manualshive.com logo in svg

Sun Microsystems Sun GlassFish Enterprise Server 2.1, Administration Manual

The Sun Microsystems Sun GlassFish Enterprise Server 2.1 is a powerful software solution for managing and deploying Java Platform, Enterprise Edition (Java EE) applications. Its comprehensive Administration Manual offers detailed instructions on configuring and optimizing the server. Visit our website today to download this invaluable resource for free.

Share
Download
background image

About Authentication and Authorization

Authentication and authorization are central concepts of application server security. The
following topics are discussed related to authentication and authorization:

“Authenticating Entities” on page 102

“Authorizing Users” on page 103

“Specifying JACC Providers” on page 103

“Auditing Authentication and Authorization Decisions” on page 103

“Configuring Message Security” on page 104

Authenticating Entities

Authentication

is the way an entity (a user, an application, or a component) determines that

another entity is who it claims to be. An entity uses

security credentials

to authenticate itself.

The credentials may be a user name and password, a digital certificate, or something else.

Typically, authentication means a user logging in to an application with a user name and
password; but it might also refer to an EJB providing security credentials when it requests a
resource from the server. Usually, servers or applications require clients to authenticate;
additionally, clients can require servers to authenticate themselves, too. When authentication is
bidirectional, it is called mutual authentication.

When an entity tries to access a protected resource, the Enterprise Server uses the
authentication mechanism configured for that resource to determine whether to grant access.
For example, a user can enter a user name and password in a Web browser, and if the
application verifies those credentials, the user is authenticated. The user is associated with this
authenticated security identity for the remainder of the session.

The Enterprise Server supports four types of authentication. An application specifies the type of
authentication it uses within its deployment descriptors.

TABLE 9–1

Enterprise Server Authentication Methods

Authentication Method

Communication Protocol

Description

User Credential
Encryption

BASIC

HTTP (SSL optional)

Uses the server's built-in pop-up
login dialog box.

None, unless using SSL.

FORM

HTTP (SSL optional)

Application provides its own
custom login and error pages.

None, unless using SSL.

CLIENT-CERT

HTTPS (HTTP over SSL)

Server authenticates the client using
a public key certificate.

SSL

About Authentication and Authorization

Sun GlassFish Enterprise Server 2.1 Administration Guide • December 2008

102

Summary of Contents for Sun GlassFish Enterprise Server 2.1

Page 1: ...Sun GlassFish Enterprise Server 2 1 Administration Guide Sun Microsystems Inc 4150 Network Circle Santa Clara CA 95054 U S A Part No 820 4335 10 December 2008 ...

Page 2: ...a technologie incorporée dans le produit qui est décrit dans ce document En particulier et ce sans limitation ces droits de propriété intellectuelle peuvent inclure un ou plusieurs brevets américains ou des applications de brevet en attente aux Etats Unis et dans d autres pays Cette distribution peut comprendre des composants développés par des tierces personnes Certaines composants de ce produit ...

Page 3: ...s 27 Cluster 28 Node Agent 28 Server Instance 29 Basic Enterprise Server Commands 31 Creating a Domain 31 Deleting a Domain 32 Listing Domains 32 Starting the Domain 32 Starting the Default Domain on Windows 33 Stopping the Domain 33 Stopping the Default Domain on Windows 33 Restarting the Domain 33 Creating a Cluster 33 Starting a Cluster 34 Stopping a Cluster 34 Creating a Node Agent 34 Starting...

Page 4: ...ons for Specific JDBC Drivers 52 Java DB Type 4 Driver 53 Sun GlassFish JDBC Driver for DB2 Databases 54 Sun GlassFish JDBC Driver for Oracle 8 1 7 and 9 x Databases 54 Sun GlassFish JDBC Driver for Microsoft SQL Server Databases 55 Sun GlassFish JDBC Driver for Sybase Databases 55 IBM DB2 8 1 Type 2 Driver 56 JConnect Type 4 Driver for Sybase ASE 12 5 Databases 56 MySQL Type 4 Driver 57 Inet Orax...

Page 5: ... Properties 68 ManagedConnectionFactory Properties 71 Administered Object Resource Properties 72 Activation Spec Properties 72 5 Configuring JavaMail Resources 75 Creating a JavaMail Session 75 6 JNDI Resources 77 Java EE Naming Services 77 Naming References and Binding Information 78 Using Custom Resources 79 Using External JNDI Repositories and Resources 79 7 Connector Resources 81 An Overview o...

Page 6: ...r 94 The Web Container 95 The EJB Container 95 9 Configuring Security 97 Understanding Application and System Security 97 Tools for Managing Security 98 Managing Security of Passwords 99 Encrypting a Password in the domain xml File 99 Protecting Files with Encoded Passwords 100 Changing the Master Password 100 Working with the Master Password and Keystores 101 Changing the Admin Password 101 About...

Page 7: ...ting Certificates Using the pk12util Utility 118 Adding and Deleting PKCS11 Modules using modutil 119 Using Hardware Crypto Accelerator With Enterprise Server 120 About Configuring Hardware Crypto Accelerators 120 Configuring PKCS 11 Tokens 121 Managing Keys And Certificates 122 Configuring J2SE 5 0 PKCS 11 Providers 124 10 Configuring Message Security 127 Overview of Message Security 127 Understa...

Page 8: ...stic Service 141 What is the Diagnostic Framework 141 Diagnostic Service Framework 141 Generating a Diagnostic Report 142 12 Transactions 143 About Transactions 143 What is a Transaction 143 Transactions in Java EE Technology 144 Workarounds for Specific Databases 145 Admin Console Tasks for Transactions 145 Configuring Transactions 145 13 Configuring the HTTP Service 149 Virtual Servers 149 HTTP ...

Page 9: ...Object Request Broker 161 An Overview of the Object Request Broker 161 CORBA 161 What is the ORB 162 IIOP Listeners 162 Configuring the ORB 162 Managing IIOP Listeners 162 16 Thread Pools 163 Working with Thread Pools 164 17 Configuring Logging 165 About Logging 165 Log Records 165 The Logger Namespace Hierarchy 166 Configuring Logging 168 Configuring General Logging Settings 168 Configuring Log L...

Page 10: ...cting JConsole Securely to Application Server 212 19 Configuring Management Rules 215 About Management Rules 215 Configuring Management Rules 216 20 JavaVirtual Machine and Advanced Settings 219 Tuning the JVM Settings 219 Configuring Advanced Settings 220 A Automatically Restarting a Domain or Node Agent 221 Restarting Automatically on Solaris 10 221 Restarting Automatically Using inittab on Sola...

Page 11: ...43 HTTP and IIOP Listener Commands 243 Lifecycle and Audit Module Commands 243 Profiler and SSL Commands 244 JVM Options and Virtual Server Commands 244 Threadpool and Auth Realm Commands 245 Transaction and Timer Commands 245 Registry Commands 246 User Management Commands 246 Rules and Monitoring Commands 247 Database Commands 247 Diagnostic and Logging Commands 248 Web Service Commands 248 Secur...

Page 12: ...12 ...

Page 13: ...Figures FIGURE 1 1 Enterprise Server Instance 29 FIGURE 9 1 RoleMapping 105 13 ...

Page 14: ...14 ...

Page 15: ...ntainer Servlet Statistics 180 TABLE 18 8 Web Container Web Module Statistics 181 TABLE 18 9 HTTP Service Statistics Developer Profile 182 TABLE 18 10 JDBC Connection Pool Statistics 183 TABLE 18 11 Connector Connection Pool Statistics 184 TABLE 18 12 Connector Work Management Statistics 185 TABLE 18 13 Connection Manager in an ORB Statistics 185 TABLE 18 14 Thread Pool Statistics 186 TABLE 18 15 ...

Page 16: ...essage Queue Commands 240 TABLE C 7 Resource Management Commands 241 TABLE C 8 IIOP Listener Commands 243 TABLE C 9 Lifecycle Module Commands 244 TABLE C 10 Profiler and SSL Commands 244 TABLE C 11 JVM Options and Virtual Server Commands 245 TABLE C 12 Threadpool and Auth Realm Commands 245 TABLE C 13 TransactionCommands 246 TABLE C 14 TransactionCommands 246 TABLE C 15 User Management Commands 24...

Page 17: ...sion 173 EXAMPLE 18 3 HTTP Service Schematic Cluster and Enterprise Profile Version 174 EXAMPLE 18 4 ResourcesSchematic 174 EXAMPLE 18 5 Connector Service Schematic 174 EXAMPLE 18 6 JMS Service Schematic 175 EXAMPLE 18 7 ORBSchematic 175 EXAMPLE 18 8 Thread Pool Schematic 175 EXAMPLE C 1 Passwordfilecontents 233 17 ...

Page 18: ...18 ...

Page 19: ...and its components Application Deployment Guide Deployment of applications and application components to the Enterprise Server Includes information about deployment descriptors Developer s Guide Creating and implementing Java Platform Enterprise Edition Java EE platform applications intended to run on the Enterprise Server that follow the open Java standards model for Java EE components and APIs I...

Page 20: ... DefaultValue as install Represents the base installation directory for Enterprise Server SolarisTM and Linux installations non root user user s home directory SUNWappserver Solaris and Linux installations root user opt SUNWappserver Windows all installations SystemDrive Sun AppServer domain root dir Represents the directory containing all domains All installations as install domains domain dir Re...

Page 21: ... appear bold online Read Chapter 6 in the User s Guide A cache is a copy that is stored locally Do not save the file Symbol Conventions The following table explains symbols that might be used in this book TABLE P 4 SymbolConventions Symbol Description Example Meaning Contains optional arguments and command options ls l The l option is not required Contains a set of choices for a required command o...

Page 22: ...un does not endorse and is not responsible or liable for any content advertising products or other materials that are available on or through such sites or resources Sun will not be responsible or liable for any actual or alleged damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content goods or services that are available on or through such site...

Page 23: ...nterprise Server Overview and Concepts This section contains the following topics Enterprise Server Overview on page 23 Tools for Administration on page 24 Enterprise Server Overview You can configure and monitor Enterprise Server instances and clusters securely and remotely from a web based central administration console The command line interface CLI can be used to script and automate processes ...

Page 24: ...e you must know the administration server hostname and port number When the Enterprise Server was installed you chose a port number for the server or used the default port of 4848 You also specified a user name and master password To start the Admin Console in a web browser type http hostname port For example http kindness sun com 4848 If the Admin Console is running on the machine on which the En...

Page 25: ...dmin command at the shell s command prompt asadmin help To view a command s syntax and examples type help followed by the command name For example asadmin help create jdbc resource The asadmin help information for a given command displays the UNIX man page of the command These man pages are also available in HTML and PDF format in the Sun GlassFish Enterprise Server 2 1 Reference Manual JConsole J...

Page 26: ...anizations and administrators can share a single Enterprise Server installation Each domain has its own configuration log files and application deployment areas that are independent of other domains If the configuration is changed for one domain the configurations of other domains are not affected The Sun GlassFish Enterprise Server installer creates the default administrative domain named domain1...

Page 27: ...lity database HADB or the NSS keystore Enterprise Use this profile if you need HADB and NSS This profile is usable only if you install HADB and NSS separately or if you install Enterprise Server as part of enterprise offerings such as Java Enterprise System JES For information on how you can use the enterprise profile with Enterprise Server see Using the Enterprise Profile The domain provides a pr...

Page 28: ...The HTTP RMI IIOP and JMS load balancing systems distribute requests to healthy Enterprise Server instances in the cluster High Availability Availability allows for failover protection of Enterprise Server instances in a cluster If one application server instance goes down another Enterprise Server instance takes over the sessions that were assigned to the unavailable server Session information is...

Page 29: ...r The Sun GlassFish Enterprise Server creates one application server instance called server at the time of installation For many users one application server instance meets their needs However depending upon your environment you might want to create one or more additional application server instances For example in a development environment you can use different application server instances to tes...

Page 30: ... Default Port Number Description Administrative server 4848 A domain s administrative server is accessed by the Admin Console and the asadmin utility For the Admin Console specify the port number in the URL of the browser When executing an asadmin command remotely specify the port number with the port option HTTP 8080 The server listens for HTTP requests on a port To access deployed Web applicatio...

Page 31: ...istration Server on page 36 Creating a Domain Domains are created using the create domain command The following example command creates a domain named mydomain The administration server listens on port 5000 and the administrative user name is admin The command prompts for the administrative and master passwords asadmin create domain adminport 5000 adminuser admin mydomain To start the Admin Consol...

Page 32: ...mydomain Listing Domains The domains created on a machine can be found using the asadmin list domains command To list the domains in the default domain root dir directory type this command asadmin list domains To list domains that were created in other directories specify the domaindir option Starting the Domain When starting a domain the administration server and application server instance are s...

Page 33: ...dmin stop domain domain1 If there is only one domain then the domain name is optional For the full syntax type asadmin help stop domain Consult the Admin Console online help to stop the domain through the Admin Console Stopping the Default Domain onWindows From the Start menu select Programs Sun Microsystems Enterprise Server Stop Admin Server Restarting the Domain Restarting the server is the sam...

Page 34: ...instances in the cluster get stopped A cluster without instances cannot be stopped Creating a Node Agent A node agent is created using the create node agent command The following example creates node agent named mynodeagent The administration server host is myhost the administration server port is 1234 and the administrative username is admin The command normally prompts for the administrative pas...

Page 35: ...myhost the administrative port is 1234 the administrative username is admin The server instance myinstance can be clustered or standalone For the full syntax type asadmin help start instance Stopping an Instance A server instance is started using the stop instance command The following example stops the server instance named myinstance The command prompts for the administrative passwords asadmin s...

Page 36: ...rly restored on the third machine and there are no path conflicts a Install the application server administration package using the command line interactive mode To activate the interactive command line mode invoke the installation program using the console option bundle filename console You must have root permission to install using the command line interface b Deselect the option to install defa...

Page 37: ...e For example search for machine1 and replace it with machine3 So you can change jmx connector property name client hostname value machine1 to jmx connector property name client hostname value machine3 Change jms service host machine1 to jms service host machine3 Start the restored domain on machine3 asadmin start domain user admin user password admin password domain1 Change the DAS host values fo...

Page 38: ...38 ...

Page 39: ...ice providers service consumers or both For detailed information on managing the key components of the JBI runtime environment and their lifecycle states see the Admin Console Online Help For information about using the JBI commands see Sun GlassFish Enterprise Server 2 1 Reference Manual JBI Environment The key components of the JBI environment are covered in the following sections JBI Components...

Page 40: ...ng operations on the JBI components For detailed steps log on to the Admin Console navigate to the JBI node click Components and then click Online Help View JBI components by their specific lifestyle states Install JBI components Uninstall JBI components Manage the lifecycle states of the JBI Components View the general properties of a JBI Component View the configuration information for a JBI Com...

Page 41: ...le states of Service Assemblies When the Enterprise Server shuts down and then restarts Service Assemblies revert to their state at the time the Enterprise Server shut down Note The JBI runtime attempts to revert to the desired state of a Service Assembly For example suppose you tried to start a Service Assembly but it did not start due to an error in the Service Assembly If you restart the Applic...

Page 42: ...scriptors The descriptor file jbi xml for Service Assemblies JBI Components and Shared Libraries provides the following information Service Assemblies Lists the Service Units contained in the Service Assembly and the target for each Service Unit Some Service Units may also show information on connection endpoints JBI Components Lists the type of the JBI Component Binding Component or Service Engin...

Page 43: ...ypically the administrator creates a JDBC resource for each database accessed by the applications deployed in a domain However more than one JDBC resource can be created for a database To create a JDBC resource specify a unique JNDI name that identifies the resource See the section JNDI Names and Resources Expect to find the JNDI name of a JDBC resource in java comp env jdbc subcontext For example...

Page 44: ...onnection is returned to the pool The properties of connection pools can vary with different database vendors Some common properties are the database s name URL user name and password See Also JDBC Resources on page 43 How JDBC Resources and Connection Pools Work Together on page 44 Editing a JDBC Connection Pool on page 48 How JDBC Resources and Connection PoolsWorkTogether To store organize and ...

Page 45: ... Up Database Access To setup a database access 1 Install a supported database product For a list of database products supported by the Enterprise Server see the Release Notes 2 Install a JDBC driver for the database product 3 Make the driver s JAR file accessible to the domain s server instance 4 Create the database Usually the application provider delivers scripts for creating and populating the ...

Page 46: ...le for creating the JDBC connection pool Creating a JDBC Connection Pool and JDBC Resource Using the Admin Console Copy the JDBC driver for database connectivity to as install domains domain_name lib ext Alternatively add the path to the JDBC driver to classpath prefix and restart the server In the Admin Console click Create JDBC Connection Pool in the CommonTasks page Provide a name for the conne...

Page 47: ...the connection settings are correct by pinging the connection pool using the asadmin ping connection pool command asadmin ping connection pool myjdbc_oracle pool To edit JDBC connection pool properties use the asadmin list get and set commands Sample list command to list a JDBC connection pool asadmin list myjdbc_oracle pool The sample output of this command domain resources jdbc connection pool o...

Page 48: ...e connection it is returned to the pool Parameter Description Initial and Minimum Pool Size The minimum number of connections in the pool This value also determines the number of connections placed in the pool when the pool is first created Maximum Pool Size The maximum number of connections in the pool Pool Resize Quantity When the pool scales up and scales down towards the maximum and minimum po...

Page 49: ... these calls they do not always provide reliable validations Check with the driver vendor to determine whether these calls are cached or not table The application queries a database table that are specified The table must exist and be accessible but it doesn t require any rows Do not use an existing table that has a large number of rows or a table that is already frequently accessed Table Name If ...

Page 50: ...rd Because the properties vary with database vendor consult the vendor s documentation for details Editing JDBC Connection Pool Advanced Attributes To help diagnose connection leaks and improve ease of use Application Server 9 1 provides several new attributes to configure a connection pool at the time of its creation 1 Open the Advanced tab and specify the following attributes Attribute Descripti...

Page 51: ...on The default value of 0 implies that no attempts will be made to create the connection again Retry Interval Specify the interval in seconds between two attempts to create a connection The default value is 10 seconds This attribute is used only if the value of Creation Retry Attempts is greater than 0 Lazy Connection Enlistment Enable this option to enlist a resource to the transaction only when ...

Page 52: ...ge 54 Sun GlassFish JDBC Driver for Microsoft SQL Server Databases on page 55 Sun GlassFish JDBC Driver for Sybase Databases on page 55 IBM DB2 8 1 Type 2 Driver on page 56 JConnect Type 4 Driver for Sybase ASE 12 5 Databases on page 56 MySQL Type 4 Driver on page 57 Other JDBC drivers can be used with Enterprise Server but Java EE compliance tests have not been completed with these drivers Althou...

Page 53: ...Resource Type Specify the appropriate value Database Vendor Java DB DataSource Classname Specify one of the following org apache derby jdbc ClientDataSource org apache derby jdbc ClientXADataSource Properties user Specify the database user This is only necessary if Java DB is configured to use authentication Java DB does not use authentication by default When the user is provided it is the name of...

Page 54: ...portNumber databaseName databaseName Sun GlassFish JDBC Driver for Oracle 8 1 7 and 9 x Databases The JAR files for this driver are smbase jar smoracle jar and smutil jar Configure the connection pool using the following settings Name Use this name when you configure the JDBC resource later Resource Type Specify the appropriate value Database Vendor Oracle DataSource Classname com sun sql jdbcx or...

Page 55: ...te selectMethod Set to cursor URL jdbc sun sqlserver serverName portNumber Sun GlassFish JDBC Driver for Sybase Databases The JAR files for this driver are smbase jar smsybase jar and smutil jar Configure the connection pool using the following settings Name Use this name when you configure the JDBC resource later Resource Type Specify the appropriate value Database Vendor Sybase DataSource Classn...

Page 56: ...assword Set as appropriate databaseName Set as appropriate driverType Set to 2 deferPrepares Set to false JConnectType 4 Driver for Sybase ASE 12 5 Databases The JAR file for the Sybase driver is jconn2 jar Configure the connection pool using the following settings Name Use this name when you configure the JDBC resource later Resource Type Specify the appropriate value Database Vendor Sybase DataS...

Page 57: ...om mysql jdbc jdbc2 optional MysqlDataSource Properties serverName Specify the host name or IP address of the database server port Specify the port number of the database server user Set as appropriate password Set as appropriate databaseName Set as appropriate URL If you are using global transactions you can set this property instead of serverName port and databaseName jdbc mysql host port databa...

Page 58: ...to true xa driver does not support non tx operations Set to the value true Optional only needed if both non XA and XA connections are retrieved from the same connection pool Might degrade performance As an alternative to setting this property you can create two connection pools one for non XA connections and one for XA connections Inet Merlia JDBC Driver for Microsoft SQL Server Databases The JAR ...

Page 59: ...e databaseName Set as appropriate Do not specify the complete URL only the database name OracleThinType 4 Driver for Oracle 8 1 7 and 9 x Databases The JAR file for the Oracle driver is ojdbc14 jar Configure the connection pool using the following settings Name Use this name when you configure the JDBC resource later Resource Type Specify the appropriate value Database Vendor Oracle DataSource Cla...

Page 60: ...e the OCI driver JDBC type 2 OCI OracleType 2 Driver for Oracle 8 1 7 and 9 x Databases The JAR file for the OCI Oracle driver is ojdbc14 jar Make sure that the shared library is available through LD_LIBRARY_PATH and that the ORACLE_HOME property is set Configure the connection pool using the following settings Name Use this name when you configure the JDBC resource later Resource Type Specify the...

Page 61: ...ataSource Properties serverName Specify the Informix database server name portNumber Specify the port number of the database server user Set as appropriate password Set as appropriate databaseName Set as appropriate This is optional IfxIFXHost Specify the host name or IP address of the database server CloudScape 5 1Type 4 Driver The JAR files for the CloudScape driver are db2j jar db2jtools jar db...

Page 62: ...62 ...

Page 63: ...ies objects that allow an application to create other JMS objects programmatically Destinations which serve as the repositories for messages These objects are created administratively and how they are created is specific to each implementation of JMS In the Enterprise Server perform the following tasks Create a connection factory by creating a connection factory resource Create a destination by cr...

Page 64: ...nation ref element In addition specify it in the message destination element The message destination ref element replaces the resource env ref element which is deprecated in new applications In the message destination element of an Enterprise Server deployment descriptor link the physical destination name with the destination resource name The Relationship Between JMS Resources and Connector Resou...

Page 65: ...ext prefix jms for JMS resources For example jms Queue The resource type which can be javax jms Topic or javax jms Queue Additional properties for the destination resource For more details about all these settings and the additional properties refer to the Admin Console Online Help To manage JMS destinations using the command line utility use create jms resource or delete jms resource command Tip ...

Page 66: ...interval which indicates the time that Enterprise Server waits for the JMS service to start before aborting the startup Select JMS Service type which decides whether you manage a JMS Service on a local or a remote host Specify Start Arguments to customize the JMS service startup Select Reconnect checkbox to specify whether the JMS service attempts to reconnect to a message server or the list of ad...

Page 67: ...us integrate any JMS provider with a Java EE application server The adapter is a rar archive that can be deployed and configured using a Enterprise Server administration tools Configuring the Generic Resource Adapter for JMS Enterprise Server s administration tools can be used to deploy and configure the generic resource adapter for JMS This section explains how to configure Generic Resource Adapt...

Page 68: ...sion javax resource spi security PasswordCredential read Resource Adapter Properties The following table presents the properties to be used while creating the resource adapter PropertyName ValidValues DefaultValue Description ProviderIntegration Mode javabean jndi javabean Decides the mode of integration between the resource adapter and the JMS client ConnectionFactory ClassName Name of the class ...

Page 69: ...XATopicConnection FactoryClassName Name of the class available in application server classpath for example com sun messaging XATopicConnectionFactory None Class name of javax jms XATopicConnectionFactory implementation of the JMS client Used if ProviderIntegrationMode is javabean TopicClassName Name of the class available in application server classpath for example com sun messaging Topic None Cla...

Page 70: ...ies the common setter method name that some JMS vendors use to set the properties on their administered objects Used only if ProviderIntegrationMode is javabean In the case of Sun Java System Message Queue this property is named setProperty UserName Name of the JMS user None User name to connect to the JMS Provider Password Password for the JMS user None Password to connect to the JMS provider For...

Page 71: ...rely on a resource manager per physical connection and this causes issues when there is inbound and outbound communication to the same queue manager in a single transaction for example when an MDB sends a response to a destination When RMPolicy is set to OnePerPhysicalConnection the XAResource wrapper implementation s isSameRM in Generic Resource Adapter would check if both the XAResources use the...

Page 72: ...dden in an administered resource object Additional properties available only in the administered object resource are given below PropertyName ValidValue DefaultValue Description DestinationJndiName JNDI Name None JNDI name of the destination bound in the JNDI tree of the JMS provider The Administrator should provide all properties in the JMS provider itself This property name will be used only if ...

Page 73: ...ID A valid client ID None ClientID as specified by JMS 1 1 specification ConnectionFactory JndiName A valid JNDI Name None JNDI name of connection factory created in JMS provider This connection factory will be used by resource adapter to create a connection to receive messages Used only if ProviderIntegrationMode is configured as jndi DestinationJndiName A valid JNDI Name None JNDI name of destin...

Page 74: ...n created in the JMS provider This is the target destination for dead messages This is used only if ProviderIntegrationMode is jndi DeadMessage Destination ClassName class name of destination object None Used if ProviderIntegrationMode is javabean DeadMessage Destination Properties Name Value Pairs separated by comma None Specifies the javabean property names and values of the destination of the J...

Page 75: ...platform The Enterprise Server includes the JavaMail API along with JavaMail service providers that allow an application component to send email notifications over the Internet and to read email from IMAP and POP3 mail servers To learn more about the JavaMail API consult the JavaMail web site at http java sun com products javamail This section contains the following topic Creating a JavaMail Sessi...

Page 76: ... has been re configured to use a non default store or transport protocol Store Protocol Defines the Store object communication method to be used By default the Store Protocol is imap Store Protocol Class Provides the Store communication method class that implements the desired Store protocol By default the Store Protocol Class is com sun mail imap IMAPStore Transport Protocol Identifies the transp...

Page 77: ...me object binding is entered into the JNDI This section covers the following topics Java EE Naming Services on page 77 Naming References and Binding Information on page 78 Using Custom Resources on page 79 Using External JNDI Repositories and Resources on page 79 Java EE Naming Services A JNDI name is a people friendly name for an object These names are bound to their objects by the naming and dir...

Page 78: ... instances at runtime The application component s instances use the JNDI interfaces to obtain the values of the environment entries Each application component defines its own set of environment entries All instances of an application component within the same container share the same environment entries Application component instances are not allowed to modify the environment at runtime Naming Ref...

Page 79: ...se resources Within the Enterprise Server you can create delete and list resources as well as list jndi entities Using External JNDI Repositories and Resources Often applications running on the Enterprise Server require access to resources stored in an external JNDI repository For example generic Java objects could be stored in an LDAP server as per the Java schema External JNDI resource elements ...

Page 80: ...com sun jndi ldap LdapCtxFactory property name PROVIDER URL value ldap ldapserver 389 o myObjects property name SECURITY_AUTHENTICATION value simple property name SECURITY_PRINCIPAL value cn joeSmith o Engineering property name SECURITY_CREDENTIALS value changeit external jndi resource resources Using External JNDI Repositories and Resources Sun GlassFish Enterprise Server 2 1 Administration Guide...

Page 81: ...install a connector module you deploy it A connector connection pool is a group of reusable connections for a particular EIS To create a connector connection pool specify the connector module resource adapter that is associated with the pool A connector resource is a program object that provides an application with a connection to an EIS To create a connector resource specify its JNDI name and its...

Page 82: ...e field enter a logical name for the pool Specify this name when creating a connector resource b Select an entry from the Resource Adapter combo box The combo box displays a list of deployed resource adapters connector modules Select a value from the Connection Definition combo box The choices in the combo box depend on the resource adapter you selected The Connection Definition attribute identifi...

Page 83: ...ained in the following table Parameter Description Initial and Minimum Pool Size The minimum number of connections in the pool This value also determines the number of connections placed in the pool when the pool is first created or when application server starts Maximum Pool Size The maximum number of connections in the pool Pool Resize Quantity When the pool scales up and scales down towards the...

Page 84: ...ce manager local or JTA transactions and does not implement XAResource or LocalTransaction interfaces For JAXR resource adapters you need to choose None from the Transaction Support menu JAXR resource adapters do not support local or JTA transactions Local transaction support means that the resource adapter supports local transactions by implementing the LocalTransaction interface Local transactio...

Page 85: ...lp reduce the number of validation requests by a connection The default value 0 implies that connection validation is not enabled Leak Timeout Amount of time in seconds to trace connection leaks in a connection pool The default value 0 means that connection leak tracing is disabled If connection leak tracing is enabled you can get statistics on the number of connection leaks in the Monitoring Reso...

Page 86: ...nection Usage Specify the number of times a connection should be reused by the pool Once a connection is reused for the specified number of times it will be closed This is useful for instance to avoid statement leaks The default value of 0 implies that this attribute is not enabled Click Save for the changes to take effect Click Load Defaults if you want to restore the default values of all the se...

Page 87: ...ool page click the Security Maps tabbed pane Click New to create a new security map In the New Security Map page provide a name for the security map a user name and password Click OK To Edit Security Maps for Connector Connection Pools In the Edit Connector Connection Pool page click the Security Maps tabbed pane From the list of security maps click the name of the security map that you want to ed...

Page 88: ...ating a connector resource first create a connector connection pool In the tree component expand the Resources node and then the Connectors node Expand the Connector Resources node On the Connector Resources page click New On the Create Connector Resources page specify the resource s settings a In the JNDI Name field type a unique name for example eis myERP b From the Pool Name combo box choose th...

Page 89: ...and then the Connectors node Expand the Connector Resources node Select the node for the connector resource that you want to edit On the Edit Connector Resources page you can change the settings of this connection Do one of the following If you are using the cluster profile or enterprise profile you will see theTargets tabbed pane On theTargets tabbed pane you can enable or disable the connector r...

Page 90: ...Adapter stop method of the connector module s instance to complete Resource adapters that take longer than the specified shutdown timeout are ignored by the application server and the shutdown procedure continues The default shutdown timeout is 30 seconds Click Load Defaults to select the default shutdown timeout for the resource adapters deployed to this cluster or server instance Managing Admini...

Page 91: ...by using resource adapter For each JMS destination created the Enterprise Server automatically creates an administered object resource In the tree component expand the Resources node and then the Connectors node Expand the Admin Object Resources node On the Admin Object Resources page click New On the Admin Object Resources page specify the following settings a In the JNDI Name field type a unique...

Page 92: ...ofile on theTargets tabbed pane edit the targets on which the administered object is deployed by clicking ManageTargets Click Save to apply the edits To Delete an Administered Object Resource In the tree component expand the Resources node and then the Connectors node Select the Administered Object Resources node On the Administered Object Resources page select the checkbox for the resource to be ...

Page 93: ...page 95 The EJB Container on page 95 The SIP Servlet Container Enterprise Server provides the SIP Servlet container that hosts SIP compliant applications Features of this container include the following Provides a network end point to listen to SIP requests Provides an environment to host and manage the lifecycle of SIP Servlets Decides what applications to host in which order Supports the Secure ...

Page 94: ...view the attributes of the SIP container use the following command get server sip container Editing SIP Container General Attributes To view the attributes of the SIP container use the following command get server sip container External Address SIP Port Secure SIP Port To get the attributes of the SIP container use the get and set commands get server sip container external sip port set server sip ...

Page 95: ...web applications The web container extends the web server functionality by providing developers the environment to run servlets and JavaServer Pages JSP files The EJB Container Enterprise beans EJB components are Java programming language server components that contain business logic The EJB container provides local and remote access to enterprise beans There are three types of enterprise beans se...

Page 96: ...96 ...

Page 97: ...ds on page 99 About Authentication and Authorization on page 102 Understanding Users Groups Roles and Realms on page 104 Introduction to Certificates and SSL on page 108 About Firewalls on page 111 About Certificate Files on page 111 Using Java Secure Socket Extension JSSE Tools on page 112 Using Network Security Services NSS Tools on page 116 Using Hardware Crypto Accelerator With Enterprise Serv...

Page 98: ...line tool that performs many of the same tasks as the Admin Console You may be able to do some things with asadmin that you cannot do with Admin Console You perform asadmin commands from either a command prompt or from a script to automate repetitive tasks For a general introduction to asadmin see Tools for Administration on page 24 The Java Platform Standard Edition Java SE provides two tools for...

Page 99: ...ase password Instructions for managing the security passwords is included in the following topics Encrypting a Password in the domain xml File on page 99 Protecting Files with Encoded Passwords on page 100 Changing the Master Password on page 100 Working with the Master Password and Keystores on page 101 Changing the Admin Password on page 101 Encrypting a Password in the domain xml File To encryp...

Page 100: ...r the network This password is the central point for overall security the user can choose to enter it manually when required or obscure it in a file It is the most sensitive piece of data in the system The user can force prompting for the master password by removing this file When the master password is changed it is re saved in the master password keystore which is a Java JCEKS type keystore To c...

Page 101: ...gent synchronizes the data with domain While doing so the keystore is also synchronized Any server instance controlled by this node agent needs to open the keystore Since the store is essentially identical to the store that was created by the domain creation process it can only be opened by an identical master password But the master password itself is never synchronized meaning it is not transmit...

Page 102: ...to authenticate themselves too When authentication is bidirectional it is called mutual authentication When an entity tries to access a protected resource the Enterprise Server uses the authentication mechanism configured for that resource to determine whether to grant access For example a user can enter a user name and password in a Web browser and if the application verifies those credentials th...

Page 103: ... but allow employees to view only their own personal information For more on roles see Understanding Users Groups Roles and Realms on page 104 Specifying JACC Providers JACC Java Authorization Contract for Containers is part of the Java EE specification that defines an interface for pluggable authorization providers This enables the administrator to set up third party plug in modules to perform au...

Page 104: ...nterprise Server or for specific applications or methods Configuring message security at the Enterprise Server level is discussed in Chapter 10 Configuring Message Security Configuring message security at the application level is discussed in the Developer s Guide Understanding Users Groups Roles and Realms The Enterprise Server enforces its authentication and authorization policies upon the follo...

Page 105: ... A user can be associated with a group The Enterprise Server authentication service can govern users in multiple realms Groups A Java EE group or simply group is a category of users classified by common traits such as job title or customer profile For example users of an e commerce application might belong to the customer group but the big spenders would belong to the preferred group Categorizing ...

Page 106: ...configured with three realms file the initial default realm certificate and admin realm It is possible to also set up ldap JDBC solaris or custom realms Applications can specify the realm to use in their deployment descriptor If they do not specify a realm the Enterprise Server uses its default realm In the file realm the server stores user credentials locally in a file named keyfile You can use t...

Page 107: ... passwords as clear text is not supported in the JDBC realm Under normal circumstances passwords should not be stored as clear text Create the database tables in which to store the users credentials for the realm How to create the database tables depends on the database that you are using Add the users credentials to the database tables that you created in Step 1 How to add users credentials to th...

Page 108: ...r more information on SSL see About Secure Sockets Layer on page 109 Certificates are based on public key cryptography which uses pairs of digital keys very long numbers to encrypt or encode information so it can be read only by its intended recipient The recipient then decrypts decodes the information to read it A key pair contains a public key and a private key The owner distributes the public k...

Page 109: ...ner sends a certificate signing request CSR to a CA then imports the response the self signed certificate is replaced by a chain of certificates At the bottom of the chain is the certificate reply issued by the CA authenticating the subject s public key The next certificate in the chain is one that authenticates the CA s public key Usually this is a self signed certificate that is a certificate fr...

Page 110: ...rprise Server must have a certificate for each external interface or IP address that accepts secure connections The HTTPS service of most Web servers will not run unless a digital certificate has been installed Use the procedure described in Generating a Certificate Using the keytool Utility on page 114 to set up a digital certificate that your Web server can use for SSL About Ciphers A cipher is ...

Page 111: ...f direct Remote Method Invocations over Internet Inter ORB Protocol RMI IIOP access from the Internet to EJB modules are required open the RMI IIOP listener port as well but this is strongly discouraged because it creates security risks In double firewall architecture you must configure the outer firewall to allow for HTTP and HTTPS transactions You must configure the inner firewall to allow the H...

Page 112: ... aas instanceRoot NSS database directory where NSS database directory is the location of the NSS database Using Java Secure Socket Extension JSSE Tools Use keytool to set up and work with JSSE Java Secure Socket Extension digital certificates In the Developer Profile the Enterprise Server uses the JSSE format on the server side to manage certificates and key stores In all the profiles the client s...

Page 113: ...eytool list v alias cert alias keystore keystore file storepass keystore pass Import an RFC text formatted certificate into a JKS store Certificates are often stored using the printable encoding format defined by the Internet RFC Request for Comments 1421 standard instead of their binary encoding This certificate format also known as Base 64 encoding facilitates exporting certificates to other app...

Page 114: ...ass changeit keystore keystore jks Use any unique name as your keyAlias If you have changed the keystore or private key password from their default then substitute the new password for changeit in the above command The default key password alias is s1as A prompt appears that asks for your name organization and other information that keytool uses to generate the certificate 3 Enter the following ke...

Page 115: ...btaining a CA certificate and use a self signed certificate 1 Follow the instructions on the CA s Web site for generating certificate key pairs 2 Download the generated certificate key pair Save the certificate in the directory containing the keystore and truststore files by default domain dir config directory See Changing the Location of Certificate Files on page 112 3 In your shell change to the...

Page 116: ... secmod db files or within hardware tokens Some examples using the modutil utility are shown in Adding and Deleting PKCS11 Modules using modutil on page 119 The tools are located in the as install lib directory The following environment variables are used to point to the location of the NSS security tools LD_LIBRARY_PATH as install lib os nss path In the examples the certificate common name CN is ...

Page 117: ...util html Each of the items in the list below gives an example using NSS and JSSE security tools to create and or manage certificates Generate a self signed server and client certificate In this example the CN must be of the form hostname domain com org net In this example domain dir config The serverseed txt and clientseed txt files can contain any random text This random text will be used for ge...

Page 118: ...he certificate key databases and files in PKCS12 format is pk12util PKCS12 is Public Key Cryptography Standards PKCS 12 Personal Information Exchange Syntax Standard More description of the pk12util utility can be read at http www mozilla org projects security pki nss tools pk12util html Import a PKCS12 formatted certificate into an NSS certificate database pk12util i cert pkcs12 file k certdb pas...

Page 119: ...ace Standard module information within secmod db files or within hardware tokens You can use the tool to add and delete PKCS 11 modules change passwords set defaults list module contents enable or disable slots enable or disable FIPS 140 1 compliance and assign default providers for cryptographic operations This tool can also create key3 db cert7 db and secmod db security database files For more i...

Page 120: ... 0 PKCS 11 Providers on page 124 About Configuring Hardware Crypto Accelerators Sun GlassFish Enterprise Server has been tested with Sun Crypto Accelerator 1000 SCA 1000 and SCA 4000 Enterprise Server can communicate with PKCS 11 tokens Packaged with Enterprise Server are an NSS PKCS 11 token library for the NSS Internal PKCS 11 Module commonly known as the NSS soft token and NSS command line mana...

Page 121: ...r DAS For example to configure a hardware accelerator token enter the following all on one line modutil dbdir AS_NSS_DB nocertdb force add Sun Crypto Accelerator libfile opt SUNWconn crypto lib libpkcs11 so mechanisms RSA DSA RC4 DES The hardware accelerator in this example is a SCA 1000 cryptographic accelerator The corresponding PKCS 11 library by default is located in opt SUNWconn crypto lib li...

Page 122: ...util For details on certutil and pk12util see Using Network Security Services NSS Tools on page 116 and documentation on the NSS Security Tools site at http www mozilla org projects security pki nss tools Note By configuring a PKCS 11 provider in the java security properties file located in the JAVA_HOME jre lib security directory of the Java runtime you can also use the J2SE keytool utility to ma...

Page 123: ... the J2SE java security KeyStore API which contains only one level of trust the NSS technology contains several levels of trust Enterprise Server is primarily interested in the first trust attribute which describes how this token uses SSL For this attribute T indicates that the Certificate Authority CA is trusted for issuing client certificates u indicates that you can use the certificates and key...

Page 124: ... generated for each PKCS 11 token Configuration for the default NSS soft token name internal library com sun enterprise nss softokenLib nssArgs configdir com sun appserv nss db certPrefix keyPrefix secmod secmod db slot 2 omitInitialize true Configuration for the SCA 1000 hardware accelerator name HW1000 library opt SUNWconn crypto lib libpkcs11 so slotListIndex 0 omitInitialize true These configu...

Page 125: ...guration For a list of valid mechanisms in NSS see the modutil documentation on the NSS Security Tools site at http www mozilla org projects security pki nss tools 3 Update the server with this change by adding a property in the appropriate location as follows lt property name mytoken value InstallDir mypkcs11 cfg The location for the property could be one of the following If the provider is for a...

Page 126: ...126 ...

Page 127: ...ers from transport layer security which is discussed in the Security chapter of the Java EE 5 0 Tutorial in that message security can be used to decouple message protection from message transport so that messages remain protected after transmission Web Services Security SOAP Message Security WS Security is an international standard for interoperable Web Services Security that was developed in OASI...

Page 128: ...esponsibilities of the various roles are defined in the following sections System Administrator on page 128 Application Deployer on page 129 Application Developer on page 129 System Administrator The system administrator is responsible for Configuring message security providers on the Enterprise Server Managing user databases Managing keystore and truststore files Configuring a Java Cryptography E...

Page 129: ...ed at application assembly which may be accomplished by communicating with the Application Deployer About SecurityTokens and Security Mechanisms The WS Security specification provides an extensible mechanism for using security tokens to authenticate and encrypt SOAP web services messages The SOAP layer message security providers installed with the Enterprise Server may be used to employ username p...

Page 130: ...sponse message processing and are expressed in terms of requirements for source and or recipient authentication A source authentication policy represents a requirement that the identity of the entity that sent a message or that defined the content of a message be established in the message such that it can be authenticated by the message receiver A recipient authentication policy represents a requ...

Page 131: ... A server side provider establishes its container as an authorized recipient of a received request by successfully decrypting it and validates passwords or signatures in the request to authenticate the source identity associated with the request A server side provider also establishes by signature or username password the source identity of response messages and or protects by encryption response ...

Page 132: ...ssage protection policy that if bound to a container or to an application or client in a container would cause the source of the content in all request and response messages to be authenticated by XML digital signature The administrative interfaces of the Enterprise Server can be employed to bind the existing providers for use by the server side containers of the Enterprise Server to modify the me...

Page 133: ...fines a single operation sayHello which takes a string argument and returns a String composed by pre pending Hello to the invocation argument The xms sample application is provided to demonstrate the use of the Enterprise Server s WS Security functionality to secure an existing web services application The instructions which accompany the sample describe how to enable the WS Security functionality...

Page 134: ...hat contains a wsse UsernameToken with password and an xenc EncryptedKey The xenc EncryptedKey contains the key used to encrypt the SOAP message body The key is encrypted in the public key of the recipient auth source content auth recipient before content The content of the SOAP message Body is encrypted and replaced with the resulting xend EncryptedData The xenc EncryptedData is signed The messag...

Page 135: ... Configuring a JCE provider is discussed in Configuring a JCE Provider on page 135 3 If using a username token configure a user database if necessary When using a username password token an appropriate realm must be configured and an appropriate user database must be configured for the realm 4 Manage certificates and private keys if necessary AfterYou Finish Once the facilities of the Enterprise S...

Page 136: ...rovider class name In this example n is the order of preference to be used by the Enterprise Server when evaluating security providers Set n to 2 for the JCE provider you ve just added For example if you ve downloaded The Legion of the Bouncy Castle JCE provider you would add this line security provider 2 org bouncycastle jce provider BouncyCastleProvider Make sure that the Sun security provider r...

Page 137: ...n Clients on page 139 Setting the Request and Response Policy for the Application Client Configuration on page 139 Further Information on page 140 In most cases it will be necessary to restart the Enterprise Server after performing the administrative operations listed above This is especially the case if you want the effects of the administrative change to be applied to applications that were alre...

Page 138: ...ort admin port server config security service message security config SOAP provider config ClientProvider request policy auth_source sender content Add a request policy to the server and set the authentication source asadmin set user admin user port admin port server config security service message security config SOAP provider config ServerProvider request policy auth_source sender content Add a ...

Page 139: ...and response processing performed by the authentication provider Policies are expressed in message sender order such that a requirement that encryption occur after content would mean that the message receiver would expect to decrypt the message before validating the signature To achieve message security the request and response policies must be enabled on both the server and client When configurin...

Page 140: ...g the results of various combinations of these values can be found in Actions of Request and Response Policy Configurations on page 134 To not specify a request or response policy leave the element blank for example response policy Further Information The Java 2 Standard Edition discussion of security can be viewed from http java sun com j2se 1 4 2 docs guide security index html The Java EE 5 0 Tu...

Page 141: ...eports configuration details for the application server instances It is useful for diagnosing application server problems such as exceptions performance issues and other unexpected results From within the Admin Console Diagnostic Service you can Compute Checksum Collects checksum for selective Application Server binary files under appserver_install_dir lib appserver_install_dir etc and appserver_i...

Page 142: ...ment descriptors such as ejb jar xml sun ejb jar xml web xml sun web xml and sun sip xml Log Level Log Entries The number of log entries to be included in the generated diagnostic report Generating a Diagnostic Report Generating a diagnostic report is based on the preferences you set in the Application Server Diagnostic tab in the Administration Console Confidential data appears in the generated r...

Page 143: ...sfer funds from a checking account to a savings account is a transaction with the following steps 1 Check to see if the checking account has enough money to cover the transfer 2 If there s enough money in the checking account debit the amount from the checking account 3 Credit the money to the savings account 4 Record the transfer to the checking account log 5 Record the transfer to the savings ac...

Page 144: ...ipates in distributed transactions by implementing a transaction resource interface used by the transaction manager to communicate transaction association transaction completion and recovery work An example of such a resource manager is a relational database server A Resource Adapter is a system level software library that is used by the application server or client to connect to a Resource Manage...

Page 145: ...e Enterprise Server handles transactions based on the settings in the Admin Console ConfiguringTransactions This section explains how to configure transaction settings To configure how the Enterprise Server recovers from transactions on page 145 To set a transaction timeout value on page 146 To set the location of the transaction logs on page 147 To set the keypoint interval on page 148 For additi...

Page 146: ...d The default value is 10 minutes 600 seconds Set the policy for unreachable servers in a transaction in the Heuristic Decision field Unless there is a good reason to set this field to Commit leave Heuristic Decision set to Rollback Committing indeterminate transactions can compromise the data integrity of your application Set any needed properties Click the Add Properties button type values in th...

Page 147: ...e tx subdirectory of the directory specified by the Transaction Log Location field These logs are not human readable In the tree component select the Configurations node Select the instance to configure To configure a particular instance select the instance s config node For example the default instance server select the server config node To configure the default settings for all instances select...

Page 148: ...ut slightly reduced performance due to the greater frequency of keypoint operations In the tree component select the Configurations node Select the instance to configure To configure a particular instance select the instance s config node For example the default instance server select the server config node To configure the default settings for all instances select the default config node Select t...

Page 149: ...er to host multiple Internet domain names All virtual servers hosted on the same physical server share the Internet Protocol IP address of that physical server A virtual server associates a domain name for a server such as www aaa com with the particular server on which the Enterprise Server is running Note Do not confuse an Internet domain with the administrative domain of the Enterprise Server F...

Page 150: ...of web services in a non production environment server is often the only virtual server required In a production environment additional virtual servers provide hosting facilities for users and customers so that each appears to have its own web server even though there is only one physical server HTTP Listeners Each virtual server provides connections between the server and clients through one or m...

Page 151: ...t URLs whose host component does not match any of the virtual servers that are associated with the HTTP listener a virtual server is associated with an HTTP listener by listing the HTTP listener in its http listeners attribute In addition specify the number of acceptor threads in the HTTP listener Acceptor threads are threads that wait for connections The threads accept connections and put them in...

Page 152: ...access a resource that no longer exists at the specified URL that is the resource has moved to another location the server redirects the client to the new location instead of returning a 404 by returning a designated response code and including the new location in the response s Location header If a client tries to access a resource that is protected for example SSL on the regular HTTP port the se...

Page 153: ...ins the following topics Overview of Web Services on page 153 Deploying and Testing Web Services on page 155 Using Web Services Registries on page 156 Transforming Messages with XSLT Filters on page 158 Monitoring Web Services on page 158 Overview ofWeb Services A web service is an application accessed by clients using XML based protocols such as Simple Object Access Protocol SOAP sent over intern...

Page 154: ...and requestors to find services Once a requestor finds a service the registry has no more role to play between the requestor and the provider Web Services Description Language WSDL defines a standard way to specify the details of a web service It is a general purpose XML schema that can specifies details of web service interfaces bindings and other deployment details By having such a standard way ...

Page 155: ...straction for handling SOAP messages with attachments Advanced developers can use SAAJ to have their applications operate directly with SOAP messages Attachments may be complete XML documents XML fragments or MIME type attachments In addition SAAJ allows developers to enable support for other MIME types JAX technologies such as JAX RPC internally use SAAJ to hide SOAP complexities from developers ...

Page 156: ...yment Descriptors TestingWeb Services Admin Console enables you to test web services and diagnose problems You can ping a deployed web service with a generic test Servlet SOAP messages are displayed for each method invocation To test a web service with Admin Console select Applications Web Services web service name General then click the Test button Web Services Security Support for SOAP message l...

Page 157: ...apter Create a connector resource using this connection pool Publishing aWeb Service to a Registry To publish a web service with Admin Console select Applications Web Services web service name Publish In the Publish Web Service screen select one or more registries to which you want to publish the web service then click Publish To publish to all the available registries click the Add All button Ent...

Page 158: ...ich they are added To enable a transformation rule in the Transformation Rules page select the check box corresponding to the rule then click Enable To disable the a rule click Disable To remove a transformation rule in the Transformation Rules page select the check box corresponding to the rule then click Remove This removes the transformation rule from the list If this transformation rule is app...

Page 159: ...number of authorization success MonitoringWeb Service Messages You can also configure a web service to view messages default is 25 for a web service endpoint These messages are stored in the memory of remote server instances Details of SOAP request response and HTTP header information are displayed Monitor web service messages at Applications Web Services web service name Monitor Messages When ena...

Page 160: ...160 ...

Page 161: ...e protocols are those defined by CORBA The CORBA Common Object Request Broker Architecture model is based on clients requesting services from distributed objects or servers through a well defined interface by issuing requests to the objects in the form of remote method requests A remote method request carries information about the operation that needs to be performed including the object name call...

Page 162: ...s EJB modules communicate with the Enterprise Server via RMI IIOP IIOP Listeners An IIOP listener is a listen socket that accepts incoming connections from the remote clients of enterprise beans and from other CORBA based clients Multiple IIOP listeners can be configured for the Enterprise Server For each listener specify a port number a network address and optionally security attributes Configuri...

Page 163: ...ce is free before allowing the request to use that resource Specify the minimum and maximum number of threads that are reserved for requests from applications The thread pool is dynamically adjusted between these two values The minimum thread pool size that is specified signals the server to allocate at least that many threads in reserve for application requests That number is increased up to the ...

Page 164: ...e serviced by this thread pool in the Number of Work Queues field Restart the Enterprise Server For more details on creating thread pools click Help in the Admin Console You can also create a thread pool from the command line by using the asadmin command create threadpool To edit a settings for a thread pool using the Admin Console go to Configuration Thread Pools Current Pools and select the pool...

Page 165: ...ain dir logs server log When a log is rotated Enterprise Server creates a new empty file named server log and renames the old file server log_date where date is the date and time when the file was rotated The components of the Enterprise Server generate logging output Application components can also generate logging output Application components may use the Apache Commons Logging Library to log me...

Page 166: ... begins with a message ID that consists of a module code and a numerical value in this case CORE5004 The log record format might be changed or enhanced in future releases The Logger Namespace Hierarchy The Enterprise Server provides a logger for each of its modules The following table lists the names of the modules and the namespace for each logger in alphabetical order as they appear on the Log L...

Page 167: ...ainer ejb mdb Naming javax enterprise system core naming Persistence oracle toplink essentials javax enterprise resource jdo javax enterprise system container cmp Node Agent cluster and enterprise profiles only javax ee enterprise system nodeagent Root javax enterprise SAAJ javax enterprise resource webservices saaj Security javax enterprise system core security Self Management javax enterprise sy...

Page 168: ... click Help in the Admin Console To configure these log settings in asadmin use the get and set commands Configuring Log Levels To configure log levels using the Admin Console For the developer profile go to Application Server Logging Log Levels For the cluster and enterprise profiles go to Configurations Configuration Logging Logging Settings Log Levels Set the log level for the modules listed on...

Page 169: ...e 17 10 00 000 If the From value is later than the To value an error message appears Log Level To filter messages by log level choose a log level from the drop down list By default the display includes all messages that appear in the server log at the chosen log level and more severe levels Select the checkbox labeled Do not include more severe messages to display messages at only the chosen level...

Page 170: ...app module1 com mycompany myapp module2 com mycompany myapp module3 To view messages from all modules in the application type com mycompany myapp To view messages from module2 only type com mycompany myapp module2 When you specify one or more custom loggers messages from Enterprise Server modules appear only if you specify them explicitly in the Logger area Name Value Pairs To view output from a s...

Page 171: ...g in the Enterprise Server Use monitoring to observe the runtime state of various components and services deployed in a server instance of theEnterprise Server With the information on the state of runtime components and processes it is possible to identify performance bottlenecks for tuning purposes aid capacity planning predict failures do root cause analysis in case of failures and ensure that e...

Page 172: ...r example server In the Platform Edition just one server instance is permitted The following command displays the top level of the tree asadmin list user adminuser monitor server server applications server http service server connector service server jms service server jvm server orb server resources server thread pools The following sections describe these sub trees The Applications Tree on page ...

Page 173: ...nt vs servlet5 standalone ejb module 1 ejb2 cache for entity sfsb pool for slsb mdb entity methods method1 method2 application2 The HTTP ServiceTree The nodes of the HTTP service are shown in the following schematic The nodes at which monitoring information is available are marked with an asterisk See HTTP Service Statistics on page 181 EXAMPLE 18 2 HTTP Service Schematic DeveloperProfile Version ...

Page 174: ... ServiceTree The connector services node holds monitorable attributes for pools such as the connector connection pool The following schematic shows the top and child nodes for the various connector service components The nodes at which monitoring statistics are available are marked with an asterisk See JMS Connector Service Statistics on page 184 EXAMPLE 18 5 Connector Service Schematic connector ...

Page 175: ...Tree The thread pool node holds monitorable attributes for connection managers The following schematic shows the top and child nodes for the ORB components The nodes at which monitoring statistics are available are marked with an asterisk See Thread Pools Statistics on page 186 EXAMPLE 18 8 Thread Pool Schematic thread pools thread pool 1 thread pool 2 About Statistics for Monitored Components and...

Page 176: ... create method is called removecount CountStatistic Number of times an EJB s remove method is called pooledcount RangeStatistic Number of entity beans in pooled state readycount RangeStatistic Number of entity beans in ready state messagecount CountStatistic Number of messages received for a message driven bean methodreadycount RangeStatistic Number of stateful or stateless session beans that are ...

Page 177: ...itoring enabled is true for EJB container executiontime CountStatistic Time ms spent executing the method for the last successful unsuccessful attempt to execute the operation This is collected for stateless and stateful session beans and entity beans if monitoring is enabled on the EJB container The statistics for EJB Session Stores are listed in the following table TABLE 18 3 EJB Session Store S...

Page 178: ...store passivatedBeanSize CountStatistic Total number of bytes passivated by this store including total minimum and maximum passivationTime CountStatistic Time spent on passivating beans to the store including the total minimum and maximum checkpointCount enterprise profile only CountStatistic Number of sessions checkpointed using this store checkpointSuccessCount enterprise profile only CountStati...

Page 179: ... 1 Applies only to pools for message driven beans The statistics available for EJB caches are listed in the following table TABLE 18 5 EJB Cache Statistics Attribute Name DataType Description cachemisses BoundedRangeStatistic The number of times a user request does not find a bean in the cache cachehits BoundedRangeStatistic The number of times a user request found an entry in the cache numbeansin...

Page 180: ...dual web application Statistics available for the web container for servlets are shown in Table 18 7 and statistics available for web modules are shown in Table 18 8 TABLE 18 7 Web Container Servlet Statistics Statistic Units DataType Comments errorcount Number CountStatistic Cumulative number of cases where the response code is greater than or equal to 400 maxtime Milliseconds CountStatistic The ...

Page 181: ...ns that were not created because the maximum allowed number of sessions were active expiredsessionstotal CountStatistic Total number of expired sessions for the web module sessionsize AverageRangeStatistic Size of the session for the web module Value is either high low or average or is in bytes for serialized sessions sessionpersisttime AverageRangeStatistic Time in ms low high or average taken to...

Page 182: ...r CountStatistic The minimum number of unused response processing threads that can exist maxthreads Number CountStatistic The maximum number of request processing threads created by the listener maxtime Milliseconds CountStatistic The maximum amount of time for processing threads processing time Milliseconds CountStatistic The cumulative value of the times taken to process each request The process...

Page 183: ...t Number BoundedRangeStatistic The total number of connections in the pool that timed out between the start time and the last sample time averageconnwaittime Number CountStatistic Indicates the average wait time of connections for successful connection request attempts to the connector connection pool waitqueuelength Number CountStatistic Number of connection requests in the queue waiting to be se...

Page 184: ...ions that are currently being used as well as information about the maximum number of connections that were used the high water mark numconnfree Number RangeStatistic The total number of free connections in the pool as of the last sampling numconntimedout Number CountStatistic The total number of connections in the pool that timed out between the start time and the last sample time averageconnwait...

Page 185: ... waiting in the queue before executing workrequestwaittime RangeStatistic Longest and shortest wait of a work object before it gets executed submittedworkcount CountStatistic Number of work objects submitted by a connector module rejectedworkcount CountStatistic Number of work objects rejected by the Enterprise Server completedworkcount CountStatistic Number of work objects that were completed Sta...

Page 186: ...eads Number CountStatistic The number of threads that are available numberofbusythreads Number CountStatistic The number of threads that are busy totalworkitemsadded Number CountStatistic The total number of work items added so far to the work queue Transaction Service Statistics The transaction service allows the client to freeze the transaction subsystem in order to roll back transactions and de...

Page 187: ...cs in Java SE With Java SE additional monitoring information can be obtained from the JVM Set the monitoring level to LOW to enable the display of this additional information Set the monitoring level to HIGH to also view information pertaining to each live thread in the system More information on the additional monitoring features for Java SE is available in a document titled Monitoring and Manage...

Page 188: ...own in the following table TABLE 18 19 JVM Statistics for Java SE Garbage Collection Statistic DataType Description collectioncount CountStatistic Total number of collections that have occurred collectiontime CountStatistic Accumulated collection time in milliseconds The statistics available for memory in the JVM in Java SE are shown in the following table TABLE 18 20 JVM Statistics for Java SE Me...

Page 189: ...for Java SE Operating System Statistic DataType Description arch StringStatistic Operating system architecture availableprocessors CountStatistic Number of processors available to the JVM name StringStatistic Operating system name version StringStatistic Operating system version The statistics available for the runtime in the JVM in Java SE are shown in the following table TABLE 18 22 JVM Statisti...

Page 190: ...a SE Thread Info Statistic DataType Description threadid CountStatistic ID of the thread threadname StringStatistic Name of the thread threadstate StringStatistic State of the thread blockedtime CountStatistic Time elapsed in milliseconds since the thread entered the BLOCKED state Returns 1 if thread contention monitoring is disabled blockedcount CountStatistic Total number of times that the threa...

Page 191: ...ount CountStatistic Peak live thread count since the JVM started or the peak was reset totalstartedthreadcount CountStatistic Total number of threads created and or started since the JVM started daemonthreadcount CountStatistic Current number of live daemon threads allthreadids StringStatistic List of all live thread ids currentthreadcputime CountStatistic CPU time for the current thread in nanose...

Page 192: ...ctor service OFF server monitoring service module monitoring levels ejb container OFF server monitoring service module monitoring levels http service OFF server monitoring service module monitoring levels sip service OFF server monitoring service module monitoring levels jdbc connection pool OFF server monitoring service module monitoring levels jms service OFF server monitoring service module mon...

Page 193: ...ices on page 175 Viewing Monitoring DataWith the asadminTool This section contains the following topics To Use the asadmin monitor Command to View Monitoring Data on page 193 To Use the asadmin get and list Commands to View Monitoring Data on page 194 Understanding and Specifying Dotted Names on page 195 Examples of the list and get Commands on page 196 Examples for the list user admin user monito...

Page 194: ...ands followed by the dotted name of a monitorable object as follows To view the names of the objects that can be monitored use the asadmin list command For example to view a list of application components and subsystems that have monitoring enable for the server instance type the following command in a terminal window asadmin list user adminuser monitor server The preceding command returns a list ...

Page 195: ...57308 server jvm uptime description Provides the amount of time the JVM has been running server jvm uptime lastsampletime 1080234457308 server jvm uptime name JvmUpTime server jvm uptime starttime 1080232913928 server jvm uptime unit milliseconds For further examples using the get command refer to Examples of the list and get Commands on page 196 For further information on the dotted names you can...

Page 196: ...mediate children For example list user adminuser monitor server lists all immediate children belonging to the server node Any list command that has a dotted name followed by a wildcard of the form gets as its result a hierarchical tree of children nodes from the current node For example list user adminuser monitor server applications lists all children of applications and their subsequent child no...

Page 197: ... service server connector service server applications server http service server thread pools It is also possible to list applications that are currently monitored in the specified server instance This is useful when particular monitoring statistics are sought from an application using the get command Example 2 asadmin list user admin user monitor server applications Returns server applications ad...

Page 198: ...e 1080232913938 server jvm heapsize lowerbound 0 server jvm heapsize lowwatermark 0 server jvm heapsize name JvmHeapSize server jvm heapsize starttime 1080234457308 server jvm heapsize unit bytes server jvm heapsize upperbound 518979584 server jvm uptime count 1080234457308 server jvm uptime description Provides the amount of time the JVM has been running server jvm uptime lastsampletime 108023445...

Page 199: ...hod in the sample PetStore application after it has been deployed onto the Enterprise Server The instance onto which it has been deployed is named server A combination of the list and get commands are used to access desired statistics on a method Start the Enterprise Server and the asadmin tool Set some useful environment variables to avoid entering them for every command asadmin export AS_ADMIN_U...

Page 200: ...pplication asadmin list m server applications petstore signon ejb_jar Returns server applications petstore signon ejb_jar SignOnEJB server applications petstore signon ejb_jar UserEJB List the monitorable subcomponents in the entity bean UserEJB for the EJB module signon ejb_jar of the PetStore application asadmin list m server applications petstore signon ejb_jar UserEJB Returns with dotted name ...

Page 201: ...time starttime 1079980593137 server applications petstore signon ejb_jar UserEJB bean methods getUserName executiontime unit count server applications petstore signon ejb_jar UserEJB bean methods getUserName methodstatistic count 0 server applications petstore signon ejb_jar UserEJB bean methods getUserName methodstatistic description Provides the number of times an operation was called the total ...

Page 202: ...erName totalnumsuccess description Provides the total number of successful invocations of the method server applications petstore signon ejb_jar UserEJB bean methods getUserName totalnumsuccess lastsampletime 1079981809255 server applications petstore signon ejb_jar UserEJB bean methods getUserName totalnumsuccess name TotalNumSuccess server applications petstore signon ejb_jar UserEJB bean method...

Page 203: ...ws the command dotted name and corresponding output for the applications level TABLE 18 26 ApplicationsLevel Command Dotted Name Output list m server applications or applications appl1app2web module1_warejb module2_jar list m server applications or applications Hierarchy of child nodes below this node get m server applications or applications No output except message saying there are no attributes...

Page 204: ...pplications app1 or app1 No output except message saying there are no attributes at this node list m server applications app1 ejb module1_jar or ejb module1_jar or server applications ejb module1_jar bean1bean2bean3 list m server applications app1 ejb module1_jar or ejb module1_jar or server applications ejb module1_jar Hierarchy of child nodes below this node get m server applications app1 ejb mo...

Page 205: ..._ UnitMethodReadyCount_ CurrentMethodReadyCount_ DescriptionMethodReadyCount_ HighWaterMarkMethodReadyCount_ LastSampleTimeMethodReadyCount_ LowWaterMarkMethodReadyCount_ NameMethodReadyCount_ StartTimeMethodReadyCount_ UnitRemoveCount_CountRemoveCount_ DescriptionRemoveCount_ LastSampleTimeRemoveCount_ NameRemoveCount_StartTimeAttribute RemoveCount_Unit list m server applications app1 ejb module1...

Page 206: ...hod1 Note In standalone modules the node containing the application name app1 in this example will not appear List of attributes and values corresponding to EJB Methods attributes as described in Table 18 2 list m server applications app1 web module1_war Displays the virtual server s assigned to the module get m server applications app1 web module1_war No output except a message saying there are n...

Page 207: ... as described in Table 18 9 The following table shows the command dotted name and corresponding output for the thread pools level TABLE 18 29 Thread PoolsLevel Command Dotted Name Output list m server thread pools List of thread pool names get m server thread pools No output except message saying there are no attributes at this node list m server thread pools orb threadpool thread pool 1 No attrib...

Page 208: ...transaction service level TABLE 18 31 Transaction ServiceLevel Command Dotted Name Output list m server transaction service No attributes but a message saying Use get command with the monitor option to view this node s attributes and values get m server transaction service List of attributes and values corresponding to Transaction Service attributes as described in Table 18 15 The following table ...

Page 209: ...t m server jvm List of attributes and values corresponding to JVM attributes as described in Table 18 16 Using JConsole This section contains the following topics Securing JConsole to Application Server Connection on page 210 Prerequisites for Connecting JConsole to Application Server on page 211 Connecting JConsole to Application Server on page 211 Connecting JConsole Securely to Application Serv...

Page 210: ...ion If the server end is secure guarantees transport layer security there is a little more configuration to be performed on the client end By default the developer profile of Enterprise Server is configured with a non secure System JMX Connector Server By default cluster and enterprise profiles of Enterprise Server are configured with a secure System JMX Connector Server The protocol used for comm...

Page 211: ...erver Let us assume that the client end is a Windows machine with Java SE 6 0 and Enterprise Server installed Note The Enterprise Server installation is needed on the client end only when your Enterprise Server domain has security enabled on the remote machine the default for cluster and enterprise profiles If you just want to administer an Enterprise Server developer profile domain on the Solaris...

Page 212: ...erver Start the Enterprise Server on appserver sun com Since this is a cluster or enterprise domain the system JMX Connector server is secure To enable security on the developer profile JMX Connector see the Admin Console online help From the local Enterprise Server installation run install dir bin asadmin list user admin secure true host appserver sun com port 4848 where 4848 is the server s admi...

Page 213: ...name and port 8686 by default The user name refers to the administration user name and password refers to the administration password of the domain Click Connect In the JConsole window you will see all your MBeans VM information etc in various tabs 6 7 8 Using JConsole Chapter 18 Monitoring Components and Services 213 ...

Page 214: ...214 ...

Page 215: ...contains an action to be taken when a specified event occurs or a set threshold is reached You can set management rules that can automatically take corrective action based on events that you specify A management rule consists of two parts event and action An event uses the JMX notification mechanism to trigger a predefined action An action is triggered when an associated event occurs An action is ...

Page 216: ...ied logger writes a log entry For example you could create a management rule to send an alert to an administrator when an EJB container logger logs a SEVERE log entry Timer Events triggered at the specified date and time at the specified interval and so on These events have capabilities similar to the javax management timer package Trace Events triggered on Entry and Exit of HTTP IIOP request meth...

Page 217: ...where you can enable the MBeans on some or all of the targets For details see the online help To create management rules from the command line use the create management rule command To set properties of the management rules use the get and set commands To list and delete management rules use list management rules and delete management rule For more information see the online help for these command...

Page 218: ...218 ...

Page 219: ...t of configuring the application server you define settings that enhance the use of the Java Virtual machine To change the JVM configuration using the Admin Console select Application Server JVM Settings tab and define the general JVM settings as follows Java Home Enter the name of the installation directory of the Java software The Enterprise Server relies on the Java SE software Note If you ente...

Page 220: ...periodically and redeploys the application automatically and dynamically with the changes This is useful in a development environment because it allows code changes to be tested quickly In a production environment however dynamic reloading might degrade performance In addition whenever a reload is done the sessions at that transit time become invalid The client must restart the session Reload Poll...

Page 221: ...node agent or Domain Administration Server DAS The service created uses the Solaris Service Management Facility SMF The process that a service starts depends on whether the service is to restart a DAS or a node agent If the service is to restart a DAS the process is asadmin start domain If the service is to restart a node agent the process is asadmin start node agent The service grants to the proc...

Page 222: ...create a service called domain1 for domain1 1 Run the following asadmin create service type das passwordfile password txt appserver domains domain1 This creates a service to restart the domain domain1 automatically In the background the command creates a manifest file from a template validates the file and imports it as a service Note If a particular Enterprise Server domain should not have defaul...

Page 223: ...tart node agent user admin passwordfile opt SUNWappserver password txt agent1 Restarting Automatically on the MicrosoftWindows Platform To restart automatically on Microsoft Windows create a Windows Service and prevent the service from shutting down when a user logs out Creating aWindows Service Use the appservService exe and appserverAgentService exe executable files shipped with the Sun GlassFis...

Page 224: ...AgentService exe C Sun AppServer bin asadmin bat start node agent user admin passwordfile C Sun AppServer password txt agent1 C Sun AppServer bin asadmin bat stop node agent agent1 start auto DisplayName SunJavaSystemAppServer AGENT1 Note The start and stop commands entered as part of the binPath parameter must have the correct syntax To test run the commands from the command prompt If the command...

Page 225: ...wn In this situation add the option to the as install lib processLauncher xml file as follows process name as service name sysproperty key Xrs Security for Automatic Restarts If you are using the cluster or enterprise profile the administration passworda and master password are required when automatically restarting Enterprise Server If you are using the Developer Profile no Handle the password an...

Page 226: ...Server lib appservService exe C Sun AppServer bin asadmin bat start domain user admin passwordfile C Sun AppServer password txt domain1 C Sun AppServer bin asadmin bat stop domain domain1 start auto DisplayName SunJavaSystemAppServer DOMAIN1 The path to the password file password txt is C Sun AppServer password txt It contains the password in the following format AS_ADMIN_password password For exa...

Page 227: ...conditions must be adhered to for all top level elements in the domain xml file Each server configuration cluster or node agent must have a unique name Servers configurations clusters or node agents cannot be named domain Server instances cannot be named agent The following table identifies the top level elements and the corresponding dotted name prefix Element Name Dotted Name Prefix applications...

Page 228: ...o refer to configurations applications and resources of a cluster or a standalone server instance target The following table identifies dotted names beginning with the server name or cluster name that are aliased to top level names under the domain Dotted Name Aliased to Comments target applications domain applications The alias resolves to applications referenced by the target only target resourc...

Page 229: ...fig name log service target security service config name security service target transaction service config name transaction service target monitoring service config name monitoring service target java config config name java config target availability service config name availability service target thread pools config name thread pools Elements Not Aliased A clustered instance should not be alias...

Page 230: ...230 ...

Page 231: ...7 List and Status Commands on page 238 Deployment Commands on page 239 Version Commands on page 240 Message Queue Administration Commands on page 240 Resource Management Commands on page 241 Configuration Commands on page 243 User Management Commands on page 246 Rules and Monitoring Commands on page 247 Database Commands on page 247 Diagnostic and Logging Commands on page 248 Web Service Commands ...

Page 232: ...the second multimode environment you return to your original multimode environment You can also run the asadmin utility in interactive or non interactive options By default the interactive option is enabled It prompts you for the required arguments You can use the interactive option in command shell invocation under all circumstances You can use the interactive option in multimode when you run one...

Page 233: ... of interest which assumes the domain as the default domain if there is only one If there is more than one domain the domain option is a required option For subcommands that can be run locally or remotely when run remotely with the host port user and passwordfile options specified the domain option is ignored The domain option is ignored if the subcommand will be run in remote mode Note that there...

Page 234: ...option without a subcommand displays a listing of all the available subcommands Common Options for Remote Commands All the remote commands require the following common options TABLE C 1 Remote Commands Required Options Option Definition host The machine name where the domain administration server is running The default value is localhost port The HTTP S port for administration This is the port to ...

Page 235: ...s applicable only to AS_ADMIN_PASSWORD option You will still need to provide the other passwords for example AS_ADMIN_USERPASSWORD as and when required by individual commands such as update file user For security reasons passwords specified as an environment variable will not be read by asadmin secure If set to true uses SSL TLS to communicate with the domain administration server interactive If s...

Page 236: ... a complete name This is similar to how the character is used to delimit the levels in the absolute path name of a file in the UNIX file system The following rules apply while forming the dotted names accepted by the get set and list commands Note that a specific command has some additional semantics applied A period always separates two sequential parts of the name A part of the name usually iden...

Page 237: ...ind the dotted name of that subsystem For example to find out the modified date attribute of a particular file in a large file system that starts with First you must find out the location of that file in the file system and then look at its attributes Therefore two of the first commands to understand the hierarchies in appserver are list and command list monitor Consult the get set or list command...

Page 238: ... The asadmin login command eases the administration of such remote domains The login command runs only in the interactive mode It prompts you for the admin user name and password On successful login the file asadminpass will be created in the user s home directory This is the same file that is modified during the create domain command while using the savelogin option The domain must be running for...

Page 239: ...e attribute list Lists the configurable element On Solaris quotes are needed when executing commands with as the option value or operand unset Removes one or more variables you set for the multimode environment The variables and their associated values will no longer exist in the environment Deployment Commands The deployment commands deploy an application or get the client stubs TABLE C 4 Deploym...

Page 240: ...in Message Queue Administration Commands The Message Queue administration commands allow you to manage the JMS destinations TABLE C 6 Message Queue Commands Command Definition create jmsdest Creates a JMS physical destination Along with the physical destination you use the create jms resource command to create a JMS destination resource that has a Name property that specifies the physical destinat...

Page 241: ...xisting JMS resources destination and connection factory resources create jndi resource Registers a JNDI resource delete jndi resource Removes the JNDI resource with the specified JNDI name list jndi resources Identifies all the existing JNDI resources list jndi entries Browses and queries the JNDI tree create javamail resource Creates a JavaMail session resource delete javamail resource Removes t...

Page 242: ...d objects create resource adapter config Creates configuration information for the connector module delete resource adapter config Deletes the configuration information created in domain xml for the connector module list resource adapter configs lists the configuration information in the domain xml for the connector module add resources Creates the resources named in the specified XML file The xml...

Page 243: ... commands help you manage listeners These commands are supported in remote mode only TABLE C 8 IIOP Listener Commands Command Definition create http listener Adds a new HTTP listener socket delete http listener Removes the specified HTTP listener list http listeners Lists the existing HTTP listener create iiop listener Creates an IIOP listener delete iiop listener Removes the specified IIOP listen...

Page 244: ... SSL Commands Command Definition create profiler Creates the profiler element A server instance is tied to a particular profiler by the profiler element in the Java configuration Changing a profiler requires you to restart the server delete profiler Deletes the profiler element you specify A server instance is tied to a particular profiler by the profiler element in the Java configuration Changing...

Page 245: ...eadpool and Auth Realm Commands The threadpool and auth realm commands allow you to control these elements These commands are supported in remote mode only TABLE C 12 Threadpool and Auth Realm Commands Command Definition create threadpool Creates a threadpool with the specified name You can specify maximum and minimum number of threads in the pool the number of work queues and the idle timeout of ...

Page 246: ...e registry commands allow you to publish or unpublish webservice artifacts TABLE C 14 TransactionCommands Command Definition publish to registry Publishes the web service artifacts to registries unpublish from registry Unpublishes the web service artifacts from the registries list registry locations User Management Commands These user commands are to administer the users support by the file realm ...

Page 247: ... new management rule to intelligently self manage the application server installation and deployed applications delete management rule Removes the management rule you specify create transformation rule Creates an XSLT transformation rule that can be applied to a webservice operation The rule can be applied either to a request or to a response delete transformation rule Deletes an XSLT transformati...

Page 248: ...details or process specific information for an application server instance display error statistics Displays a summary list of severities and warnings in server log since the last server restart display error distribution Displays distribution of errors from instance server log at module level display log records Displays all the error messages for a given module at a given timestamp Web Service C...

Page 249: ...r user group to a suitable enterprise information system EIS principal in container managed transaction based scenarios One or more named security maps may be associated with a connector connection pool The connector security map configuration supports the use of the wild card asterisk to indicate all users or all user groups For this command to succeed you must have first created a connector conn...

Page 250: ...he form ALIAS password alias password The password corresponding to the alias name is stored in an encrypted form This command takes both a secure interactive form in which the user is prompted for all information and a more script friendly form in which the password is propagated on the command line delete password alias Deletes a password alias update password alias Updates the password alias ID...

Page 251: ...rvice command allows you to configure the starting of the Domain Administration Server DAS TABLE C 24 ServiceCommand Command Definition create service Configures the starting of a DAS on an unattended boot On Solaris 10 this command uses the Service Management Facility SMF This is a local command and must be run as the OS level user with superuser privileges It is available only for Solaris 10 Whe...

Page 252: ... manage these shared server instances TABLE C 25 PropertyCommand Command Definition create system property Creates one system property of the domain configuration or server instance at a time delete system property Removes one system property of a domain configuration or server instance list system properties Displays the system properties of a domain configuration or server instance Property Comm...

Page 253: ...MS resources and 64 connectors modules 163 containers applet 93 application client 93 Enterprise JavaBeans 93 95 servlet See containers 95 web 95 containers Continued web 93 95 CORBA 161 threads 163 create domain command 31 custom resources using 79 D databases JNDI names 77 resource references 78 supported 52 delete domain command 32 destinations JMS overview 63 64 domains creating 31 32 E Enterp...

Page 254: ...135 JDBC drivers 144 supported drivers 52 JMS Foreign Providers 67 74 Resource Adapter Generic 67 74 JMS resources connection factory resources 63 64 destination resources 63 64 overview 63 64 physical destinations 63 64 queues 63 64 topics 63 64 jmsmaxmessagesload 179 jmsra system resource adapter 64 JNDI 95 custom resources using 79 external repositories 79 lookups and associated references 78 n...

Page 255: ...cle Inet JDBC driver 57 58 Oracle OCI JDBC driver 60 61 Oracle Thin Type 4 Driver workaround for 145 Oracle Thin Type 4 JDBC driver 59 60 oracle xa recovery workaround property 145 ORB 161 IIOP listeners 162 overview 162 See object request broker 163 ORB Continued service monitoring 185 186 P performance thread pools 163 Port listeners 30 Q queues JMS 63 64 R realms certificate 109 request process...

Page 256: ...er See transactions managers 144 transaction service monitoring 186 187 transactions 143 associating 144 attributes 144 committing 143 completing 144 demarcations 144 distributed 144 logging 147 148 managers 144 recovering 144 145 146 rolling back 143 timeouts 146 147 truststore jks file 112 V virtual servers overview 149 150 Index Sun GlassFish Enterprise Server 2 1 Administration Guide December ...

Reviews:

No comments

Related manuals for Sun GlassFish Enterprise Server 2.1

Vxl Itona C23S Specifications preview
Itona C23S
Brand: Vxl Pages: 2
Supero SuperServer 6041G User Manual preview
SuperServer 6041G
Brand: Supero Pages: 114
Vidyo VidyoGateway Administrator'S Manual preview
VidyoGateway
Brand: Vidyo Pages: 186
TRENDnet TS-U100 - NAS Server - USB User Manual preview
TS-U100 - NAS Server - USB
Brand: TRENDnet Pages: 47
Olive Olive OPUS N5 User Manual preview
Olive OPUS N5
Brand: Olive Pages: 24
IEI Technology PUZZLE-IN004 Series User Manual preview
PUZZLE-IN004 Series
Brand: IEI Technology Pages: 102
TYAN GT24B-B7076 Service Engineer'S Manual preview
GT24B-B7076
Brand: TYAN Pages: 87
ESI 60 Business Phone User Manual preview
60 Business Phone
Brand: ESI Pages: 2
Dell EMC PowerEdge R6415 Installation And Service Manual preview
PowerEdge R6415
Brand: Dell EMC Pages: 139
Lantronix CoBox-FL User Manual preview
CoBox-FL
Brand: Lantronix Pages: 135
Alcatel-Lucent OmniTouch 8460 Specifications preview
OmniTouch 8460
Brand: Alcatel-Lucent Pages: 4
Black Box les1208A Manual preview
les1208A
Brand: Black Box Pages: 4
Black Box LES1202A Quick Start Manual preview
LES1202A
Brand: Black Box Pages: 12
Viavi G4-40G-040-384T Manual preview
G4-40G-040-384T
Brand: Viavi Pages: 12
3onedata NP3 T Series Quick Installation Manual preview
NP3 T Series
Brand: 3onedata Pages: 3
Intel N440BX Installation And Operating Manual preview
N440BX
Brand: Intel Pages: 11
exemys SSE232-1C0-00-IA3-IS User Manual preview
SSE232-1C0-00-IA3-IS
Brand: exemys Pages: 39
Planet NAS-7103 User Manual preview
NAS-7103
Brand: Planet Pages: 54

Brands by name

Popular brands

Load more brands