: Configuring Monitoring Levels Using The Admin Console
Enabling and Disabling Monitoring Configuring Monitoring Levels Using the Admin Console To configure monitoring in the Admin Console: For the developer profile, go to Configuration → Monitoring ■ For the cluster and enterprise profiles, go to Configurations → Configuration → ■...
Page 193: Viewing Monitoring Data
Viewing Monitoring Data Viewing Monitoring Data “Viewing Monitoring Data in the Admin Console” on page 193 ■ “Viewing Monitoring Data With the asadmin Tool” on page 193 ■ Viewing Monitoring Data in the Admin Console In the developer profile, to view monitoring data, go to Application Server → Monitor. In the cluster and enterprise profiles, to view monitoring data for a stand-alone instance, go to Stand-Alone Instances →...
Page 194 Viewing Monitoring Data servlet, connection, connectorpool, endpoint, entitybean, messagedriven, statefulsession, statelesssession, httpservice, or webmodule. For example, to view data for jvm on server, enter the following: asadmin>monitor --type jvm --user adminuser server JVM Monitoring UpTime(ms) HeapSize(bytes) current high count 327142979 531628032 0 45940736 45940736...
Page 195 Viewing Monitoring Data To display monitoring statistics for an application component or subsystem for which monitoring has been enabled, use the asadmin get command. To get the statistics, type the asadmin get command in a terminal window, specifying a name displayed by the list command in the preceding step.
Page 196 Viewing Monitoring Data Another example, application, is a valid monitorable object type and is not a singleton. To address a non-singleton child node representing, for example, the application PetStore, the dotted name is: server.applications.petstore The dotted names can also address specific attributes in monitorable objects. For example, http-service has a monitorable attribute called bytesreceived-lastsampletime.
Page 197 Viewing Monitoring Data Examples for the list --user admin-user --monitor Command The list command provides information about the application components and subsystems currently being monitored for the specified server instance name. Using this command, you can see the monitorable components and subcomponents for a server instance. For a more complete listing of list examples, see “Expected Output for list and get Commands at All Levels”...
Page 198 Viewing Monitoring Data When an attribute is requested that does not exist for a particular component or subsystem, an error is returned. Similarly, when a specific attribute is requested that is not active for a component or subsystem, an error is returned. Refer to “Expected Output for list and get Commands at All Levels”...
Page 199 Viewing Monitoring Data Example 3 Attempt to get a specific attribute from a subsystem: asadmin> get --user admin-user --monitor server.jvm.uptime-lastsampletime Returns: server.jvm.uptime-lastsampletime = 1093215374813 Example 4 Attempt to get an unknown attribute from within a subsystem attribute: asadmin> get --user admin-user --monitor server.jvm.badname Returns: No such attribute found from reflecting the corresponding Stats interface: [badname]...
Page 200 Viewing Monitoring Data server.http-service server.resources server.thread-pools The list of monitorable components includes thread-pools, http-service, resources, and all deployed (and enabled) applications. List the monitorable subcomponents in the PetStore application (-m can be used instead of --monitor): asadmin> list -m server.applications.petstore Returns: server.applications.petstore.signon-ejb_jar server.applications.petstore.catalog-ejb_jar...
Page 201 Viewing Monitoring Data Returns: Nothing to list at server.applications.petstore.signon-ejb_jar. UserEJB.bean-methods.getUserName. To get the valid names beginning with a string, use the wildcard "*" character. For example, to list all names that begin with "server", use "list server*". There are no monitorable subcomponents for methods. Get all monitorable statistics for the method getUserName.
Page 202 Viewing Monitoring Data server.applications.petstore.signon-ejb_jar.UserEJB.bean-methods. getUserName.totalnumerrors-count = 0 server.applications.petstore.signon-ejb_jar.UserEJB.bean-methods. getUserName.totalnumerrors-description = Provides the total number of errors that occured during invocation or execution of an operation. server.applications.petstore.signon-ejb_jar.UserEJB.bean-methods. getUserName.totalnumerrors-lastsampletime = 1079981809273 server.applications.petstore.signon-ejb_jar.UserEJB.bean-methods. getUserName.totalnumerrors-name = TotalNumErrors server.applications.petstore.signon-ejb_jar.UserEJB.bean-methods. getUserName.totalnumerrors-starttime = 1079980593137 server.applications.petstore.signon-ejb_jar.UserEJB.bean-methods. getUserName.totalnumerrors-unit = count server.applications.petstore.signon-ejb_jar.UserEJB.bean-methods.
Page 203: Top Level
Viewing Monitoring Data Top Level TABLE 18–25 Command Dotted Name Output list -m server server.applicationsserver.thread-poolsserver. resourcesserver.http-serviceserver.transaction- serviceserver.orb.connection-managersserver.orb. connection-managers.orb\.Connections\.Inbound\. AcceptedConnectionsserver.jvm Hierarchy of child nodes below this node. list -m server.* No output except a message saying there are no attributes at this node. get -m server.* The following table shows the command, dotted name, and corresponding output for the...
Page 204: Applications - Enterprise Applications And Standalone Modules
Viewing Monitoring Data Applications - Enterprise Applications and Standalone Modules TABLE 18–27 Command Dotted Name Output list -m server.applications.app1 ejb-module1_jarweb-module2_warejb- module3_jarweb-module3_war... *app1 Note: this level is only applicable if an enterprise application has been deployed. It is not applicable if a standalone module is deployed.
Page 205 Viewing Monitoring Data Applications - Enterprise Applications and Standalone Modules (Continued) TABLE 18–27 Command Dotted Name Output List of child nodes: list -m server.applications.app1. ejb-module1_jar.bean1 bean-poolbean-cachebean-method Note: In standalone modules, the node containing the application name (app1 in this example) will not appear.
Page 206: Table
Viewing Monitoring Data Applications - Enterprise Applications and Standalone Modules (Continued) TABLE 18–27 Command Dotted Name Output No attributes, but a message saying “Use get command with list -m server.applications.app1. the --monitor option to view this node’s attributes and ejb-module1_jar.bean1.bean-cache values.
Page 207: Thread-Pools Level
Viewing Monitoring Data HTTP-Service Level TABLE 18–28 Command Dotted Name Output List of virtual servers. list -m server.http-service No output except message saying there are no get -m server.http-service.* attributes at this node. List of HTTP Listeners. list -m server.http-service.server No output except message saying there are no get -m server.http-service.server.*...
Page 208: Transaction-Service Level
Viewing Monitoring Data Resources Level TABLE 18–30 Command Dotted Name Output List of pool names. list -m server.resources No output except message saying get -m server.resources.* there are no attributes at this node. No attributes, but a message list -m server.resources.jdbc-connection-pool-pool.
Page 209: Using Jconsole
Using JConsole ORB Level (Continued) TABLE 18–32 Command Dotted Name Output No output except message saying there are no get -m server.orb.connection-managers.* attributes at this node. No attributes, but a message saying “Use get list -m server.orb.connection-managers. command with the --monitor option to view orb\.Connections\.Inbound\ this node’s attributes and values.
Page 210: Securing Jconsole To Application Server Connection
Using JConsole To view all the MBeans, Enterprise Server provides a configuration of the Standard JMX Connector Server called System JMX Connector Server. As part of Enterprise Server startup, an instance of this JMX Connector Server is started. Any compliant JMX connector client can connect to the server using this Connector Server.
Page 211: Prerequisites For Connecting Jconsole To Application Server
Using JConsole The security-enabled flag for the JMX Connector is false. If you are running the cluster or enterprise profile, or if you have turned on security for the JMX Connector in the developer profile, this flag is set to true. <!- –...
Page 212: Connecting Jconsole Securely To Application Server
Using JConsole In the Connect to Agent tab of JConsole, enter user name, password, host name and port (8686, by default). The user name refers to the administration user name and password refers to the administration password of the domain. Click Connect.
Page 213 Using JConsole Start JConsole by running JDK_HOME/bin/jconsole In the Connect to Agent tab of JConsole, enter user name, password, host name and port (8686, by default). The user name refers to the administration user name and password refers to the administration password of the domain.
Page 215: Configuring Management Rules
C H A P T E R Configuring Management Rules This section contains information about setting administration policies to automate routine administration tasks, configure self-tuning of the application server for diverse runtime conditions and improve availability by preventing failures. This section also contains information on the self-management templates, which are predefined management rules that you can customize.
Page 216: Configuring Management Rules
Configuring Management Rules notifications and take appropriate action. For details on developing a custom MBean and deploying it, see Chapter 14, “Developing Custom MBeans, ” in Sun GlassFish Enterprise Server 2.1 Developer’s Guide. The Enterprise Server provides some useful events, which you can further extend by writing custom MBeans to emit notifications.
Page 217 Configuring Management Rules In addition, to enable a individual management rule, you must enable the rule on this page by clicking the box next to the rule and clicking Enable. A rule's MBeans must also be enabled on a target. To enable MBeans, go to Custom MBeans → MBean.
Page 219: Java Virtual Machine And Advanced Settings
C H A P T E R Java Virtual Machine and Advanced Settings The Java Virtual Machine (JVM) is an interpretive computing engine responsible for running the byte codes in a compiled Java program. The JVM translates the Java byte codes into the native instructions of the host machine.
Page 220: Configuring Advanced Settings
Configuring Advanced Settings Debug Options: Specify the JPDA options passed to the JVM when the debugging is ■ enabled. RMI Compile Options: Enter the command-line options for the rmic compiler. The ■ Enterprise Server runs the rmic compiler when EJB components are deployed. Bytecode Preprocessor: Enter a comma separated list of class names.
Page 221: Automatically Restarting A Domain Or Node Agent
A P P E N D I X Automatically Restarting a Domain or Node Agent If your domain or node agent is stopped unexpectedly (for example, if you need to restart your machine), you can configure your system to automatically restart the domain or node agent. This Appendix contains the following topics: “Restarting Automatically on Solaris 10”...
Page 222 Restarting Automatically on Solaris 10 To determine if a user has the net_privaddr privilege, log in as that user and type the command ppriv -l | grep net_privaddr. To run the asadmin create-service command, you must have solaris.smf.* authorization. See the useradd and usermod man pages to find out how to set the authorizations. You must also have write permission in the directory tree: /var/svc/manifest/application/SUNWappserver.
Page 223: Restarting Automatically Using Inittab On Solaris 9 And Linux Platforms
Restarting Automatically on the Microsoft Windows Platform Restarting Automatically Using inittab on Solaris 9 and Linux Platforms To restart your domain on the Solaris 9 or Linux platform, add a line of text to the /etc/inittab file. If you use /etc/rc.local, or your system’s equivalent, place a line in /etc/rc.local that calls the desired asadmin command.
Page 224 Restarting Automatically on the Microsoft Windows Platform C:\winnt\system32\sc.exe create service-name binPath= \"fully-qualified-path-to-appservService.exe \"fully-qualified-path-to-asadmin.bat start-command\" \"fully-qualified-path-to-asadmin.bat stop-command\"" start= auto DisplayName= "display-name" There is no space between binpath and the equals sign (=). There must be a space after Note – the equals sign and before the path. For example, to create a service called SunJavaSystemAppServer DOMAIN1 that starts and stops the domain domain1, using a password file C:\Sun\AppServer\password.txt: C:\windows\system32\sc.exe create domain1 binPath=...
Page 225: Preventing The Service From Shutting Down When A User Logs Out
Security for Automatic Restarts Preventing the Service From Shutting Down When a User Logs Out By default, the Java VM catches signals from Windows that indicate that the operating system is shutting down, or that a user is logging out, and shuts itself down cleanly. This behavior causes the Enterprise Server service to shut down when a user logs out of Windows.
Page 226 Security for Automatic Restarts If the “interact with desktop” option is not set, the service stays in a “start-pending” state and appears to hang. Kill the service process to recover from this state. On Windows or UNIX, create a domain using the --savemasterpassword=true option and ■...
Page 227: Dotted Name Attributes For Domain.xml
A P P E N D I X Dotted Name Attributes for domain.xml This appendix describes the dotted name attributes that can be used to address the MBean and its attributes. Every element in the domain.xml file has a corresponding MBean. Because the syntax for using these names involves separating names between periods, these names are called dotted names.
Page 228 Top Level Elements Element Name Dotted Name Prefix clusters domain.clusters Every cluster contained in this element is accessible as cluster-name. Where cluster-name is the value of the name attribute for the cluster subelement. node-agents domain.node-agents lb-configs domain.lb-configs Applicable only for Sun GlassFish Enterprise Server system-property domain.system-property converged-lb-configs domain.converged-lb-configs...
Page 229: Elements Not Aliased
Elements Not Aliased Dotted Name Aliased to target.admin-service config-name.admin-service target.web-container config-name.web-container target.sip-container config-name.sip-container Applicable only for Sun GlassFish Communications Server target.ejb-container config-name.ejb-container target.mdb-container config-name.mdb-container target.jms-service config-name.jms-service target.sip-service config-name.sip-service Applicable only for Sun GlassFish Communications Server target.log-service config-name.log-service target.security-service config-name.security-service target.transaction-service config-name.transaction-service target.monitoring-service config-name.monitoring-service...
Page 231: The Asadmin Utility
A P P E N D I X The asadmin Utility The Application Server includes a command-line administration utility known as asadmin. Theasadmin utility is used to start and stop the Application Server, manage users, resources, and applications. This chapter contains the following sections: “Common Options for Remote Commands”...
Page 232: The Asadmin Utility
The asadmin Utility The asadmin Utility Use the asadmin utility to perform any administrative tasks for the Application Server. You can use this asadmin utility in place of using the Administrator interface. The asadmin utility invokes subcommands that identify the operation or task you wish to perform.
Page 233: Passwordfile Contents
The asadmin Utility -s --secure if true, uses SSL/TLS to communicate with the domain application server. ■ -t --terse indicates that any output data must be very concise, typically avoiding ■ human-friendly sentences and favoring well-formatted data for consumption by a script. Default is false.
Page 234: Common Options For Remote Commands
Common Options for Remote Commands To use the --secure option, you must use the set command to enable the security --enabled flag in the admin http-listener in the domain.xml. When you use the asadmin subcommands to create and/or delete, you must restart the server for the newly created command to take affect.
Page 235: The Multimode Command
The Multimode Command Remote Commands Required Options (Continued) TABLE C–1 Option Definition The --passwordfile option specifies the name of a file containing the password --passwordfile entries in a specific format. The entry for the password must have the AS_ADMIN_ prefix followed by the password name in uppercase letters. For example, to specify the domain administration server password, use an entry with the following format: AS_ADMIN_PASSWORD=password, where password is the actual administrator password.
Page 236: The Get, Set, And List Commands
The Get, Set, and List Commands invokemultimode from within a multimodesession; once you exit the second multimode environment, you return to your original multimode environment. The Get, Set, and List Commands The asadmin get, set and list commands work in tandem to provide a navigation mechanism for the Application Server's abstract hierarchy.
Page 237: Server Lifecycle Commands
Server Lifecycle Commands The list command treats this complete dotted name as the complete name of a parent ■ node in the abstract hierarchy. Upon providing this name to list command, it simply returns the names of the immediate children at that level. For example,list server.applications.web-module will list all the web modules deployed to the domain or the default server.
Page 238: List And Status Commands
List and Status Commands Server Lifecycle Commands (Continued) TABLE C–2 Command Definition Starts a domain. If the domain directory is not specified, the domain in the start-domain default install_dir/domains directory is started. If there are two or more domains, the domain_name operand must be specified. Stops the Domain Administration Server of the specified domain.
Page 239: Deployment Commands
Deployment Commands List and Status Commands (Continued) TABLE C–3 Lists all deployed Java EE 5 components. If the --typeoption is not specified, list-components all components are listed. Lists EJBs or Servlets in a deployed module or in a module of the deployed list-sub-components application.
Page 240: Version Commands
Version Commands Version Commands The version commands return the version string, display a list of all the asadmin commands, and allow you to install the license file. Version Commands TABLE C–5 Command Definition Displays the version information. If the command cannot communicate with version the administration server with the given user/password and host/port, then the command will retrieve the version locally and display a warning message.
Page 241: Resource Management Commands
Resource Management Commands Resource Management Commands The resource commands allow you to manage the various resources used in your application. Resource Management Commands TABLE C–7 Command Definition Registers a new JDBC connection pool with the specified JDBC create-jdbc-connection-pool connection pool name. Deletes a JDBC connection pool.
Page 242 Resource Management Commands Resource Management Commands (Continued) TABLE C–7 Command Definition Removes a custom resource. delete-custom-resource Lists the custom resources. list-custom-resources create-connector-connection-pool Adds a new connector connection pool with the specified connection pool name. delete-connector-connection-pool Removes the connector connection pool specified using the operand connector_connection_pool_name.
Page 243: Configuration Commands
Configuration Commands Configuration Commands The configuration commands allow you to construct IIOP listeners, lifecycle modules, HTTP and IIOP listeners, profilers, and other subsystems. This section contains the following topics: “HTTP and IIOP Listener Commands” on page 243 ■ “Lifecycle and Audit Module Commands” on page 243 ■...
Page 244: Profiler And Ssl Commands
Configuration Commands Lifecycle Module Commands TABLE C–9 Command Definition Creates a lifecycle module. The lifecycle modules provide a means of running create-lifecycle-module short or long duration Java-based tasks within the application server environment. Removes the specified lifecycle module. delete-lifecycle-module Lists the existing lifecycle module. list-lifecycle-modules Adds the named audit module for the plug-in module that implements the create-audit-module...
Page 245: Threadpool And Auth-Realm Commands
Configuration Commands JVM Options and Virtual Server Commands TABLE C–11 Command Definition Creates JVM options in the Java configuration or profiler elements of the create-jvm-option domain.xml file. If JVM options are created for a profiler, they are used to record the settings needed to get a particular profiler going. You must restart the server for newly created JVM options to take effect.
Page 246: Registry Commands
User Management Commands Transaction Commands TABLE C–13 Command Definition Freezes the transaction subsystem during which time all the inflight freeze-transaction transactions are suspended. Invoke this command before rolling back any inflight transactions. Invoking this command on an already frozen transaction subsystem has no effect. Resumes all the suspended inflight transactions.
Page 247: Rules And Monitoring Commands
Database Commands User Management Commands (Continued) TABLE C–15 Command Definition Updates an existing entry in the keyfile using the specified user_name, update-file-user user_password and groups. Multiple groups can be entered by separating them, with a colon (:). Creates a list of file users supported by file realm authentication. list-file-users Administers file users and groups supported by the file realm authentication.
Page 248: Diagnostic And Logging Commands
Diagnostic and Logging Commands Database Commands TABLE C–17 Command Definition start-database Starts the Java DB server that is available with the Application Server. Use this command only for working with applications deployed to the Application Server. stop-database Stops a process of the Java DB server. Java DB server is available with the Application Server.
Page 249: Security Service Commands
Security Service Commands Web Service Commands (Continued) TABLE C–19 Command Definition Deletes an XSLT transformation rule of a given web service. delete-transformation-rule Lists all the transformation rules of a given web service in the order list-transformation-rules they are applied. Publishes the web service artifacts to registries. publish-to-registry Unpublishes the web service artifacts from the registries.
Page 250: Password Commands
Password Commands Security Commands (Continued) TABLE C–20 Command Definition Enables administrators to delete a provider-config sub-element for delete-message-security-provide the given message layer (message-security-config element of domain.xml, the file that specifies parameters and properties to the Application Server). Enables administrators to list all security message providers list-message-security-providers (provider-config sub-elements) for the given message layer (message-security-config element of domain.xml).
Page 251: Verify Command
Service Command Verify Command The XML verifier command verifies the content of the domain.xml file. Verify Command TABLE C–22 Command Definition Verifies the content of the domain.xml file. verify-domain-xml Custom MBean Commands The MBean commands allow you to manage and register custom MBeans. The commands are supported in remote mode only.
Page 252: Property Command
Property Command Property Command Shared server instances will often need to override attributes defined in their referenced configuration. Any configuration attribute in a server instance can be overridden through a system property of the corresponding name. Use the system property commands to manage these shared server instances.
Page 253: Index
Index containers (Continued) web, 93, 95 CORBA, 161 See containers threads, 163 application client, 93 create-domain command, 31 acceptor threads, in HTTP listeners, 151 custom resources, using, 79 Admin Console, 24 applets, 93 asadmin utility, 25 databases JNDI names, 77 resource references, 78 bean-cache, monitoring attribute names, 179-180 supported, 52...
Page 254 Index external repositories, accessing, 79 JCE provider configuring, 135 JDBC drivers, 144 supported drivers, 52 Foreign Providers, JMS, 67-74 Foreign Providers, 67-74 Resource Adapter, Generic, 67-74 JMS resources connection factory resources, 63-64 get command, monitoring data, 197 destination resources, 63-64 overview, 63-64 physical destinations, 63-64 queues, 63-64...
Page 255 Index logging (Continued) ORB (Continued) viewing the server log, 169-170 service, monitoring, 185-186 man pages, 25 performance, thread pools, 163 monitoring Port listeners, 30 bean-cache attributes, 179-180 container subsystems, 172-173 ORB service, 185-186 transaction service, 186-187 using get command, 197 queues, JMS, 63-64 using list command, 197 MSSQL Inet JDBC driver, 58-59...
Page 256 Index thread pools, 163 performance, 163 thread starvation, 163 threads, See thread pools, 163 topics, JMS, 63-64 total-beans-created, 179 totalbeansdestroyed, 179 totalnumerrors, 177 totalnumsuccess, 177 Transaction Manager See transactions managers, 144 transaction service, monitoring, 186-187 transactions, 143 associating, 144 attributes, 144 committing, 143 completing, 144 demarcations, 144...

Sun Microsystems GlassFish Enterprise Server 2.1 Administration Manual

Table of Contents

Table/Table

Preface

1 Enterprise Server Overview

2 Java Business Integration

3 JDBC Resources

4 Configuring Java Message Service Resources

5 Configuring Javamail Resources

6 JNDI Resources

7 Connector Resources

8 Web and EJB Containers

9 Configuring Security

10 Configuring Message Security

11 Configuring the Diagnostic Service

12 Transactions

13 Configuring the HTTP Service

14 Managing Web Services

15 Configuring the Object Request Broker

16 Thread Pools

17 Configuring Logging

18 Monitoring Components and Services

19 Configuring Management Rules

20 Java Virtual Machine and Advanced Settings

Automatically Restarting a Domain or Node Agent

Dotted Name Attributes for Domain.xml

The Asadmin Utility

Index

Quick Links

Chapters

Related Manuals for Sun Microsystems GlassFish Enterprise Server 2.1

Summary of Contents for Sun Microsystems GlassFish Enterprise Server 2.1