Administration and Configuration Guide
for JBoss Enterprise Application Platform 5
Edition 5.2.0
Abstract
Part I. Overview
Chapter 1. Scope of Book
Chapter 2. Introduction
- JBoss HTTP Connector for load balancing
- PicketLink framework for identity management
- RESTEasy framework for RESTful web services
- Seam framework for development
2.1. Integrated Projects
- JBoss EJB
- JBoss EJB3 provides the implementation of the Enterprise Java Beans (EJB) specification. EJB 3.0 is a deep overhaul and simplification of the EJB specification.
- JBoss Transactions
- JBoss Transactions is the default transaction manager compliant with JTA, JTS and Web Services standards.
- JBoss Web
- JBoss Web is the Web container component based on Apache Tomcat that includes the Apache Portable Runtime (APR) and Tomcat native technologies.
- JBoss Messaging (JMS)
- JBoss Messaging is the default messaging provider. It is also the backbone of the JBoss enterprise service bus (ESB) infrastructure. JBoss Messaging substitutes JBossMQ, which is the default JMS provider for JBoss Enterprise Application Platform 4.2.
- JBoss Cache
- JBoss Cache provides two types of transactional cache: a traditional tree-structured node-based cache; and a PojoCache, an in-memory, transactional, and replicated cache system that allows users to operate on simple POJOs transparently without active user management of either replication or persistency aspects.
Important
JBoss Cache is deprecated and substituted by Infinispan in the next major JBoss Enterprise Application Platform release. - JBossWS 3.x
- JBossWS 3.x is the web service stack that provides Java EE compatible web services.
2.2. Architecture
- JBoss HTTP Connector for load balancing
- Picketlink framework for identity management
- RESTEasy framework for RESTful web services
- Seam framework for development of web application

Figure 2.1. Components
- JBoss Microcontainer kernel
- is the execution core of JBoss Enterprise Application Platform. It loads the bootstrap beans so as to connect to the deployed services. JBoss Microcontainer substitutes JMX (Java Management Extension). However, MCBeans and legacy MBean deployments are still included so as to support legacy services.
- Component Deployers
- cover the loading of the deployed resources.
- Enterprise Services
- include all services of the JBoss Enterprise Application Platform.
2.3. Directory Structure
mod_cluster
directory), Picketlink (in the picketlink
directory) , and RESTeasy (in the resteasy
directory).
common
directory, which has been added to accommodate the libraries common for all server profiles and prevent the library duplication in the directory structure.
jboss-as
— JBoss Enterprise Application Server home directorybin
— start and shutdown scripts, other useful scriptsclient
— client JAR filescommon
— static JAR files shared by all server profilesThis directory has been added to prevent duplicated copying of common libraries into individual server profile directories.docs
— schemas/dtds, exampleslib
— core bootstrap JAR filesendorsed
— directory on the server JVM java.endorsed.dirs path
server
— server profile directories
mod_cluster
— JBoss HTTP Connectorpicketlink
— the PicketLink projectresteasy
— RESTEasy implementation (JSR-311, JAX-RS)seam
— JBoss Seam application framework home directoryNote that JBoss Enterprise Application Platform 4.3 contained two seam directories:seam1
andseam2
. Theseam1
directory contained Seam 1.2.1 that was delivered originally with JBoss Enterprise Application Platform 4. It contained thedrools
,embedded-ejb
, andhibernate
directories with libraries. Now, these are in thelib
directory. Also, the mail resource adapter has been moved for themail
directory toextras
andbuni-meldware
, external mail and groupware server intended for presentation purposes, has been removed.Theseam2
directory contained the 2.0.2FP version of the Seam delivered with JBoss Enterprise Application Platform Feature Pack and the structure has not undergone any significant changes.bootstrap
— JBoss Embedded configuration for the Seam integration testsuite (refer to the Slib
— library directoryseam-gen
— command-line utility for generating simple skeletal Seam project to allow a quick project startbuild
— configuration and resources for buildingexamples
— examples demonstrating uses of Seam's featuresextras
— mail resource adapter; JsUnit testingui
— sources for the Seam UI module
2.4. JBoss Enterprise Application Platform Use Cases
- Most web applications involving a database
- Web applications likely to be clustered
- Simple web applications with JSPs/Servlets upgrades to JBoss Enterprise Application Platform with Tomcat Embedded
- Intermediate web applications with JSPs/Servlets using a web framework such as Struts, Java Server Faces, Cocoon, Tapestry, Spring, Expresso, Avalon, Turbine
- Complex web applications with JSPs/Servlets, Seam, Enterprise Java Beans (EJB), Java Messaging (JMS), caching etc.
- Cross-application middleware (JMS, Corba, JMX, etc.)
Note
$EAP_HOME/seam/examples/booking/
. The application is a Java EE 5 application that makes use of the following technologies:
- EJB3
- Stateful Session Beans
- Stateless Session Beans
- JPA (w/ Hibernate validation)
- JSF
- Facelets
- Ajax4JSF
- Seam
2.5. Bootstrap
org.jboss.Main
entry point loads an org.jboss.system.server.Server
implementation. In JBoss Enterprise Application Platform 4 this was a JMX-based microkernel. In JBoss Enterprise Application Platform 5, this is a JBoss Microcontainer.
org.jboss.system.server.Server
implementation is org.jboss.bootstrap.microcontainer.ServerImpl
. This implementation is an extension of the kernel basic bootstrap that boots the MC from the bootstrap beans declared in {jboss.server.config.url}/bootstrap.xml
descriptors using a BasicXMLDeployer
. In addition, the ServerImpl
registers install callbacks for any beans that implement the org.jboss.bootstrap.spi.Bootstrap
interface. The bootstrap/profile*.xml
configurations include a ProfileServiceBootstrap
bean that implements the Bootstrap interface.
org.jboss.system.server.profileservice.ProfileServiceBootstrap
is an implementation of the org.jboss.bootstrap.spi.Bootstrap
interface that loads the deployments associated with the current server profile. The <PROFILE> is the name of the server profile being loaded and corresponds to the server -c
command line argument. The default <PROFILE> is default
.
2.6. Hot Deployment
Profile
implementations associated with the ProfileService
. The HDScanner
bean deployed via the deploy/hdscanner-jboss-beans.xml
MC deployment, queries the profile service for changes in application directory contents and redeploys updated content, undeploys removed content, and adds new deployment content to the current server profile via the ProfileService
.
- Remove the
hdscanner-jboss-beans.xml
file from deployment; - Edit the
hdscanner-jboss-beans.xml
file, add thescanEnabled
attribute (if it's not already present)and set its value tofalse
.
hdscanner-jboss-beans.xml
file in which hot deployment has been disabled.
<?xml version="1.0" encoding="UTF-8"?> <!-- Hot deployment scanning $Id: hdscanner-jboss-beans.xml 98983 2010-01-04 13:35:41Z emuckenhuber $ --> <deployment xmlns="urn:jboss:bean-deployer:2.0"> <!-- Hotdeployment of applications --> <bean name="HDScanner" class="org.jboss.system.server.profileservice.hotdeploy.HDScanner"> <property name="deployer"><inject bean="ProfileServiceDeployer"/></property> <property name="profileService"><inject bean="ProfileService"/></property> <property name="scanPeriod">5000</property> <property name="scanThreadName">HDScanner</property> <property name="scanEnabled">false</property> </bean> ...(snip)... </deployment>
2.6.1. Adding a Custom Deploy Folder
<JBOSS_HOME>/jboss-as/server/<PROFILE>/deploy
folder. However you can configure the server to even include your custom folder for scanning deployments. This can be done by configuring the BootstrapProfileFactory
MC bean in <JBOSS_HOME>/jboss-as/server/<PROFILE>/conf/bootstrap/profile.xml
file. The applicationURIs property of the BootstrapProfileFactory
accepts a list of URLs which will be scanned for applications. You can add your custom deploy folder to this list. For example, if you want /home/me/myapps
to be scanned for deployments, then you can add the following:
<bean name="BootstrapProfileFactory" class="org.jboss.system.server.profileservice.repository. StaticProfileFactory"> ... <property name="applicationURIs"> <list elementClass="java.net.URI"> <value>${jboss.server.home.url}deploy</value> <value>file:///home/me/myapps</value> </list> ...
Important
<JBOSS_HOME>/jboss-as/server/<PROFILE>/conf/bootstrap/profile.xml
requires a server restart, for the changes to take effect.
BootstrapProfileFactory
also requires the same URL to be added to the VFSCache
MC bean configuration in <JBOSS_HOME>/jboss-as/server/<PROFILE>/conf/bootstrap/vfs.xml
. For example:
<bean name="VFSCache"> ... <property name="permanentRoots"> <map keyClass="java.net.URL" valueClass="org.jboss.virtual.spi.ExceptionHandler"> ... <entry> <key>file:///home/me/myapps</key> <value><inject bean="VfsNamesExceptionHandler"/></value> </entry> </map> </property> ...
Important
VFSCache
might result in growing disk space usage by the server, over a period of time.
Part II. JBoss Enterprise Application Platform Configuration
Chapter 3. Network
3.1. IPv6 Support
Chapter 4. JBoss Web
4.1. System Properties
General Properties
catalina.useNaming
- override for the useNaming element of the Context elementSet to
false
to override theuseNaming
attribute of all Context elements. catalina.config
- URL of the
catalina.properties
configuration file jvmRoute
- used if an
Engine
element does not define itsjvmRoute
attribute org.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES
- activation or deactivation of clearing static or final fields from loaded classes (set to
true
by default)Set totrue
to null out static or final fields from the loaded classes when a web application is stopped. This setting provides a workaround for garbage collection bugs and application coding errors. org.apache.tomcat.util.buf.StringCache.byte.enabled
- enabling the String cache for ByteChunk (set to
false
by default)Set totrue
to enable the String cache forByteChunk
. org.apache.tomcat.util.buf.StringCache.char.enabled
- enabling the String cache for
CharChunk
(set tofalse
by default)Set totrue
to enable the String cache forCharChunk
. org.apache.tomcat.util.buf.StringCache.trainThreshold
- call limit for the String cache activation (set to
2000
by default)The limit defines the number of times thetoString()
method must be called before the String cache is activated. org.apache.tomcat.util.buf.StringCache.cacheSize
- size of the String cache (set to
200
entries by default) org.apache.tomcat.util.buf.StringCache.maxStringSize
- maximum length of a cached String (set to
128
characters by default) org.apache.tomcat.util.http.FastHttpDateFormat.CACHE_SIZE
- size of the cache used for parsing and formatting of date values (
2000
entries by default) org.apache.catalina.core.StandardService.DELAY_CONNECTOR_STARTUP
- disabling automatic connector start-up (To prevent the connector from starting up automatically, set to
true
.) org.apache.catalina.connector.Request.SESSION_ID_CHECK
- enabling session verification (If enabled, that is set to
true
, the Servlet container verifies if a session with the specified session ID exists in a context before creating a session with that ID.) org.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER
- enabling custom HTTP status messages in HTTP headers (If enabled, that is set to
true
, custom HTTP status messages are allowed in HTTP headers.)Important
Ensure that any such message uses only the ISO-8859-1 characters to prevent a possible XSS vulnerability. The property is set tofalse
by default. org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH
- activates automatic usage of v1 cookies (set to
true
by default)The v1 cookies are used automatically if the servlet container is using v0 cookies and cookie values which have to be quoted to be valid. org.apache.el.parser.COERCE_TO_ZERO
- sets if "" and null numbers become 0This is the desired behavior defined in the specification and therefore the property is set to
true
by default.
JSP Configuration Properties
- org.apache.jasper.compiler.Generator.VAR_EXPRESSIONFACTORY
- the variable used as the expression language expression factory (if unspecified the
_el_expressionfactory
is used) - org.apache.jasper.compiler.Generator.VAR_INSTANCEMANAGER
- The name of the variable to use for the instance manager factory. If not specified, the default value of _jsp_instancemanager will be used.
- org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING
- If false the requirements for escaping quotes in JSP attributes will be relaxed so that a missing required quote will not cause an error. If not specified, the specification compliant default of true will be used.
- org.apache.jasper.runtime.JspFactoryImpl.USE_POOL
- If true, a ThreadLocal PageContext pool will be used. If not specified, the default value of true will be used.
- org.apache.jasper.runtime.JspFactoryImpl.POOL_SIZE
- The size of the ThreadLocal PageContext. If not specified, the default value of 8 will be used.
- org.apache.jasper.Constants.JSP_SERVLET_BASE
- The base class of the Servlets generated from the JSPs. If not specified, the default value of org.apache.jasper.runtime.HttpJspBase will be used.
- org.apache.jasper.Constants.SERVICE_METHOD_NAME
- The name of the service method called by the base class. If not specified, the default value of _jspService will be used.
- org.apache.jasper.Constants.SERVLET_CLASSPATH
- The name of the ServletContext attribute that provides the classpath for the JSP. If not specified, the default value of org.apache.catalina.jsp_classpath will be used.
- org.apache.jasper.Constants.JSP_FILE
- The name of the request attribute for <jsp-file> element of a servlet definition. If present on a request, this overrides the value returned by request.getServletPath() to select the JSP page to be executed. If not specified, the default value of org.apache.catalina.jsp_file will be used.
- org.apache.jasper.Constants.PRECOMPILE
- The name of the query parameter that causes the JSP engine to just pre-generate the servlet but not invoke it. If not specified, the default value of org.apache.catalina.jsp_precompile will be used.
- org.apache.jasper.Constants.JSP_PACKAGE_NAME
- The default package name for compiled jsp pages. If not specified, the default value of org.apache.jsp will be used.
- org.apache.jasper.Constants.TAG_FILE_PACKAGE_NAME
- The default package name for tag handlers generated from tag files. If not specified, the default value of org.apache.jsp.tag will be used.
- org.apache.jasper.Constants.ALT_DD_ATTR
- The servlet context attribute under which the alternate deployment descriptor for this web application is stored. If not specified, the default value of org.apache.catalina.deploy.alt_dd will be used.
- org.apache.jasper.Constants.TEMP_VARIABLE_NAME_PREFIX
- Prefix to use for generated temporary variable names. If not specified, the default value of _jspx_temp will be used.
- org.apache.jasper.Constants.USE_INSTANCE_MANAGER_FOR_TAGS
- If true, the instance manager is used to obtain tag handler instances. If not specified, false will be used.
- org.apache.jasper.Constants.USE_INSTANCE_MANAGER_FOR_TAGS
- If true, annotations specified in tags will be processed and injected. This can have a performance impact when using simple tags, or if tag pooling is disabled. If not specified, true will be used.
Security Configuration Properties
- org.apache.catalina.connector.RECYCLE_FACADES
- If this is true or if a security manager is in use a new facade object will be created for each request. If not specified, the default value of false will be used.
- org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH
- If this is true the '\' character will be permitted as a path delimiter. If not specified, the default value of false will be used.
- org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH
- If this is true '%2F' and '%5C' will be permitted as path delimiters. If not specified, the default value of false will be used.
Properties Required by Specification
- org.apache.catalina.STRICT_SERVLET_COMPLIANCE
- If set to
true
, then the following applies:- any wrapped request or response object passed to an application dispatcher is checked to ensure that it has wrapped the original request or response. (SRV.8.2 / SRV.14.2.5.1)
- a call to Response.getWriter() if no character encoding has been specified will result in subsequent calls to Response.getCharacterEncoding() returning ISO-8859-1 and the Content-Type response header will include a charset=ISO-8859-1 component. (SRV.15.2.22.1)
- every request that is associated with a session will cause the session's last accessed time to be updated regardless of whether or not the request explicitly accesses the session. (SRV.7.6)
- org.apache.catalina.core.StandardWrapperValve.SERVLET_STATS
- If true or if org.apache.catalina.STRICT_SERVLET_COMPLIANCE is true, the wrapper will collect the JSR-77 statistics for individual servlets. If not specified, the default value of false will be used.
- org.apache.catalina.session.StandardSession.ACTIVITY_CHECK
- If this is true or if org.apache.catalina.STRICT_SERVLET_COMPLIANCE is true Tomcat will track the number of active requests for each session. When determining if a session is valid, any session with at least one active request will always be considered valid. If not specified, the default value of false will be used.
4.1.1. Modifying System Properties
JBOSS_HOME/bin/run.conf
or in the form of a -D
option on server start-up (refer to the Getting Started Guide).
4.2. Configuring the JBoss Web Container
server.xml
- The
server.xml
is the main JBoss Web server configuration file (for further details refer to Section 4.3, “The Main Config File”) web.xml
- The
web.xml
file is a deployment descriptor defining URL mappings to servlets (defines how web applications are executed)Important
There are two types ofweb.xml
: the globalweb.xml
valid for the entire server and the localweb.xml
valid for a web application. The local file overrides the globalserver.xml
file for the given web application.The globalweb.xml
file is located in
directory, while the web-application specific file is located in the$JBOSS_SERVER_HOME
/deployers/jbossweb.deployer/WEB-INF/
directory of the web application.
4.3. The Main Config File
server.xml
file located in the $JBOSS_SERVER_HOME/PROFILE/deploy/jbossweb.sar/
directory. The file defines the JBoss Web server configuration with a set of XML configuration elements and their attributes.

Figure 4.1. The server.xml file schema
- top-level elements: contain any other elements (
<Server>
and<Service>
); - connectors: represent interface between clients and the service that receives the clients' requests;
- containers: represent components, which process incoming requests (
<Engine>
,<Host>
, and<Context>
); - nested components: represent entities that provide further functionalities to their parent elements or intercept the request processing;
4.4. Top-Level Elements
server.xml
file contains the <Server>
top-element, which contains the <Service>
elements. Any other elements are nested in these two elements.
4.4.1. Server
Server
is a container element that represents the entire servlet container and is the only parent of any other element, that is, it is the only top-level element.
Service
, GlobalNamingResources
and Listener
elements.
Note
Server
element in the JBoss Web's server.xml
file contains multiple Listener
elements. Amongst others, the org.apache.catalina.core.AprLifecycleListener
and the org.apache.catalina.core.JasperListener
. If the mod_ cluster load balancer is enabled for the profile, also the org.jboss.web.tomcat.service.deployers.MicrocontainerIntegrationLifecycleListener
is required.
AprLifecycleListener
and the JasperListener
are used to start up and shut down APR and initialize Jasper. Removing the Listener elements is therefore discouraged just as removing the MicrocontainerIntegrationLifecycleListener
.
Table 4.1. Server Element Attributes
Attribute | Description |
---|---|
className |
class implementing the Server
The defined class must implement the org.apache.catalina.Server interface. If no class is specified, the standard implementation is used, that is,
org.apache.catalina.core.StandardServer .
|
port |
TCP/IP port number on which the server expects the shutdown command
The connection must be initiated from the server computer that runs the JBoss Web server instance.
|
shutdown |
string that the server must receive on the port specified in the port property to shutdown
|
4.4.2. Service
Service
element serves as a container for Connectors that share a single Engine
component. There can be multiple Service
components in one Server
element and the Service
component can contain multiple Connector
elements followed by exactly one Engine
element.
Table 4.2. Service Element Attributes
Attribute | Description |
---|---|
className |
class implementing the Service
The class must implement the org.apache.catalina.Service interface. If no className is specified, the standard
org.apache.catalina.core.StandardService implementation is used.
|
name | Service name unique within the Server element (the name is used for log purposes) |
4.5. Connector
Connector
element represents an interface between clients and the Service; the element defines how client requests are transported.
Note
4.5.1. Executor
Executor
represents a thread pool that can be shared among components (primarily among connectors).
org.apache.catalina.Executor
interface.
Table 4.3. Element Attributes
Attribute | Description |
---|---|
className |
class implementing the Executor
The class must implement the org.apache.catalina.Executor interface. If no className is specified, the standard
org.apache.catalina.core.StandardThreadExecutor implementation is used.
|
name |
Executor name (the name must be unique within the
Server element)
|
Table 4.4. Additional Element Attributes of the Standard Executor Implementation (org.apache.catalina.core.StandardThreadExecutor)
Attribute | Description |
---|---|
threadPriority | thread priority for threads in the executor (Thread.NORM_PRIORITY by default) |
daemon | enabling/disabling daemon threads (true by default) |
namePrefix | name prefix for each thread created by the executor (the thread name takes the form namePrefix+threadNumber) |
maxThreads | maximum number of active threads in the thread pool (200 by default) |
minSpareThreads | minimum number of threads kept alive (25 by default) |
maxIdleTime |
number of milliseconds before the idle thread is shut down (applied only if the number of active threads is higher that the minSpareThreads value;
60.000 by default)
|
Defining Executor for Multiple Components
Important
server.xml
file. Such Executor definitions are now ignored.
- Open the
$JBOSS_SERVER_HOME/PROFILE/deploy/jbossweb.sar/META-INF/jboss-beans.xml
file. - Add the
Executor
bean definition to the file (see Example 4.1, “Executor bean definition”).Example 4.1. Executor bean definition
<bean name="Executor" class="org.apache.catalina.core.StandardThreadExecutor"> <property name="maxThreads">300</property> <property name="minSpareThreads">25</property> </bean>
- Set the executor property for the
TomcatService
bean.<bean name="WebServer" class="org.jboss.web.tomcat.service.deployers.TomcatService"> <annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX(name="jboss.web:service=WebServer", exposedInterface=org.jboss.web.tomcat.service.deployers.TomcatServiceMBean.class,registerDirectly=true)</annotation> ⋮ <!--This is the executor property you need to add.--> <property name="executor"><inject bean="Executor"/></property> </bean>
4.6. Containers
<Engine>
, <Host>
, and <Context>
).
4.6.1. Engine
Host
elements inside the Engine element; each Host
element represents one virtual host. You need to define at least one Host
element and one of the Hosts must have a name that matches the defaultHost value defined in the parent Engine element.
Engine
element can contain at most one Realm
element. The Realm
element represents a database of users and their roles: the user information defined in the respective resource is shared across all Hosts and Contexts nested inside the Engine. Realm setting in the Engine element can be overridden by another Realm
element defined in a lower-level element; that is, a Host or Context element.
Table 4.5. Engine Element Attributes
Attribute | Description |
---|---|
backgroundProcessorDelay |
delay between the invocation of the
backgroundProcess method on the engine and the invocation of the backgroundProcess method on the child containers of the Engine (Engine's Hosts and Contexts; 10 by default, that is 10 seconds)
If set to a positive value, the engine produces a thread. The thread waits for the specified amount of time and then invokes the
backgroundProcess method on the engine and all its child containers.
Host and Context containers can also define the backgroundProcessorDelay attribute. If the delay of a child container is not negative, the child container is using its own processing thread.
|
className |
class implementing the Engine
The class must implement the org.apache.catalina.Engine interface. If not specified, the standard value
org.apache.catalina.core.StandardEngine is used.
|
defaultHost |
name of the default host name
The default Host processes requests directed to host names on the server that are not configured in the
server.xml configuration file. The defaultHost must match the name attribute of a Host element nested immediately inside the Engine element.
|
jvmRoute |
identifier used in load balancing scenarios to enable session affinity (so-called "sticky sessions")
The identifier must be unique across all JBoss Web servers which participate in the cluster. It is appended to the generated session identifier so that a front-end proxy can always forward a particular session to the same JBoss Web instance.
|
name |
logical name of the Engine used in log and error messages
When using multiple Service elements in the same Server, each Engine must be assigned a unique name.
|
Note
Engine
element are ignored.
4.6.2. Host
Host
element represents a virtual host on the Engine. It allows you to associate a network name with the server, that is, to change the domains or the hostname of the Server.
Note
Engine
can contain multiple virtual hosts, that is the Engine element can have several Host
elements nested. The Host element can contain Context
elements for individual web applications associated with the virtual host. Exactly one of the Hosts in every Engine must have a name matching the defaultHost attribute of the Engine.
Host
element can contain multiple Alias
elements to allow the virtual host to use multiple hostnames (refer to Section 4.6.2.1, “Defining Host Name Aliases”).
Host
element can contain at most one Realm
element. A Realm
element in a Host represents a database of users and their roles used by the virtual host. If the Realm
element is nested in the Host
element, the user information is shared across all Contexts nested inside the Host unless overridden by another Realm
element defined for a child Context
element.
Table 4.6. Host Element Attributes
Attribute | Description |
---|---|
appBase |
Application Base directory for the virtual host
The Application Base directory is the pathname of a directory that contains web applications to be deployed on the virtual host. The property value can be defined as an absolute path to the directory or a path relative to the $JBOSS_SERVER_HOME directory.
|
autoDeploy |
automatic deployment of web applications dropped in the Application Base directory while the JBoss Web server is running (
true by default)
Note
Note that the default deployment directory is directory.
|
backgroundProcessorDelay |
delay between the invocation of the
backgroundProcess method on the host and the invocation of the backgroundProcess method on the child containers of the Host (such as Contexts; set to -1 by default, that is the Host uses the background processing thread of its Engine)
If set to a positive value, the Host produces a thread. The thread waits for the specified amount of time and then invokes the
backgroundProcess method on the virtual host and all its child containers.
Context containers can also define the backgroundProcessorDelay attribute. If the delay of a child Context is not negative, the Context uses its own processing thread.
|
className |
class implementing the Host
The defined class must implement the org.apache.catalina.Host interface. If no class is specified, the standard implementation is used, that is,
org.apache.catalina.core.StandardHost .
|
deployOnStartup |
automatic deployment of web applications from the Host (
true by default)
|
name |
network name of the virtual host as registered in your Domain Name Service server
One of the Hosts nested in the Engine must have a name that matches the defaultHost setting for the parent Engine.
|
Table 4.7. Additional Element Attributes of the Standard Host Element Implementation (org.apache.catalina.core.StandardHost)
Attribute | Description |
---|---|
deployXML |
applying the
context.xml file located inside the web application (that is, /META-INF/context.xml ; true by default)
If set to
false to parsing of the context.xml file is disabled. In security conscious environments, set to false to prevent applications from interacting with the container's configuration and provide an external context configuration file to the $JBOSS_SERVER_HOME/conf/enginename/hostname/ directory.
|
errorReportValveClass |
class implementing the error reporting valve used by the Host
The defined class must implement the org.apache.catalina.Valve interface. If no class is specified, the
org.apache.catalina.valves.ErrorReportValve implementation is used.
The valve defines the output error reports. This property allows you to customize the look of the error pages generated by JBoss Web.
|
unpackWARs |
automatic unpacking of deployer WAR files (
false by default)
If set to
true , web applications that are placed in the appBase directory in the form of a web application archive (WAR) file are unpacked into a corresponding disk directory structure. If set to false , such a web application is run from the WAR file.
|
workDir |
pathname to a scratch directory used by applications on the Host (if not specified, a suitable directory under
$JBOSS_SERVER_HOME/work/ is used)
Each application has its own sub-directory with temporary read-write use. The directory can be made visible for servlets in the web application using the javax.servlet.context.tempdir servlet context attribute of type
java.io.File as described in the Servlet Specification.
If a child Context defines the workDir property, the Host's workDir is overridden.
|
4.6.2.1. Defining Host Name Aliases
Alias
element to define such network name resolution.
<Host name="www.company.com" ...> ... <Alias>company.com</Alias> ... </Host>
4.6.3. Context
Context
element represents a web application, which runs within a particular virtual host.
/WEB-INF/web.xml
in the web application directory hierarchy).
4.6.3.1. Defining Context
Context
element in some of the following locations depending on the desired behavior:
$JBOSS_SERVER_HOME/conf/context.xml
: the Context element is loaded by all web applications on the server.$JBOSS_SERVER_HOME/conf/enginename/hostname/context.xml
file: the Context element is loaded by all web applications on the host.$JBOSS_SERVER_HOME/conf/enginename/hostname/
directory as individual files with thexml
extension: The name of thexml
file is used as the context path. To define a multi-level context path, separate the domains with the hash sign (that is,#
); for example, thefoo#bar.xml
file will be resolved as the context path/foo/bar
. Define the default web application file as theROOT.xml
file./META-INF/context.xml
in the web application: this context definition is applied only if there is no context file for the application in the$JBOSS_SERVER_HOME/conf/enginename/hostname/
directory.If the web application is deployed as a WAR archive, its/META-INF/context.xml
file is copied to$JBOSS_SERVER_HOME/conf/enginename/hostname/
directory and renamed to match the application's context path. Mind that the file will not be replaced if a new WAR with a newer/META-INF/context.xml
file is placed in the host's appBase.- In a
Host
element in the mainserver.xml
file.
Important
<Context>
element in the server.xml
file. Such context definitions require more invasive approach when modifying the Context configuration since the main $JBOSS_SERVER_HOME/conf/server.xml
file cannot be reloaded without restarting the JBoss Web server.
Table 4.8. Context Element Attributes
Attribute | Description |
---|---|
backgroundProcessorDelay |
Delay between the invocation of the
backgroundProcess method on the context and the invocation of the backgroundProcess method on the child containers of the context (-1 by default and the context relies therefore on the background processing of its parent host)
If set to a positive value, the context produces a thread. The thread waits for the specified amount of time and then invokes the
backgroundProcess method on the context and all its child containers.
If the delay of a child container is not negative, the child container is using its own processing thread.
A context uses background processing to perform session expiration and class monitoring for reloading.
|
className |
Class implementing the Context
This class must implement the org.apache.catalina.Context interface. If not specified, the
org.apache.catalina.core.StandardContext standard value is used.
|
cookies |
Use cookies for session identifier communication if supported by the client (
true by default)
Set to
false if you want to disable the feature. The server relies then only on URL rewriting performed by the application.
|
crossContext |
Returning of the context to other web applications (defines the response sent to the
ServletContext.getContext() call; set to false by default and the request dispatcher is filled with the NULL value)
If set to
true , the context returns the request dispatcher with the ServletContext value to the requesting web application. The requesting web application must run on the same virtual host.
|
docBase |
Document Base, that is the Context Root directory, of the web application or the pathname to the web application archive file
You can define the docBase value as an absolute pathname to the directory or WAR file, or as a pathname relative to the appBase directory of the parent Host.
|
override |
Overriding of explicit settings in the Context element by the corresponding settings in the global or host default contexts (set to use the default context setting)
Set to
true to activate the overriding.
If the
docBase value is defined as a symbolic link, changes to the symbolic link take effect only after the JBoss Web server is restarted or after the context is undeployed and then re-deployed: context reload is not sufficient.
|
privileged |
Enabling/disabling the context to use container servlets, such as the manager servlet
The
privileged attribute changes the context's parent class loader to the Server class loader rather than the Shared class loader (the Common class loader is used for the Server and the Shared class loaders by default).
Set to
true to allow the context to use container servlets.
|
path |
Context path of the web application.
The path is matched against the beginning of each request URI to select the appropriate web application for the request processing. Therefore all context paths within a particular host must be unique.
To use the context as the default web application for the host, specify the context path as an empty string (
"" ). The default web application processes any requests, which could not be assigned to any other Context.
Do not set the value of this field unless you want to define the context statically in
server.xml as its value is inferred from the file names used for the xml context file or the docBase property.
|
reloadable |
Enabling/disabling the monitoring of class changes in
/WEB-INF/classes/ and /WEB-INF/lib and automatic reloading of the web application if a change is detected (false by default).
Note that this feature requires significant runtime overhead and is not recommended for production applications (to reload deployed applications, use the Manager web application).
|
WrapperClass |
Class implementing the org.apache.catalina.Wrapper interface used for servlets in this context
If no value is specified, the standard default value is used.
|
Table 4.9. Additional Element Attributes of the Standard Context Element Implementation (org.apache.catalina.core.StandardContext)
Attribute | Description |
---|---|
allowLinking |
Enabling/disabling the usage of symlinks inside the web application if the symlinks point to resources outside of the web application Base directory (set to
false by default)
Set to
true to allow such symlinks in the web application.
This property must not be set to
true on Windows platforms or any other operating systems with case-insensitive file systems as this can result in various security problem, such as disabling of case sensitivity checks and possible disclosure of JSP source code.
|
antiJARLocking |
Enabling/disabling extra measures for keeping JAR files unlocked even if being accessed through URLs (
false by default)
Enabling this feature prolongs the start time of applications.
|
antiResourceLocking |
Enabling/disabling file locking by JBoss Web (
false by default)
Enabling this features allows full hot deploy and undeploy on platforms or configurations where file locking can occur. However, enabling this feature significantly impacts the start time of applications along with other side effects, such as disabling of JSP reloading in a running server and application deletion on JBoss Web shutdown if the application is outside of the appBase for the Host (in the
webapps directory by default).
|
cacheMaxSize |
Defines the maximum size of the static resource cache in kilobytes (set to
10240 , that is 10 megabytes by default)
|
cacheTTL |
Defines the amount of time in milliseconds between cache entries revalidation (set to
5000 , that is 5 seconds, by default)
|
cachingAllowed |
Enabling the usage of the cache for static resources (set to
true by default)
|
caseSensitive |
Enabling case sensitivity checks (set to
false by default)
Set to
false to disable all case sensitivity checks.
Do not set the property
false on Windows platforms or any operating systems that do not have a case sensitive file system as this might result in various security issues including JSP source code disclosure.
|
processTlds |
Enabling processing of tag library descriptors (TLD) on context start up (set to
true by default)
Set to
false if TLDs are not part of the web application.
|
swallowOutput |
Enabling redirection of System.out and System.err output to the web application logger (
false by default)
Set to
true to redirect the output to the web application logger.
|
tldNamespaceAware |
Enabling the TLD files XML validation to be namespace-aware (
false by default)
The feature is usually enabled along with tldValidation.
|
tldValidation |
Enabling the TLD files XML validation on context start up (
false by default)
|
unloadDelay |
Amount of time (in ms) the container waits for servlets to unload (
2000 ms by default)
|
unpackWAR |
Enabling unpacking of compressed web applications before they are run (
true by default)
|
useNaming |
Enabling a JNDI InitialContext that is compatible with Java Enterprise Edition (JEE) conventions (
true by default)
|
workDir |
Path to a directory provided by this Context for temporary read-write use to the servlets in the associated web application
The directory is visible for servlets in the web application through the javax.servlet.context.tempdir servlet context attribute (of type java.io.File) named as described in the Servlet Specification. If not specified, a suitable directory under
$JBOSS_SERVER_HOME/work/ is provided.
|
Context FAQs
- Q: What is context.xml?
- Q: Why is context.xml placed in WEB-INF in JBoss deployments but META-INF in Tomcat?
- Q: What is the difference between jboss-web.xml and context.xml?
- Q: Why is context.xml needed at all?
- Q: Why is not context.xml usage better documented?
- Q: How do I remove the jsessionid from URLs?
Context FAQs
context.xml
?
context.xml
is a Tomcat configuration file that is used to configure many webapp settings on a per-webapp basis.
context.xml
file in the WEB-INF
directory of your WAR archive.
context.xml
files. They can be found at <JBOSS_HOME>/server/<PROFILE>/deploy/management/console-mgr.sar/web-console.war/WEB-INF/context.xml
and <JBOSS_HOME>/server/<PROFILE>/deploy/jbossweb.sar/context.xml
.
context.xml
placed in WEB-INF
in JBoss deployments but META-INF
in Tomcat?
META-INF
directory however a WEB-INF
directory is required.
jboss-web.xml
and context.xml
?
jboss-web.xml
and context.xml
, there is some confusion over how and when context.xml
should be used.
jboss-web.xml
then the context.xml
equivalent is ignored.
context.xml
needed at all?
context.xml
is that there are some things that are used to configure Tomcat as opposed to the JBoss wrapper around Tomcat. Some examples of ways you would use context.xml
are found here:
context.xml
usage better documented?
context.xml
has no DTD. There is no exhaustive list of possible elements and overlaps with jboss-web.xml
.
path
attribute is the most commonly cited overlap jboss-web.xml
. You should set the context-root
in jboss-web.xml
.
- Create the following JsessionIdRemoveFilter.java in your code base:
import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponseWrapper; public class JsessionIdRemoveFilter implements Filter { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { if (!(req instanceof HttpServletRequest)) { chain.doFilter(req, res); return; } HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; // Redirect requests with JSESSIONID in URL to clean version (old links bookmarked/stored by bots) // This is ONLY triggered if the request did not also contain a JSESSIONID cookie! Which should be fine for bots... if (request.isRequestedSessionIdFromURL()) { String url = request.getRequestURL() .append(request.getQueryString() != null ? "?"+request.getQueryString() : "") .toString(); response.setHeader("Location", url); response.sendError(HttpServletResponse.SC_MOVED_PERMANENTLY); return; } // Prevent rendering of JSESSIONID in URLs for all outgoing links HttpServletResponseWrapper wrappedResponse = new HttpServletResponseWrapper(response) { @Override public String encodeRedirectUrl(String url) { return url; } @Override public String encodeRedirectURL(String url) { return url; } @Override public String encodeUrl(String url) { return url; } @Override public String encodeURL(String url) { return url; } }; chain.doFilter(req, wrappedResponse); } public void destroy() { } public void init(FilterConfig arg0) throws ServletException { } }
- Add the following to the
web.xml
file to have the filter deployed:<filter> <filter-name>JsessionIdRemoveFilter</filter-name> <filter-class>com.example.JsessionIdRemoveFilter</filter-class> </filter> <filter-mapping> <filter-name>JsessionIdRemoveFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
4.7. Nested Components
Realm
, Valve
, Resources
, Manager
, Loader
, and GlobalNamingResources
.
4.7.1. Realm
Realm
element can be defined either in the Engine
element or in the Host
element. It defines the security applied to the received requests and thus integrates the JBoss Web server into JBoss SX.
Realm
element supports the following attributes: TBD
4.7.2. Valve
Valve
element "catches" requests before they are received by the respective container and executes the code defined. The element is nested in the element, which represents the container to catch the requests from; that is Engine
, Host
, or Context
container.
4.7.3. GlobalNamingResources
GlobalNamingResources
element defines the global JNDI resources for the Server.
Environment
element nested in the GlobalNamingResources
element.
<GlobalNamingResources ...> ... <Environment name="maxExemptions" value="10" type="java.lang.Integer" override="false"/> ... </GlobalNamingResources>
Environment
element supports the following attributes:
- description: optional human-readable description of the element
- name: name of the environment entry to be created relative to the
java:comp/env
context - override: Set this to false if you do not want an ___env-entry___ for the same environment entry name, found in the web application deployment descriptor, to override the value specified here. By default, overrides are allowed.
- type: The fully qualified Java class name expected by the web application for this environment entry. Must be one of the legal values for ___env-entry-type____ in the web application deployment descriptor: java.lang.Boolean, java.lang.Byte, java.lang.Character, java.lang.Double, java.lang.Float, java.lang.Integer, java.lang.Long, java.lang.Short, or java.lang.String.
- value: The parameter value that will be presented to the application when requested from the JNDI context. This value must be convertible to the Java type defined by the type attribute.
Chapter 5. Enterprise Applications with EJB3 Services
5.1. Session Beans
@Local public interface MyBeanInt { public String doSomething (String para1, int para2); } @Stateless public class MyBean implements MyBeanInt { public String doSomething (String para1, int para2) { ... implement the logic ... } }
- If the bean is deployed in a standalone JAR file in the
<JBOSS_HOME>/default/deploy
directory, the bean is accessible via local JNDI nameMyBean/local
, whereMyBean
is the implementation class name of the bean as we showed earlier. The "local" JNDI in JBoss Enterprise Application Platform means that the JNDI name is relative tojava:comp/env/
. - If the JAR file containing the bean is packaged in an EAR file, the local JNDI name for the bean is
myapp/MyBean/local
, wheremyapp
is the root name of the EAR archive file (e.g.,myapp.ear
, see later for the EAR packaging of EJB3 beans).
local
to remote
if the bean interface is annotated with @Remote
and the bean is accessed from outside of the server it is deployed on. Below is the code snippet to get a reference of the MyBean bean in a web application (e.g., in a servlet or a JSF backing bean) packaged in myapp.ear
, and then invoke a managed method.
try { InitialContext ctx = new InitialContext(); MyBeanInt bean = (MyBeanInt) ctx.lookup("myapp/MyBean/local"); } catch (Exception e) { e.printStackTrace (); } ... ... String result = bean.doSomething("have fun", 1); ... ...
@LocalBinding
annotation on the bean implementation class. The JNDI binding is always "local" under the java:comp/env/
space. For instance, the following bean class definition results in the bean instances available under JNDI name java:comp/env/MyService/MyOwnName
.
@Stateless @LocalBinding (jndiBinding="MyService/MyOwnName") public class MyBean implements MyBeanInt { public String doSomething (String para1, int para2) { ... implement the logic ... } }
Note
5.2. Entity Beans (a.k.a. Java Persistence API)
@Entity public class Customer { String name; public String getName () { return name; } public void setName (String name) { this.name = name; } int age; public int getAge () { return age; } public void setAge (int age) { this.age = age; } Date signupdate; public Date getSignupdate () { return signupdate; } public void setSignupdate (Date signupdate) { this.signupdate = signupdate; } }
@Entity public class Customer { ... ... Account account; @OneToOne public Account getAccount () { return account; } public void setAccount (Accout account) { this.account = account; } Employee salesRep; @ManyToOne public Employee getSalesRep () { return salesRep; } public void setSalesRep (Employee salesRep) { this.salesRep = salesRep; } Vector <Order> orders; @OneToMany public Vector <Order> getOrders () { return orders; } public void setOrders (Vector <Order> orders) { this.orders = orders; }
@PersistenceContext EntityManager em; Customer customer = new Customer (); // populate data in customer // Save the newly created customer object to DB em.persist (customer); // Increase age by 1 and auto save to database customer.setAge (customer.getAge() + 1); // delete the customer and its related objects from the DB em.remove (customer); // Get all customer records with age > 30 from the DB List <Customer> customers = em.query ( "select c from Customer as c where c.age > 30");
5.2.1. The persistence.xml file
<persistence> <persistence-unit name="myapp"> <provider>org.hibernate.ejb.HibernatePersistence</provider> <jta-data-source>java:/DefaultDS</jta-data-source> <properties> ... ... </properties> </persistence-unit> </persistence>
Note
<persistence> <persistence-unit name="myapp"> <provider>org.hibernate.ejb.HibernatePersistence</provider> <jta-data-source>java:/DefaultDS</jta-data-source> <properties> property name="hibernate.dialect" value="org.hibernate.dialect.HSQLDialect"/> <property name="hibernate.hbm2ddl.auto" value="create-drop"/> </properties> </persistence-unit> </persistence>
5.2.2. Use Alternative Databases
<JBOSS_HOME>/docs/examples/jca
directory in the server.
- Oracle 9i and 10g: org.hibernate.dialect.Oracle9Dialect
- Microsoft SQL Server 2005: org.hibernate.dialect.SQLServerDialect
- PostgresSQL 8.1: org.hibernate.dialect.PostgreSQLDialect
- MySQL 5.0: org.hibernate.dialect.MySQL5Dialect
- DB2 8.0: org.hibernate.dialect.DB2Dialect
- Sybase ASE 12.5: org.hibernate.dialect.SybaseDialect
5.2.3. Default Hibernate Options
persistence.xml
file. The default Hibernate property values are specified in the PersistenceUnitDeployer
bean definition in the JBOSS_HOME/server/PROFILE/deployers/ejb3.deployer/META-INF/jpa-deployers-jboss-beans.xml
file. Below is the code of the bean used in JBoss Enterprise Application Platform 5. Notice the options that are commented out. These are the properties available in the persistence.xml
file.
<bean name="PersistenceUnitDeployer" class="org.jboss.jpa.deployers.PersistenceUnitDeployer"> <property name="defaultPersistenceProperties"> <map keyClass="java.lang.String" valueClass="java.lang.String"> <entry> <key>hibernate.transaction.manager_lookup_class</key> <value>org.hibernate.transaction.JBossTransactionManagerLookup</value> </entry> <!--entry> <key>hibernate.connection.release_mode</key> <value>after_statement</value> </entry--> <!--entry> <key>hibernate.transaction.flush_before_completion</key> <value>false</value> </entry--> <!--entry> <key>hibernate.transaction.auto_close_session</key> <value>false</value> </entry--> <!--entry> <key>hibernate.query.factory_class</key> <value>org.hibernate.hql.ast.ASTQueryTranslatorFactory</value> </entry--> <!--entry> <key>hibernate.hbm2ddl.auto</key> <value>create-drop</value> </entry--> <entry> <key>hibernate.cache.provider_class</key> <value>org.hibernate.cache.HashtableCacheProvider</value> </entry> <!-- Clustered cache with JBoss Cache --> <!--entry> <key>hibernate.cache.region.factory_class</key> <value>org.hibernate.cache.jbc2.JndiMultiplexedJBossCacheRegionFactory</value> </entry> <entry> <key>hibernate.cache.region.jbc2.cachefactory</key> <value>java:CacheManager</value> </entry> <entry> <key>hibernate.cache.region.jbc2.cfg.entity</key> <value>pessimistic-entity</value> </entry> <entry> <key>hibernate.cache.region.jbc2.cfg.query</key> <value>local-query</value> </entry--> <!--entry> <key>hibernate.dialect</key> <value>org.hibernate.dialect.HSQLDialect</value> </entry--> <entry> <key>hibernate.jndi.java.naming.factory.initial</key> <value>org.jnp.interfaces.NamingContextFactory</value> </entry> <entry> <key>hibernate.jndi.java.naming.factory.url.pkgs</key> <value>org.jboss.naming:org.jnp.interfaces</value> </entry> <entry> <key>hibernate.bytecode.use_reflection_optimizer</key> <value>false</value> </entry> <entry> <key>hibernate.bytecode.provider</key> <value>javassist</value> </entry> </map> </property> </bean>
5.3. Message Driven Beans
onMessage()
method, and passes in the message itself for processing. The bean class specifies the JMS queue it listens to in the @MessageDriven annotation. The queue is registered under the local JNDI java:comp/env/ name space.
@MessageDriven(activationConfig = { @ActivationConfigProperty(propertyName="destinationType", propertyValue="javax.jms.Queue"), @ActivationConfigProperty(propertyName="destination", propertyValue="queue/MyQueue") }) public class MyJmsBean implements MessageListener { public void onMessage (Message msg) { // ... do something with the msg ... } // ... ... }
try { InitialContext ctx = new InitialContext(); queue = (Queue) ctx.lookup("queue/MyQueue"); QueueConnectionFactory factory = (QueueConnectionFactory) ctx.lookup("ConnectionFactory"); cnn = factory.createQueueConnection(); sess = cnn.createQueueSession(false, QueueSession.AUTO_ACKNOWLEDGE); } catch (Exception e) { e.printStackTrace (); } TextMessage msg = sess.createTextMessage(...); sender = sess.createSender(queue); sender.send(msg);
5.4. Package and Deploy EJB3 Services
5.4.1. Deploy the EJB3 JAR
<JBOSS_HOME>/server/<JBOSS_HOME>/deploy/
directory, it will be automatically picked up and processed by the server. All the EJB3 beans defined in the JAR file will then be available to other applications deployed inside or outside of the server via JNDI names like MyBean/local
, where MyBean
is the implementation class name for the session bean. The deployment is done via the JBoss EJB3 deployer in <JBOSS_HOME>/server/<PROFILE>/ejb3.deployer/
. The META-INF/persistence.properties
file we discussed earlier to configure the default behavior of EJB3 entity manager is located in the EJB3 deployer.
<JBOSS_HOME>/server/<JBOSS_HOME>/deployers/ejb3.deployer/META-INF/ejb3-deployers-jboss-beans.xml
file, you can tell the EJB3 deployer to ignore JARs you know do not contain EJB3 beans. The non-EJB3 JAR files shipped with the JBoss Enterprise Application Platform are already listed in the jboss.ejb3:service=JarsIgnoredForScanning
MBean service:
... ... <mbean code="org.jboss.ejb3.JarsIgnoredForScanning" name="jboss.ejb3:service=JarsIgnoredForScanning"> <attribute name="IgnoredJars"> snmp-adaptor.jar, otherimages.jar, applet.jar, jcommon.jar, console-mgr-classes.jar, jfreechart.jar, juddi-service.jar, wsdl4j.jar, ... ... servlets-webdav.jar </attribute> </mbean> ... ...
5.4.2. Deploy EAR with EJB3 JAR
application.xml
and jboss-app.xml
. Below is the basic structure of a typical EAR application.
myapp.ear ├── META-INF/ │ ├── application.xml │ └── jboss-app.xml ├── myapp.war/ │ ├── web pages and JSP /JSF pages │ └── WEB-INF │ ├── web.xml │ ├── jboss-web.xml │ ├── faces-config.xml │ ├── ... │ ├── lib/ │ │ └── tag library JARs │ └── classes/ │ └── servlets and other classes used by web pages ├── myapp.jar/ │ ├── EJB3 bean classes │ └── META-INF/ │ ├── ejb-jar.xml │ └── persistence.xml └── lib/ └──Library JARs for the EAR
<application> <display-name>My Application</display-name> <module> <web> <web-uri>myapp.war</web-uri> <context-root>/myapp</context-root> </web> </module> <module> <ejb>myapp.jar</ejb> </module> <library-directory>lib</library-directory> </application>
<jboss-app> <loader-repository> myapp:archive=myapp.ear </loader-repository> </jboss-app>
<JBOSS_HOME>/server/<PROFILE>/deploy/ear-deploy.xml
file. This file contains three attributes as follows.
<server> <mbean code="org.jboss.deployment.EARDeployer" name="jboss.j2ee:service=EARDeployer"> <!-- A flag indicating if ear deployments should have their own scoped class loader to isolate their classes from other deployments. --> <attribute name="Isolated">false</attribute> <!-- A flag indicating if the ear components should have in VM call optimization disabled. --> <attribute name="CallByValue">false</attribute> <!-- A flag the enables the default behavior of the ee5 library-directory. If true, the lib contents of an ear are assumed to be the default value for library-directory in the absence of an explicit library-directory. If false, there must be an explicit library-directory. --> <attribute name="EnablelibDirectoryByDefault">true</attribute> </mbean> </server>
Chapter 6. Logging
6.1. Logging Defaults
<JBOSS_HOME>/server/<PROFILE>/conf/jboss-log4j.xml
deployment descriptor. log4j uses appenders to control its logging behavior. An appender is a directive for where to log information, and how to do it. The jboss-log4j.xml
file contains many sample appenders, including FILE, CONSOLE, and SMTP.
Table 6.1. Common log4j Configuration Directives
Configuration Option | Description |
---|---|
appender
|
The main appender. Gives the name and the implementing class.
|
errorHandler
|
Delegates an external class to handle exceptions passed to the logger, especially if the appender cannot write the log for some reason.
|
param
|
Options specific to the type of appender. In this instance, the <param> is the name of the file that stores the logs for the FILE appender.
|
layout
|
Controls the logging format. Tweak this to work with your log-parsing software of choice.
|
Example 6.1. Sample Appender
<appender name="FILE" class="org.jboss.logging.appender.DailyRollingFileAppender"> <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> <param name="File" value="${jboss.server.log.dir}/server.log"/> <param name="Append" value="true"/> <!-- In AS 5.0.x the server log threshold was set by a system property. In 5.1 and later, the system property sets the priority on the root logger (see <root/> below) <param name="Threshold" value="${jboss.server.log.threshold}"/> --> <!-- Rollover at midnight each day --> <param name="DatePattern" value="'.'yyyy-MM-dd"/> <layout class="org.apache.log4j.PatternLayout"> <!-- The default pattern: Date Priority [Category] (Thread) Message\n --> <param name="ConversionPattern" value="%d %-5p [%c] (%t) %m%n"/> </layout> </appender>
6.2. Component-Specific Logging
6.2.1. SQL Logging with Hibernate
SessionFactory sf = new Configuration() .setProperty("hibernate.show_sql", "true") // ... .buildSessionFactory();
log4j.logger.org.hibernate.SQL=DEBUG, SQL_APPENDER log4j.additivity.org.hibernate.SQL=false
additivity
option controls whether these log messages are propagated upward to parent handlers, and is a matter of preference.
6.2.2. Transaction Service Logging
jbossjta-properties.xml
file, forcing use of the log4j_releveler logger. All INFO
level messages in the transaction code behave as DEBUG
messages. Therefore, these messages are only present in log files if the filter level is DEBUG
. All other log messages behave as normal.
Chapter 7. Deployment
<JBOSS_HOME>/server/<PROFILE>/deploy
directory. Replace default with different server profiles such as all or minimal (server profiles are covered later in this guide). The JBoss Enterprise Application Platform constantly scans the deploy directory to pick up new applications or any changes to existing applications. This enables hot deployment of applications on the fly, while JBoss Enterprise Application Platform is still running.
7.1. Deployable Application Types
- WAR
- The WAR application archive (e.g., myapp.war) packages Java EE web applications in a JAR file. It contains servlet classes, view pages, libraries, and deployment descriptors in WEB-INF such as
web.xml
,faces-config.xml
, andjboss-web.xml
etc.. - EAR
- The EAR application archive (e.g., myapp.ear) packages a Java EE enterprise application in a JAR file. It typically contains a WAR file for the web module, JAR files for EJB modules, as well as META-INF deployment descriptors such as application.xml and jboss-app.xml etc.
Note
According to EJB3 specification, deployment of a persistence unit into an EAR should fail when the unit is outside of the EAR file and the bean attempting to inject the persistence unit is within the EAR. To follow the specification, you need to deploy the persistence unit packaged within the EAR file.However, JBoss Enterprise Application Platform persistence units can exist outside of their EARs. To allow this behavior, modify the bean class of thePersistenceUnitDependencyResolver
bean in the filedeployers/ejb3.deployer/META-INF/jpa-deployer-jboss-beans.xml
under the respective JBoss Enterprise Application Platform server profile:<!-- Can be DefaultPersistenceUnitDependencyResolver for spec compliant resolving, InterApplicationPersistenceUnitDependencyResolver for resolving beyond EARs, or DynamicPersistencePersistenceUnitDependencyResolver which allows configuration via JMX. --> <bean name="PersistenceUnitDependencyResolver" class="org.jboss.jpa.resolvers.DynamicPersistenceUnitDependencyResolver"/>
The bean default value isDynamicPersistenceUnitDependencyResolver
. This resolver allows you to specify the specification-compliant behavior, which can be additionally monitored through an MBean in the JMX Console. To use the spec-noncompliant JBoss variant, set the bean toInterApplicationPersistenceUnitDependencyResolver
. - JBoss Microcontainer
- The JBoss Microcontainer (MC) beans archive (typical suffixes include, .beans, .deployer) packages a POJO deployment in a JAR file with a
META-INF/jboss-beans.xml
descriptor. This format is commonly used by the JBoss Enterprise Application Platform component deployers.You can deploy*-jboss-beans.xml
files with MC beans definitions. If you have the appropriate JAR files available in the deploy or lib directories, the MC beans can be deployed using such a standalone XML file. - SAR
- The SAR application archive (e.g., myservice.sar) packages a JBoss service in a JAR file. It is mostly used by JBoss Enterprise Application Platform internal services that have not been updated to support MC beans style deployments.You can deploy
*-service.xml
files with MBean service definitions. If you have the appropriate JAR files available in the deploy or lib directories, the MBeans specified in the XML files will be started. This is the way you deploy many JBoss Enterprise Application Platform internal services that have not been updated to support POJO style deployment, such as the JMS queues. - DataSource
- The
*-ds.xml
file defines connections to external databases. The data source can then be reused by all applications and services in JBoss Enterprise Application Platform via the internal JNDI. - HAR
- The HAR file defines Hibernate objects for an application. It resembles a SAR file but it contains the Hibernate class and mapping files, and a *-hibernate.xml deployment descriptor in its META-INF directory.
Note
The*-hibernate.xml
takes the same form asjboss-service.xml
.Example 7.1. A Hibernate deployment descriptor (*-hibernate.xml)
<hibernate-configuration xmlns="urn:jboss:hibernate-deployer:1.0"> <session-factory name="java:/hibernate/SessionFactory" bean="jboss.test.har:service=Hibernate,testcase=TimersUnitTestCase"> <property name="datasourceName">OracleDS</property> <property name="dialect">org.hibernate.dialect.OracleDialect</property> <depends>jboss:service=Naming</depends> <depends>jboss:service=TransactionManager</depends> </session-factory> </hibernate-configuration>
- *AR
- You can also deploy JAR files containing EJBs or other service objects directly in JBoss Enterprise Application Platform. The list of suffixes that are recognized as JAR files is specified in the
conf/bootstrap/deployers.xml
JARStructure bean constructor set.
7.1.1. Exploded Deployment
touch
the deployment descriptors (that is the WEB-INF/web.xml
in a WAR and the META-INF/application.xml
in an EAR) to update their timestamps.
7.2. Standard Server Profiles
<JBOSS_HOME>/server/<PROFILE>/
. You can look into each server profile's directory to see the services, applications, and libraries included in the server profile.
Note
<JBOSS_HOME>/server/<PROFILE>
directory depends on the server profile service implementation and is subject to change as the management layer and embedded server evolve.
- all
- The
all
profile provides clustering support and other enterprise extensions. - production
- The production server profile is based on the
all
server profile and provides configuration optimized for production environments. - minimal
- Starts the core server container without any of the enterprise services. Use the
minimal
server profile as a base to build a customized version of JBoss Enterprise Application Platform that only contains the services you need. - default
- The
default
server profile is mostly used by application developers. It supports the standard Java EE 5.0 programming APIs (e.g., Annotations, JPA, and EJB3).Note
Thedefault
server profile is used if a profile is not specified via the command-line or in a configuration file. - standard
- The standard server profile is the server profile that has been tested for Java EE compliance. The major differences with the existing server profiles is that call-by-value and deployment isolation are enabled by default, along with support for
rmiiiop
andjuddi
(taken from the all config). - web
- The web server profile is an experimental, lightweight configuration created around JBoss Web that will follow the developments of the Java EE 6 web server profile. Except for the
servlet/jsp
container, it provides support for JTA/JCA and JPA. It also limits itself to allowing access to the server only through the http port. Please note that this server profile is not Java EE certified and will most likely change in the following releases.
7.2.1. Changing Profile
run.sh -c profile
. For example, run.sh -c all
on Red Hat Enterprise Linux or run.bat -c all
command on Microsoft Windows starts the server in the all server profile.
Important
Server Started
message shown at the console when the server is started using the production
profile. This message can be found in the server.log
file located in the <JBOSS_HOME>/jboss-as/server/production/logs/log
subdirectory.
7.2.2. Creating Your Own Profile
Example 7.2. Example: Create a New Server Profile
messaging
service:
Procedure 7.1.
- Copy a suitable profile directory (
production
, for instance). - Rename the copied directory as desired (myconfig, for example).
- Remove the
messaging
subdirectory from thedeploy
folder. - Start JBoss with the new profile using the command:
run -c myconfig
Note
7.3. Context Root
application.war
archive, which contains JSP pages in a hello
directory, the JSPs in the hello
directory will be available under /application/hello/
.
Procedure 7.2. Rewriting the Default Context Root
- To define a new context root, add the context-root element with the new value to the deployment descriptor of the application:
- To change the context root of a web application, add the context-root element to the
jboss-web.xml
file.Example 7.3. Example jboss-web.xml with a context root defined
<?xml version="1.0"?> <jboss-web> <context-root>/application-root</context-root> </jboss-web>
The URL address for the application on localhost ishttp://localhost:8080/application-root
- To change the context root of a servlet, change the url-pattern element in the
web.xml
file.Example 7.4. Example web.xml with a context root defined
<?xml version="1.0"?> <servlet-mapping> <servlet-name>MapRenderer</servlet-name> <url-pattern>/servlet-root</url-pattern> </servlet-mapping>
The URL address for the servlet on localhost ishttp://localhost:8080/application-root/servlet-root
- To start the server with the REWRITE_CONTEXT_CHECK variable set to
false
, run the following command:run.sh -Dorg.apache.catalina.connector.Response.REWRITE_CONTEXT_CHECK=false
Chapter 8. Microcontainer
Note
Chapter 9. The JNDI Naming Service
queue/IncomingOrders
and need not worry about any of the queue's configuration details.
ProductCatalog
session bean from the cluster without needing to know which machine it resides on. Whether it is a large clustered service, a local resource or an application component that is needed, the JNDI naming service provides the glue that lets code find the objects in the system by name.
9.1. An Overview of JNDI
javax.naming
package. It contains five interfaces, 10 classes, and several exceptions. There is one key class, InitialContext
, and two key interfaces, Context
and Name
9.1.1. Names
/
"). The file's path is ordered from left to right. The pathname /usr/jboss/readme.txt
, for example, names a file readme.txt
in the directory jboss
, under the directory usr
, located in the root of the file system. JBoss Enterprise Application Platform naming uses a Unix-style namespace as its naming convention.
javax.naming.Name
interface represents a generic name as an ordered sequence of components. It can be a composite name (one that spans multiple namespaces), or a compound name (one that is used within a single hierarchical naming system). The components of a name are numbered. The indexes of a name with N components range from 0 up to, but not including, N. The most significant component is at index 0. An empty name has no components.
scp
. For example, the following command copies localfile.txt
to the file remotefile.txt
in the tmp
directory on host ahost.someorg.org
:
scp localfile.txt ahost.someorg.org:/tmp/remotefile.txt
ahost.someorg.org:/tmp/remotefile.txt
is a composite name that spans the DNS and Unix file system namespaces. The components of the composite name are ahost.someorg.org
and /tmp/remotefile.txt
. A component is a string name from the namespace of a naming system. If the component comes from a hierarchical namespace, that component can be further parsed into its atomic parts by using the javax.naming.CompoundName
class. The JNDI API provides the javax.naming.CompositeName
class as the implementation of the Name
interface for composite names.
9.1.2. Contexts
javax.naming.Context
interface is the primary interface for interacting with a naming service. The Context
interface represents a set of name-to-object bindings. Every context has an associated naming convention that determines how the context parses string names into javax.naming.Name
instances. To create a name-to-object binding you invoke the bind method of a Context
and specify a name and an object as arguments. The object can later be retrieved using its name using the Context
lookup method. A Context
will typically provide operations for binding a name to an object, unbinding a name, and obtaining a listing of all name-to-object bindings. The object you bind into a Context
can itself be of type Context
. The Context
object that is bound is referred to as a subcontext of the Context
on which the bind method was invoked.
/usr
, which is a context in the Unix file system. A file directory named relative to another file directory is a subcontext (commonly referred to as a subdirectory). A file directory with a pathname /usr/jboss
names a jboss
context that is a subcontext of usr
. In another example, a DNS domain, such as org
, is a context. A DNS domain named relative to another DNS domain is another example of a subcontext. In the DNS domain jboss.org
, the DNS domain jboss
is a subcontext of org
because DNS names are parsed right to left.
9.1.2.1. Obtaining a Context using InitialContext
Context
interface. Therefore, you need a way to obtain a Context
for the naming service you are interested in using. The javax.naming.IntialContext
class implements the Context
interface, and provides the starting point for interacting with a naming service.
InitialContext
, it is initialized with properties from the environment. JNDI determines each property's value by merging the values from the following two sources, in order.
- The first occurrence of the property from the constructor's environment parameter and (for appropriate properties) the applet parameters and system properties.
- All
jndi.properties
resource files found on the classpath.
jndi.properties
file, which allows your code to externalize the JNDI provider specific information so that changing JNDI providers will not require changes to your code or recompilation.
Context
implementation used internally by the InitialContext
class is determined at runtime. The default policy uses the environment property java.naming.factory.initial
, which contains the class name of the javax.naming.spi.InitialContextFactory
implementation. You obtain the name of the InitialContextFactory
class from the naming service provider you are using.
jndi.properties
file a client application would use to connect to a JBossNS service running on the local host at port 1099. The client application would need to have the jndi.properties
file available on the application classpath. These are the properties that the JBossNS JNDI implementation requires. Other JNDI providers will have different properties and values.
Example 9.1. A sample jndi.properties file
### JBossNS properties java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory java.naming.provider.url=jnp://localhost:1099 java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
9.2. The JBoss Naming Service Architecture
javax.naming.Context
interface. It is a client/server implementation that can be accessed remotely. The implementation is optimized so that access from within the same VM in which the JBossNS server is running does not involve sockets. Same VM access occurs through an object reference available as a global singleton. Figure 9.1, “Key components in the JBoss Naming Service architecture.” illustrates some of the key classes in the JBossNS implementation and their relationships.

Figure 9.1. Key components in the JBoss Naming Service architecture.
NamingService
MBean. The NamingService
MBean provides the JNDI naming service. This is a key service used pervasively by the J2EE technology components. The configurable attributes for the NamingService
are as follows.
- Port: The jnp protocol listening port for the
NamingService
. If not specified default is 1099, the same as the RMI registry default port. - RmiPort: The RMI port on which the RMI Naming implementation will be exported. If not specified the default is 0 which means use any available port.
- BindAddress: The specific address the
NamingService
listens on. This can be used on a multi-homed host for ajava.net.ServerSocket
that will only accept connect requests on one of its addresses. - RmiBindAddress: The specific address the RMI server portion of the
NamingService
listens on. This can be used on a multi-homed host for ajava.net.ServerSocket
that will only accept connect requests on one of its addresses. If this is not specified and theBindAddress
is, theRmiBindAddress
defaults to theBindAddress
value. - Backlog: The maximum queue length for incoming connection indications (a request to connect) is set to the
backlog
parameter. If a connection indication arrives when the queue is full, the connection is refused. - ClientSocketFactory: An optional custom
java.rmi.server.RMIClientSocketFactory
implementation class name. If not specified the defaultRMIClientSocketFactory
is used. - ServerSocketFactory: An optional custom
java.rmi.server.RMIServerSocketFactory
implementation class name. If not specified the defaultRMIServerSocketFactory
is used. - JNPServerSocketFactory: An optional custom
javax.net.ServerSocketFactory
implementation class name. This is the factory for theServerSocket
used to bootstrap the download of the JBoss Naming ServiceNaming
interface. If not specified thejavax.net.ServerSocketFactory.getDefault()
method value is used.
NamingService
also creates the java:comp
context such that access to this context is isolated based on the context class loader of the thread that accesses the java:comp
context. This provides the application component private ENC that is required by the J2EE specs. This segregation is accomplished by binding a javax.naming.Reference
to a context that uses the org.jboss.naming.ENCFactory
as its javax.naming.ObjectFactory
. When a client performs a lookup of java:comp
, or any subcontext, the ENCFactory
checks the thread context ClassLoader
, and performs a lookup into a map using the ClassLoader
as the key.
ENCFactory
map. Thus, correct isolation of an application component's ENC relies on each component receiving a unique ClassLoader
that is associated with the component threads of execution.
NamingService
delegates its functionality to an org.jnp.server.Main
MBean. The reason for the duplicate MBeans is because JBoss Naming Service started out as a stand-alone JNDI implementation, and can still be run as such. The NamingService
MBean embeds the Main
instance into the server so that usage of JNDI with the same VM as the server does not incur any socket overhead. The configurable attributes of the NamingService are really the configurable attributes of the JBoss Naming Service Main
MBean. The setting of any attributes on the NamingService
MBean simply set the corresponding attributes on the Main
MBean the NamingService
contains. When the NamingService
is started, it starts the contained Main
MBean to activate the JNDI naming service.
NamingService
exposes the Naming
interface operations through a JMX detyped invoke operation. This allows the naming service to be accessed via JMX adaptors for arbitrary protocols. We will look at an example of how HTTP can be used to access the naming service using the invoke operation later in this chapter.
Main
MBean is started, it performs the following tasks:
- Instantiates an
org.jnp.naming.NamingService
instance and sets this as the local VM server instance. This is used by anyorg.jnp.interfaces.NamingContext
instances that are created within the server VM to avoid RMI calls over TCP/IP. - Exports the
NamingServer
instance'sorg.jnp.naming.interfaces.Naming
RMI interface using the configuredRmiPort
,ClientSocketFactory
,ServerSocketFactory
attributes. - Creates a socket that listens on the interface given by the
BindAddress
andPort
attributes. - Spawns a thread to accept connections on the socket.
9.3. The Naming InitialContext Factories
InitialContext
factory implementations.
9.3.1. The standard naming context factory
org.jnp.interfaces.NamingContextFactory
implementation. Its properties include:
- java.naming.factory.initial: The name of the environment property for specifying the initial context factory to use. The value of the property should be the fully qualified class name of the factory class that will create an initial context. If it is not specified, a
javax.naming.NoInitialContextException
will be thrown when anInitialContext
object is created. - java.naming.provider.url: The name of the environment property for specifying the location of the JBoss JNDI service provider the client will use. The
NamingContextFactory
class uses this information to know which JBossNS server to connect to. The value of the property should be a URL string. For JBossNS the URL format isjnp://host:port/[jndi_path]
. Thejnp:
portion of the URL is the protocol and refers to the socket/RMI based protocol used by JBoss. Thejndi_path
portion of the URL is an optional JNDI name relative to the root context, for example,apps
orapps/tmp
. Everything but the host component is optional. The following examples are equivalent because the default port value is 1099.jnp://www.jboss.org:1099/
www.jboss.org:1099
www.jboss.org
- java.naming.factory.url.pkgs: The name of the environment property for specifying the list of package prefixes to use when loading in URL context factories. The value of the property should be a colon-separated list of package prefixes for the class name of the factory class that will create a URL context factory. For the JBoss JNDI provider this must be
org.jboss.naming:org.jnp.interfaces
. This property is essential for locating thejnp:
andjava:
URL context factories of the JBoss JNDI provider. - jnp.socketFactory: The fully qualified class name of the
javax.net.SocketFactory
implementation to use to create the bootstrap socket. The default value isorg.jnp.interfaces.TimedSocketFactory
. TheTimedSocketFactory
is a simpleSocketFactory
implementation that supports the specification of a connection and read timeout. These two properties are specified by: - jnp.timeout: The connection timeout in milliseconds. The default value is 0 which means the connection will block until the VM TCP/IP layer times out.
- jnp.sotimeout: The connected socket read timeout in milliseconds. The default value is 0 which means reads will block. This is the value passed to the
Socket.setSoTimeout
on the newly connected socket.
InitialContext
with these JBossNS properties available, the org.jnp.interfaces.NamingContextFactory
object is used to create the Context
instance that will be used in subsequent operations. The NamingContextFactory
is the JBossNS implementation of the javax.naming.spi.InitialContextFactory
interface. When the NamingContextFactory
class is asked to create a Context
, it creates an org.jnp.interfaces.NamingContext
instance with the InitialContext
environment and name of the context in the global JNDI namespace. It is the NamingContext
instance that actually performs the task of connecting to the JBossNS server, and implements the Context
interface. The Context.PROVIDER_URL
information from the environment indicates from which server to obtain a NamingServer
RMI reference.
NamingContext
instance to a NamingServer
instance is done in a lazy fashion on the first Context
operation that is performed. When a Context
operation is performed and the NamingContext
has no NamingServer
associated with it, it looks to see if its environment properties define a Context.PROVIDER_URL
. A Context.PROVIDER_URL
defines the host and port of the JBossNS server the Context
is to use. If there is a provider URL, the NamingContext
first checks to see if a Naming
instance keyed by the host and port pair has already been created by checking a NamingContext
class static map. It simply uses the existing Naming
instance if one for the host port pair has already been obtained. If no Naming
instance has been created for the given host and port, the NamingContext
connects to the host and port using a java.net.Socket
, and retrieves a Naming
RMI stub from the server by reading a java.rmi.MarshalledObject
from the socket and invoking its get method. The newly obtained Naming instance is cached in the NamingContext
server map under the host and port pair. If no provider URL was specified in the JNDI environment associated with the context, the NamingContext
simply uses the in VM Naming instance set by the Main
MBean.
NamingContext
implementation of the Context
interface delegates all operations to the Naming
instance associated with the NamingContext
. The NamingServer
class that implements the Naming
interface uses a java.util.Hashtable
as the Context
store. There is one unique NamingServer
instance for each distinct JNDI Name for a given JBossNS server. There are zero or more transient NamingContext
instances active at any given moment that refers to a NamingServer
instance. The purpose of the NamingContext
is to act as a Context
to the Naming
interface adaptor that manages translation of the JNDI names passed to the NamingContext
. Because a JNDI name can be relative or a URL, it needs to be converted into an absolute name in the context of the JBossNS server to which it refers. This translation is a key function of the NamingContext
.
9.3.2. The org.jboss.naming.NamingContextFactory
InitialContextFactory
implementation is a simple extension of the jnp version which differs from the jnp version in that it stores the last configuration passed to its InitialContextFactory.getInitialContext(Hashtable env)
method in a public thread local variable. This is used by EJB handles and other JNDI sensitive objects like the UserTransaction
factory to keep track of the JNDI context that was in effect when they were created. If you want this environment to be bound to the object even after its serialized across vm boundaries, then you should the org.jboss.naming.NamingContextFactory
. If you want the environment that is defined in the current VM jndi.properties
or system properties, then you should use the org.jnp.interfaces.NamingContextFactory
version.
9.3.3. Naming Discovery in Clustered Environments
Context.PROVIDER_URL
value and let the client query the network for available naming services. This only works with servers running with the all
server profile, or an equivalent server profile that has org.jboss.ha.framework.server.ClusterPartition
and org.jboss.ha.jndi.HANamingService
services deployed. The discovery process consists of sending a multicast request packet to the discovery address/port and waiting for any node to respond. The response is a HA-RMI version of the Naming
interface. The following InitialContext
properties affect the discovery configuration:
- jnp.partitionName: The cluster partition name discovery should be restricted to. If you are running in an environment with multiple clusters, you may want to restrict the naming discovery to a particular cluster. There is no default value, meaning that any cluster response will be accepted.
- jnp.discoveryGroup: The multicast IP/address to which the discovery query is sent. The default is 230.0.0.4.
- jnp.discoveryPort: The port to which the discovery query is sent. The default is 1102.
- jnp.discoveryTimeout: The time in milliseconds to wait for a discovery query response. The default value is 5000 (5 seconds).
- jnp.disableDiscovery: A flag indicating if the discovery process should be avoided. Discovery occurs when either no
Context.PROVIDER_URL
is specified, or no valid naming service could be located among the URLs specified. If thejnp.disableDiscovery
flag is true, then discovery will not be attempted.
9.3.4. The HTTP InitialContext Factory Implementation
Context
interface. Operations through the Context
interface are translated into HTTP posts to a servlet that passes the request to the NamingService using its JMX invoke operation. Advantages of using HTTP as the access protocol include better access through firewalls and proxies setup to allow HTTP, as well as the ability to secure access to the JNDI service using standard servlet role based security.
org.jboss.naming.HttpNamingContextFactory
as the factory implementation. The complete set of support InitialContext
environment properties for this factory are:
- java.naming.factory.initial: The name of the environment property for specifying the initial context factory, which must be
org.jboss.naming.HttpNamingContextFactory
. - java.naming.provider.url (or
Context.PROVIDER_URL
): This must be set to the HTTP URL of the JNDI factory. The full HTTP URL would be the public URL of the JBoss servlet container plus/invoker/JNDIFactory
. Examples include:http://www.jboss.org:8080/invoker/JNDIFactory
http://www.jboss.org/invoker/JNDIFactory
https://www.jboss.org/invoker/JNDIFactory
The first example accesses the servlet using the port 8080. The second uses the standard HTTP port 80, and the third uses an SSL encrypted connection to the standard HTTPS port 443. - java.naming.factory.url.pkgs: For all JBoss JNDI provider this must be
org.jboss.naming:org.jnp.interfaces
. This property is essential for locating thejnp:
andjava:
URL context factories of the JBoss JNDI provider.
Context
implementation returned by the HttpNamingContextFactory
is a proxy that delegates invocations made on it to a bridge servlet which forwards the invocation to the NamingService
through the JMX bus and marshals the reply back over HTTP. The proxy needs to know what the URL of the bridge servlet is in order to operate. This value may have been bound on the server side if the JBoss web server has a well known public interface. If the JBoss web server is sitting behind one or more firewalls or proxies, the proxy cannot know what URL is required. In this case, the proxy will be associated with a system property value that must be set in the client VM. For more information on the operation of JNDI over HTTP see Section 9.4.1, “Accessing JNDI over HTTP”.
Note
9.3.5. The Login InitialContext Factory Implementation
InitialContext
. JAAS is still used under the covers, but there is no manifest use of the JAAS interfaces in the client application.
org.jboss.security.jndi.LoginInitialContextFactory
. The complete set of support InitialContext
environment properties for this factory are:
- java.naming.factory.initial: The name of the environment property for specifying the initial context factory, which must be
org.jboss.security.jndi.LoginInitialContextFactory
. - java.naming.provider.url: This must be set to a
NamingContextFactory
provider URL. TheLoginIntialContext
is really just a wrapper around theNamingContextFactory
that adds a JAAS login to the existingNamingContextFactory
behavior. - java.naming.factory.url.pkgs: For all JBoss JNDI provider this must be
org.jboss.naming:org.jnp.interfaces
. This property is essential for locating thejnp:
andjava:
URL context factories of the JBoss JNDI provider. - java.naming.security.principal (or
Context.SECURITY_PRINCIPAL
): The principal to authenticate. This may be either ajava.security.Principal
implementation or a string representing the name of a principal. - java.naming.security.credentials (or
Context.SECURITY_CREDENTIALS
), The credentials that should be used to authenticate the principal, e.g., password, session key, etc. - java.naming.security.protocol: (
Context.SECURITY_PROTOCOL
) This gives the name of the JAAS login module to use for the authentication of the principal and credentials.
9.3.6. The ORBInitialContextFactory
deploy/iiop-service.xml?
. It is necessary to set the global context factory to org.jboss.iiop.naming.ORBInitialContextFactory
, which sets the ORB to JBoss's ORB. This is done in the conf/jndi.properties
file:
# DO NOT EDIT THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING # java.naming.factory.initial=org.jboss.iiop.naming.ORBInitialContextFactory java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
ORBInitialContextFactory
when using CosNaming in an application client.
9.4. JNDI over HTTP
9.4.1. Accessing JNDI over HTTP
http-invoker.sar
. The structure of the http-invoker.sar
is:
http-invoker.sar ├── invoker.war │ └── WEB-INF │ ├── classes │ │ └── org │ │ └── jboss │ │ └── invocation │ │ └── http │ │ └── servlet │ │ ├── InvokerServlet.class │ │ ├── InvokerServlet$GetCredentialAction.class │ │ ├── InvokerServlet$GetPrincipalAction.class │ │ ├── NamingFactoryServlet.class │ │ └── ReadOnlyAccessFilter.class │ ├── jboss-web.xml │ └── web.xml └── META-INF └── jboss-service.xml
jboss-service.xml
descriptor defines the HttpInvoker
and HttpInvokerHA
MBeans. These services handle the routing of methods invocations that are sent via HTTP to the appropriate target MBean on the JMX bus.
http-invoker.war
web application contains servlets that handle the details of the HTTP transport. The NamingFactoryServlet
handles creation requests for the JBoss JNDI naming service javax.naming.Context
implementation. The InvokerServlet
handles invocations made by RMI/HTTP clients. The ReadOnlyAccessFilter
allows one to secure the JNDI naming service while making a single JNDI context available for read-only access by unauthenticated clients.

Figure 9.2. The HTTP invoker proxy/server structure for a JNDI Context
http-invoker
services. Figure 9.2, “The HTTP invoker proxy/server structure for a JNDI Context” shows a logical view of the structure of a JBoss JNDI proxy and its relationship to the server side components of the http-invoker
. The proxy is obtained from the NamingFactoryServlet
using an InitialContext
with the Context.INITIAL_CONTEXT_FACTORY
property set to org.jboss.naming.HttpNamingContextFactory
, and the Context.PROVIDER_URL
property set to the HTTP URL of the NamingFactoryServlet
. The resulting proxy is embedded in an org.jnp.interfaces.NamingContext
instance that provides the Context
interface implementation.
org.jboss.invocation.http.interfaces.HttpInvokerProxy
, and implements the org.jnp.interfaces.Naming
interface. Internally the HttpInvokerProxy
contains an invoker that marshals the Naming
interface method invocations to the InvokerServlet
via HTTP posts. The InvokerServlet
translates these posts into JMX invocations to the NamingService
, and returns the invocation response back to the proxy in the HTTP post response.

Figure 9.3. The relationship between configuration files and JNDI/HTTP component
http-invoker.sar/META-INF/jboss-service.xml
descriptor defines the HttpProxyFactory
that creates the HttpInvokerProxy
for the NamingService
. The attributes that need to be configured for the HttpProxyFactory
include:
- InvokerName: The JMX
ObjectName
of theNamingService
defined in theconf/jboss-service.xml
descriptor. The standard setting used in the JBoss distributions isjboss:service=Naming
. - InvokerURL or InvokerURLPrefix + InvokerURLSuffix + UseHostName. You can specify the full HTTP URL to the
InvokerServlet
using theInvokerURL
attribute, or you can specify the hostname independent parts of the URL and have theHttpProxyFactory
fill them in. An exampleInvokerURL
value would behttp://jbosshost1.dot.com:8080/invoker/JMXInvokerServlet
. This can be broken down into:- InvokerURLPrefix: the URL prefix prior to the hostname. Typically this will be
http://
orhttps://
if SSL is to be used. - InvokerURLSuffix: the URL suffix after the hostname. This will include the port number of the web server as well as the deployed path to the
InvokerServlet
. For the exampleInvokerURL
value theInvokerURLSuffix
would be:8080/invoker/JMXInvokerServlet
without the quotes. The port number is determined by the web container service settings. The path to theInvokerServlet
is specified in thehttp-invoker.sar/invoker.war/WEB-INF/web.xml
descriptor. - UseHostName: a flag indicating if the hostname should be used in place of the host IP address when building the hostname portion of the full
InvokerURL
. If true,InetAddress.getLocalHost().getHostName
method will be used. Otherwise, theInetAddress.getLocalHost().getHostAddress()
method is used.
- ExportedInterface: The
org.jnp.interfaces.Naming
interface the proxy will expose to clients. The actual client of this proxy is the JBoss JNDI implementationNamingContext
class, which JNDI client obtain fromInitialContext
lookups when using the JBoss JNDI provider. - JndiName: The name in JNDI under which the proxy is bound. This needs to be set to a blank/empty string to indicate the interface should not be bound into JNDI. We can not use the JNDI to bootstrap itself. This is the role of the
NamingFactoryServlet
.
http-invoker.sar/invoker.war/WEB-INF/web.xml
descriptor defines the mappings of the NamingFactoryServlet
and InvokerServlet
along with their initialization parameters. The configuration of the NamingFactoryServlet
relevant to JNDI/HTTP is the JNDIFactory
entry which defines:
- A
namingProxyMBean
initialization parameter that maps to theHttpProxyFactory
MBean name. This is used by theNamingFactoryServlet
to obtain theNaming
proxy which it will return in response to HTTP posts. For the defaulthttp-invoker.sar/META-INF/jboss-service.xml
settings the namejboss:service=invoker,type=http,target=Naming
. - A proxy initialization parameter that defines the name of the
namingProxyMBean
attribute to query for the Naming proxy value. This defaults to an attribute name ofProxy
. - The servlet mapping for the
JNDIFactory
configuration. The default setting for the unsecured mapping is/JNDIFactory/*
. This is relative to the context root of thehttp-invoker.sar/invoker.war
, which by default is the WAR name minus the.war
suffix.
InvokerServlet
relevant to JNDI/HTTP is the JMXInvokerServlet
which defines:
- The servlet mapping of the
InvokerServlet
. The default setting for the unsecured mapping is/JMXInvokerServlet/*
. This is relative to the context root of thehttp-invoker.sar/invoker.war
, which by default is the WAR name minus the.war
suffix.
9.4.2. Accessing JNDI over HTTPS
HttpProxyFactory
setup to use an HTTPS URL. The following example shows the section of the http-invoker.sar
jboss-service.xml
descriptor that the example installs to provide this configuration. All that has changed relative to the standard HTTP configuration are the InvokerURLPrefix
and InvokerURLSuffix
attributes, which setup an HTTPS URL using the 8443 port.
<!-- Expose the Naming service interface via HTTPS --> <mbean code="org.jboss.invocation.http.server.HttpProxyFactory" name="jboss:service=invoker,type=https,target=Naming"> <!-- The Naming service we are proxying --> <attribute name="InvokerName">jboss:service=Naming</attribute> <!-- Compose the invoker URL from the cluster node address --> <attribute name="InvokerURLPrefix">https://</attribute> <attribute name="InvokerURLSuffix">:8443/invoker/JMXInvokerServlet </attribute> <attribute name="UseHostName">true</attribute> <attribute name="ExportedInterface">org.jnp.interfaces.Naming </attribute> <attribute name="JndiName"/> <attribute name="ClientInterceptors"> <interceptors> <interceptor>org.jboss.proxy.ClientMethodInterceptor </interceptor> <interceptor>org.jboss.proxy.SecurityInterceptor </interceptor> <interceptor>org.jboss.naming.interceptors.ExceptionInterceptor </interceptor> <interceptor>org.jboss.invocation.InvokerInterceptor </interceptor> </interceptors> </attribute> </mbean>
- A protocol handler for HTTPS URLs must be made available to Java. The JSSE release includes an HTTPS handler in the
com.sun.net.ssl.internal.www.protocol
package. To enable the use of HTTPS URLs you include this package in the standard URL protocol handler search property,java.protocol.handler.pkgs
. We set thejava.protocol.handler.pkgs
property in the Ant script. - The JSSE security provider must be installed in order for SSL to work. This can be done either by installing the JSSE jars as an extension package, or programatically. We use the programmatic approach in the example since this is less intrusive. Line 18 of the
ExClient
code demonstrates how this is done. - The JNDI provider URL must use HTTPS as the protocol. Lines 24-25 of the
ExClient
code specify an HTTP/SSL connection to the localhost on port 8443. The hostname and port are defined by the web container SSL connector. - The validation of the HTTPS URL hostname against the server certificate must be disabled. By default, the JSSE HTTPS protocol handler employs a strict validation of the hostname portion of the HTTPS URL against the common name of the server certificate. This is the same check done by web browsers when you connect to secured web site. We are using a self-signed server certificate that uses a common name of "
Chapter 8 SSL Example
" rather than a particular hostname, and this is likely to be common in development environments or intranets. The JBossHttpInvokerProxy
will override the default hostname checking if aorg.jboss.security.ignoreHttpsHost
system property exists and has a value of true. We set theorg.jboss.security.ignoreHttpsHost
property to true in the Ant script.
Example 9.2. A JNDI client that uses HTTPS as the transport
package org.jboss.chap3.ex1; import java.security.Security; import java.util.Properties; import javax.naming.Context; import javax.naming.InitialContext; public class ExClient { public static void main(String args[]) throws Exception { Properties env = new Properties(); env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory"); env.setProperty(Context.PROVIDER_URL, "https://localhost:8443/invoker/JNDIFactorySSL"); Context ctx = new InitialContext(env); System.out.println("Created InitialContext, env=" + env); Object data = ctx.lookup("jmx/invoker/RMIAdaptor"); System.out.println("lookup(jmx/invoker/RMIAdaptor): " + data); } }
chap3
configuration fileset.
[examples]$ ant -Dchap=naming config
naming
configuration fileset:
[bin]$ sh run.sh -c naming
ExClient
using:
[examples]$ ant -Dchap=naming -Dex=1 run-example ... run-example1: [java] Created InitialContext, env={java.naming. \ provider.url=https://localhost:8443/invoker/JNDIFactorySSL, java.naming. \ factory.initial=org.jboss.naming.HttpNamingContextFactory} [java] lookup(jmx/invoker/RMIAdaptor): org.jboss.invocation.jrmp. \ interfaces.JRMPInvokerP roxy@cac3fa
9.4.3. Securing Access to JNDI over HTTP
InitialContext
factory as well as the naming operations using standard web declarative security. This is possible because the server side handling of the JNDI/HTTP transport is implemented with two servlets. These servlets are included in the http-invoker.sar/invoker.war
directory found in the default
and all
server profile deploy directories as shown previously. To enable secured access to JNDI you need to edit the invoker.war/WEB-INF/web.xml
descriptor and remove all unsecured servlet mappings. For example, the web.xml
descriptor shown in Example 9.3, “An example web.xml descriptor for secured access to the JNDI servlets” only allows access to the invoker.war
servlets if the user has been authenticated and has a role of HttpInvoker
.
Example 9.3. An example web.xml descriptor for secured access to the JNDI servlets
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <!-- ### Servlets --> <servlet> <servlet-name>JMXInvokerServlet</servlet-name> <servlet-class> org.jboss.invocation.http.servlet.InvokerServlet </servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet> <servlet-name>JNDIFactory</servlet-name> <servlet-class> org.jboss.invocation.http.servlet.NamingFactoryServlet </servlet-class> <init-param> <param-name>namingProxyMBean</param-name> <param-value>jboss:service=invoker,type=http,target=Naming</param-value> </init-param> <init-param> <param-name>proxyAttribute</param-name> <param-value>Proxy</param-value> </init-param> <load-on-startup>2</load-on-startup> </servlet> <!-- ### Servlet Mappings --> <servlet-mapping> <servlet-name>JNDIFactory</servlet-name> <url-pattern>/restricted/JNDIFactory/*</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>JMXInvokerServlet</servlet-name> <url-pattern>/restricted/JMXInvokerServlet/*</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>HttpInvokers</web-resource-name> <description>An example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets </description> <url-pattern>/restricted/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>HttpInvoker</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>JBoss HTTP Invoker</realm-name> </login-config> <security-role> <role-name>HttpInvoker</role-name> </security-role> </web-app>
web.xml
descriptor only defines which servlets are secured, and which roles are allowed to access the secured servlets. You must additionally define the security domain that will handle the authentication and authorization for the war. This is done through the jboss-web.xml
descriptor, and an example that uses the http-invoker
security domain is given below.
<jboss-web> <security-domain>java:/jaas/http-invoker</security-domain> </jboss-web>
security-domain
element defines the name of the security domain that will be used for the JAAS login module configuration used for authentication and authorization.
9.4.4. Securing Access to JNDI with a Read-Only Unsecured Context
SRPLoginModule
needs to lookup the SRP server interface used to perform authentication. The rest of this section explains how read-only works in JBoss Enterprise Application Platform.
ReadOnlyJNDIFactory
is declared in invoker.sar/WEB-INF/web.xml
. It will be mapped to /invoker/ReadOnlyJNDIFactory
.
<servlet>
<servlet-name>ReadOnlyJNDIFactory</servlet-name>
<description>A servlet that exposes the JBoss JNDI Naming service stub
through http, but only for a single read-only context. The return content
is serialized MarshalledValue containing the org.jnp.interfaces.Naming
stub.
</description>
<servlet-class>org.jboss.invocation.http.servlet.NamingFactoryServlet</servlet-class>
<init-param>
<param-name>namingProxyMBean</param-name>
<param-value>jboss:service=invoker,type=http,target=Naming,readonly=true</param-value>
</init-param>
<init-param>
<param-name>proxyAttribute</param-name>
<param-value>Proxy</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<!-- ... -->
<servlet-mapping>
<servlet-name>ReadOnlyJNDIFactory</servlet-name>
<url-pattern>/ReadOnlyJNDIFactory/*</url-pattern>
</servlet-mapping>
jboss:service=invoker,type=http,target=Naming,readonly=true
. This invoker is declared in the http-invoker.sar/META-INF/jboss-service.xml
file.
<mbean code="org.jboss.invocation.http.server.HttpProxyFactory"
name="jboss:service=invoker,type=http,target=Naming,readonly=true">
<attribute name="InvokerName">jboss:service=Naming</attribute>
<attribute name="InvokerURLPrefix">http://</attribute>
<attribute name="InvokerURLSuffix">:8080/invoker/readonly/JMXInvokerServlet</attribute>
<attribute name="UseHostName">true</attribute>
<attribute name="ExportedInterface">org.jnp.interfaces.Naming</attribute>
<attribute name="JndiName"></attribute>
<attribute name="ClientInterceptors">
<interceptors>
<interceptor>org.jboss.proxy.ClientMethodInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
<interceptor>org.jboss.naming.interceptors.ExceptionInterceptor</interceptor>
<interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
</interceptors>
</attribute>
</mbean>
/invoker/readonly/JMXInvokerServlet
. This is actually the standard JMXInvokerServlet
with a read-only filter attached.
<filter>
<filter-name>ReadOnlyAccessFilter</filter-name>
<filter-class>org.jboss.invocation.http.servlet.ReadOnlyAccessFilter</filter-class>
<init-param>
<param-name>readOnlyContext</param-name>
<param-value>readonly</param-value>
<description>The top level JNDI context the filter will enforce
read-only access on. If specified only Context.lookup operations
will be allowed on this context. Another other operations or
lookups on any other context will fail. Do not associate this
filter with the JMXInvokerServlets if you want unrestricted
access. </description>
</init-param>
<init-param>
<param-name>invokerName</param-name>
<param-value>jboss:service=Naming</param-value>
<description>The JMX ObjectName of the naming service mbean </description>
</init-param>
</filter>
<filter-mapping>
<filter-name>ReadOnlyAccessFilter</filter-name>
<url-pattern>/readonly/*</url-pattern>
</filter-mapping>
<!-- ... -->
<!-- A mapping for the JMXInvokerServlet that only allows invocations
of lookups under a read-only context. This is enforced by the
ReadOnlyAccessFilter
-->
<servlet-mapping>
<servlet-name>JMXInvokerServlet</servlet-name>
<url-pattern>/readonly/JMXInvokerServlet/*</url-pattern>
</servlet-mapping>
readOnlyContext
parameter is set to readonly
which means that when you access JBoss through the ReadOnlyJNDIFactory
, you will only be able to access data in the readonly
context. Here is a code fragment that illustrates the usage:
Properties env = new Properties(); env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory"); env.setProperty(Context.PROVIDER_URL, "http://localhost:8080/invoker/ReadOnlyJNDIFactory"); Context ctx2 = new InitialContext(env); Object data = ctx2.lookup("readonly/data");
readonly
context, so the readonly context will not be bound usable unless you create it.
9.5. Additional Naming MBeans
NamingService
MBean that configures an embedded JBossNS server within JBoss, there are several additional MBean services related to naming that ship with JBoss. They are JndiBindingServiceMgr
, NamingAlias
, ExternalContext
, and JNDIView
.
9.5.1. JNDI Binding Manager
org.jboss.naming.JNDIBindingServiceMgr
. It has a single attribute, BindingsConfig
, which accepts an XML document that conforms to the jndi-binding-service_1_0.xsd
schema. The content of the BindingsConfig
attribute is unmarshaled using the JBossXB framework. The following is an MBean definition that shows the most basic form usage of the JNDI binding manager service.
<mbean code="org.jboss.naming.JNDIBindingServiceMgr" name="jboss.tests:name=example1"> <attribute name="BindingsConfig" serialDataType="jbxb"> <jndi:bindings xmlns:xs="http://www.w3.org/2001/XMLSchema-instance" xmlns:jndi="urn:jboss:jndi-binding-service:1.0" xs:schemaLocation="urn:jboss:jndi-binding-service \ resource:jndi-binding-service_1_0.xsd"> <jndi:binding name="bindexample/message"> <jndi:value trim="true"> Hello, JNDI! </jndi:value> </jndi:binding> </jndi:bindings> </attribute> </mbean>
Hello, JNDI!
" under the JNDI name bindexample/message
. An application would look up the value just as it would for any other JNDI value. The trim
attribute specifies that leading and trailing whitespace should be ignored. The use of the attribute here is purely for illustrative purposes as the default value is true.
InitialContext ctx = new InitialContext(); String text = (String) ctx.lookup("bindexample/message");
type
attribute
<jndi:binding name="urls/jboss-home"> <jndi:value type="java.net.URL">http://www.jboss.org</jndi:value> </jndi:binding>
editor
attribute can be used to specify a particular property editor to use.
<jndi:binding name="hosts/localhost"> <jndi:value editor="org.jboss.util.propertyeditor.InetAddressEditor"> 127.0.0.1 </jndi:value> </jndi:binding>
java.util.Properties
object would be mapped.
<jndi:binding name="maps/testProps"> <java:properties xmlns:java="urn:jboss:java-properties" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance" xs:schemaLocation="urn:jboss:java-properties \ resource:java-properties_1_0.xsd"> <java:property> <java:key>key1</java:key> <java:value>value1</java:value> </java:property> <java:property> <java:key>key2</java:key> <java:value>value2</java:value> </java:property> </java:properties> </jndi:binding>
9.5.2. The org.jboss.naming.NamingAlias MBean
NamingAlias
MBean is a simple utility service that allows you to create an alias in the form of a JNDI javax.naming.LinkRef
from one JNDI name to another. This is similar to a symbolic link in the Unix file system. To an alias you add a configuration of the NamingAlias
MBean to the jboss-service.xml
configuration file. The configurable attributes of the NamingAlias
service are as follows:
- FromName: The location where the
LinkRef
is bound under JNDI. - ToName: The to name of the alias. This is the target name to which the
LinkRef
refers. The name is a URL, or a name to be resolved relative to theInitialContext
, or if the first character of the name is a dot (.
), the name is relative to the context in which the link is bound.
QueueConnectionFactory
to the name ConnectionFactory
.
<mbean code="org.jboss.naming.NamingAlias" name="jboss.mq:service=NamingAlias,fromName=QueueConnectionFactory"> <attribute name="ToName">ConnectionFactory</attribute> <attribute name="FromName">QueueConnectionFactory</attribute> </mbean>
9.5.3. org.jboss.naming.ExternalContext MBean
ExternalContext
MBean allows you to federate external JNDI contexts into the server JNDI namespace. The term external refers to any naming service external to the JBossNS naming service running inside of the server VM. You can incorporate LDAP servers, file systems, DNS servers, and so on, even if the JNDI provider root context is not serializable. The federation can be made available to remote clients if the naming service supports remote access.
ExternalContext
MBean service to the jboss-service.xml
configuration file. The configurable attributes of the ExternalContext
service are as follows:
- JndiName: The JNDI name under which the external context is to be bound.
- RemoteAccess: A boolean flag indicating if the external
InitialContext
should be bound using aSerializable
form that allows a remote client to create the externalInitialContext
. When a remote client looks up the external context via the JBoss JNDIInitialContext
, they effectively create an instance of the externalInitialContext
using the same env properties passed to theExternalContext
MBean. This will only work if the client can do anew InitialContext(env)
remotely. This requires that theContext.PROVIDER_URL
value of env is resolvable in the remote VM that is accessing the context. This should work for the LDAP example. For the file system example this most likely will not work unless the file system path refers to a common network path. If this property is not given it defaults to false. - CacheContext: The
cacheContext
flag. When set to true, the externalContext
is only created when the MBean is started and then stored as an in memory object until the MBean is stopped. If cacheContext is set to false, the externalContext
is created on each lookup using the MBean properties and InitialContext class. When the uncachedContext
is looked up by a client, the client should invokeclose()
on the Context to prevent resource leaks. - InitialContext: The fully qualified class name of the
InitialContext
implementation to use. Must be one of:javax.naming.InitialContext
,javax.naming.directory.InitialDirContext
orjavax.naming.ldap.InitialLdapContext
. In the case of theInitialLdapContext
a nullControls
array is used. The default isjavax.naming.InitialContex
. - Properties: The
Properties
attribute contains the JNDI properties for the externalInitialContext
. The input should be the text equivalent to what would go into ajndi.properties
file. - PropertiesURL: This set the
jndi.properties
information for the externalInitialContext
from an external properties file. This is either a URL, string or a classpath resource name. Examples are as follows:- file:///config/myldap.properties
- http://config.mycompany.com/myldap.properties
- /conf/myldap.properties
- myldap.properties
external/ldap/jboss
.
<!-- Bind a remote LDAP server --> <mbean code="org.jboss.naming.ExternalContext" name="jboss.jndi:service=ExternalContext,jndiName=external/ldap/jboss"> <attribute name="JndiName">external/ldap/jboss</attribute> <attribute name="Properties"> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory java.naming.provider.url=ldap://ldaphost.jboss.org:389/o=jboss.org java.naming.security.principal=cn=Directory Manager java.naming.security.authentication=simple java.naming.security.credentials=secret </attribute> <attribute name="InitialContext"> javax.naming.ldap.InitialLdapContext </attribute> <attribute name="RemoteAccess">true</attribute> </mbean>
ldap://ldaphost.jboss.org:389/o=jboss.org
from within the JBoss VM using the following code fragment:
InitialContext iniCtx = new InitialContext(); LdapContext ldapCtx = iniCtx.lookup("external/ldap/jboss");
RemoteAccess
property was set to true. If it were set to false, it would not work because the remote client would receive a Reference
object with an ObjectFactory
that would not be able to recreate the external InitialContext
.
<!-- Bind the /usr/local file system directory --> <mbean code="org.jboss.naming.ExternalContext" name="jboss.jndi:service=ExternalContext,jndiName=external/fs/usr/local"> <attribute name="JndiName">external/fs/usr/local</attribute> <attribute name="Properties"> java.naming.factory.initial=com.sun.jndi.fscontext.RefFSContextFactory java.naming.provider.url=file:///usr/local </attribute> <attribute name="InitialContext">javax.naming.IntialContext</attribute> </mbean>
/usr/local
into the JBoss JNDI namespace under the name external/fs/usr/local
.
file:///usr/local
from within the JBoss VM using the following code fragment:
InitialContext iniCtx = new InitialContext(); Context ldapCtx = iniCtx.lookup("external/fs/usr/local");
9.5.4. The org.jboss.naming.JNDIView MBean
http://localhost:8080/jmx-console/
. On this page you will see a section that lists the registered MBeans sorted by domain. It should look something like that shown in Figure 9.4, “The JMX Console view of the configured JBoss MBeans”.

Figure 9.4. The JMX Console view of the configured JBoss MBeans

Figure 9.5. The JMX Console view of the JNDIView MBean

Figure 9.6. The JMX Console view of the JNDIView list operation output
9.6. J2EE and JNDI - The Application Component Environment
- Application component business logic should be coded to access information from its ENC. The component provider uses the standard deployment descriptor for the component to specify the required ENC entries. The entries are declarations of the information and resources the component requires at runtime.
- The container provides tools that allow a deployer of a component to map the ENC references made by the component developer to the deployment environment entity that satisfies the reference.
- The component deployer utilizes the container tools to ready a component for final deployment.
- The component container uses the deployment package information to build the complete component ENC at runtime
javax.naming.InitialContext
object by using the no argument constructor and then looks up the naming environment under the name java:comp/env
. The application component's environment entries are stored directly in the ENC, or in its subcontexts. Example 9.4, “ENC access sample code” illustrates the prototypical lines of code a component uses to access its ENC.
Example 9.4. ENC access sample code
// Obtain the application component's ENC Context iniCtx = new InitialContext(); Context compEnv = (Context) iniCtx.lookup("java:comp/env");
Bean1
cannot access the ENC elements of EJB Bean2
, and vice versa. Similarly, Web application Web1
cannot access the ENC elements of Web application Web2
or Bean1
or Bean2
for that matter. Also, arbitrary client code, whether it is executing inside of the application server VM or externally cannot access a component's java:comp
JNDI context. The purpose of the ENC is to provide an isolated, read-only namespace that the application component can rely on regardless of the type of environment in which the component is deployed. The ENC must be isolated from other components because each component defines its own ENC content. Components A
and B
, for example, may define the same name to refer to different objects. For example, EJB Bean1
may define an environment entry java:comp/env/red
to refer to the hexadecimal value for the RGB color for red, while Web application Web1
may bind the same name to the deployment environment language locale representation of red.
java:comp
, names under java:
, and any other name. As discussed, the java:comp
context and its subcontexts are only available to the application component associated with that particular context. Subcontexts and object bindings directly under java:
are only visible within the server virtual machine and not to remote clients. Any other context or object binding is available to remote clients, provided the context or object supports serialization. You'll see how the isolation of these naming scopes is achieved in the Section 9.2, “The JBoss Naming Service Architecture”.
java:
context is useful would be a javax.sql.DataSource
connection factory that can only be used inside of the server where the associated database pool resides. On the other hand, an EJB home interface would be bound to a globally visible name that should accessible by remote client.
9.6.1. ENC Usage Conventions
ejb-jar.xml
deployment descriptor for EJB components, and the standard web.xml
deployment descriptor for Web components. Several different types of information may be stored in and retrieved from JNDI including:
- Environment entries as declared by the
env-entry
elements - EJB references as declared by
ejb-ref
andejb-local-ref
elements. - Resource manager connection factory references as declared by the
resource-ref
elements - Resource environment references as declared by the
resource-env-ref
elements
9.6.1.1. Environment Entries
env-entry
element in the standard deployment descriptors. The env-entry
element contains the following child elements:
- An optional description element that provides a description of the entry
- An env-entry-name element giving the name of the entry relative to
java:comp/env
- An env-entry-type element giving the Java type of the entry value that must be one of:
java.lang.Byte
java.lang.Boolean
java.lang.Character
java.lang.Double
java.lang.Float
java.lang.Integer
java.lang.Long
java.lang.Short
java.lang.String
- An env-entry-value element giving the value of entry as a string
env-entry
fragment from an ejb-jar.xml
deployment descriptor is given in Example 9.5, “An example ejb-jar.xml env-entry fragment”. There is no JBoss specific deployment descriptor element because an env-entry
is a complete name and value specification. Example 9.6, “ENC env-entry access code fragment” shows a sample code fragment for accessing the maxExemptions
and taxRate
and env-entry
values declared in the deployment descriptor.
Example 9.5. An example ejb-jar.xml env-entry fragment
<!-- ... --> <session> <ejb-name>ASessionBean</ejb-name> <!-- ... --> <env-entry> <description>The maximum number of tax exemptions allowed </description> <env-entry-name>maxExemptions</env-entry-name> <env-entry-type>java.lang.Integer</env-entry-type> <env-entry-value>15</env-entry-value> </env-entry> <env-entry> <description>The tax rate </description> <env-entry-name>taxRate</env-entry-name> <env-entry-type>java.lang.Float</env-entry-type> <env-entry-value>0.23</env-entry-value> </env-entry> </session> <!-- ... -->
Example 9.6. ENC env-entry access code fragment
InitialContext iniCtx = new InitialContext(); Context envCtx = (Context) iniCtx.lookup("java:comp/env"); Integer maxExemptions = (Integer) envCtx.lookup("maxExemptions"); Float taxRate = (Float) envCtx.lookup("taxRate");
9.6.1.2. EJB References
java:comp/env/ejb
context of the application component's environment.
ejb-ref
element in the deployment descriptor. Each ejb-ref
element describes the interface requirements that the referencing application component has for the referenced enterprise bean. The ejb-ref
element contains the following child elements:
- An optional description element that provides the purpose of the reference.
- An ejb-ref-name element that specifies the name of the reference relative to the
java:comp/env
context. To place the reference under the recommendedjava:comp/env/ejb
context, use anejb/link-name
form for theejb-ref-name
value. - An ejb-ref-type element that specifies the type of the EJB. This must be either
Entity
orSession
. - A home element that gives the fully qualified class name of the EJB home interface.
- A remote element that gives the fully qualified class name of the EJB remote interface.
- An optional ejb-link element that links the reference to another enterprise bean in the same EJB JAR or in the same J2EE application unit. The
ejb-link
value is theejb-name
of the referenced bean. If there are multiple enterprise beans with the sameejb-name
, the value uses the path name specifying the location of theejb-jar
file that contains the referenced component. The path name is relative to the referencingejb-jar
file. The Application Assembler appends theejb-name
of the referenced bean to the path name separated by#
. This allows multiple beans with the same name to be uniquely identified.
ejb-ref
element. This means that the EJB reference is not accessible from other application components at runtime, and that other application components may define ejb-ref
elements with the same ejb-ref-name
without causing a name conflict. Example 9.7, “An example ejb-jar.xml ejb-ref descriptor fragment” provides an ejb-jar.xml
fragment that illustrates the use of the ejb-ref
element. A code sample that illustrates accessing the ShoppingCartHome
reference declared in Example 9.7, “An example ejb-jar.xml ejb-ref descriptor fragment” is given in Example 9.8, “ENC ejb-ref access code fragment”.
Example 9.7. An example ejb-jar.xml ejb-ref descriptor fragment
<!-- ... --> <session> <ejb-name>ShoppingCartBean</ejb-name> <!-- ...--> </session> <session> <ejb-name>ProductBeanUser</ejb-name> <!--...--> <ejb-ref> <description>This is a reference to the store products entity </description> <ejb-ref-name>ejb/ProductHome</ejb-ref-name> <ejb-ref-type>Entity</ejb-ref-type> <home>org.jboss.store.ejb.ProductHome</home> <remote> org.jboss.store.ejb.Product</remote> </ejb-ref> </session> <session> <ejb-ref> <ejb-name>ShoppingCartUser</ejb-name> <!--...--> <ejb-ref-name>ejb/ShoppingCartHome</ejb-ref-name> <ejb-ref-type>Session</ejb-ref-type> <home>org.jboss.store.ejb.ShoppingCartHome</home> <remote> org.jboss.store.ejb.ShoppingCart</remote> <ejb-link>ShoppingCartBean</ejb-link> </ejb-ref> </session> <entity> <description>The Product entity bean </description> <ejb-name>ProductBean</ejb-name> <!--...--> </entity> <!--...-->
Example 9.8. ENC ejb-ref access code fragment
InitialContext iniCtx = new InitialContext(); Context ejbCtx = (Context) iniCtx.lookup("java:comp/env/ejb"); ShoppingCartHome home = (ShoppingCartHome) ejbCtx.lookup("ShoppingCartHome");
9.6.1.3. EJB References with jboss.xml
and jboss-web.xml
jboss.xml
EJB deployment descriptor affects EJB references in two ways. First, the jndi-name
child element of the session
and entity
elements allows the user to specify the deployment JNDI name for the EJB home interface. In the absence of a jboss.xml
specification of the jndi-name
for an EJB, the home interface is bound under the ejb-jar.xml
ejb-name
value. For example, the session EJB with the ejb-name
of ShoppingCartBean
in Example 9.7, “An example ejb-jar.xml ejb-ref descriptor fragment” would have its home interface bound under the JNDI name ShoppingCartBean
in the absence of a jboss.xml
jndi-name
specification.
jboss.xml
descriptor with respect to ejb-ref
s is the setting of the destination to which a component's ENC ejb-ref
refers. The ejb-link
element cannot be used to refer to EJBs in another enterprise application. If your ejb-ref
needs to access an external EJB, you can specify the JNDI name of the deployed EJB home using the jboss.xml
ejb-ref/jndi-name
element.
jboss-web.xml
descriptor is used only to set the destination to which a Web application ENC ejb-ref
refers. The content model for the JBoss ejb-ref
is as follows:
- An ejb-ref-name element that corresponds to the ejb-ref-name element in the ejb-jar.xml or web.xml standard descriptor
- A
jndi-name
element that specifies the JNDI name of the EJB home interface in the deployment environment
jboss.xml
descriptor fragment that illustrates the following usage points:
- The
ProductBeanUser
ejb-ref
link destination is set to the deployment name ofjboss/store/ProductHome
- The deployment JNDI name of the
ProductBean
is set tojboss/store/ProductHome
Example 9.9. An example jboss.xml ejb-ref fragment
<!-- ... --> <session> <ejb-name>ProductBeanUser</ejb-name> <ejb-ref> <ejb-ref-name>ejb/ProductHome</ejb-ref-name> <jndi-name>jboss/store/ProductHome</jndi-name> </ejb-ref> </session> <entity> <ejb-name>ProductBean</ejb-name> <jndi-name>jboss/store/ProductHome</jndi-name> <!-- ... --> </entity> <!-- ... -->
9.6.1.4. EJB Local References
java:comp/env/ejb
context of the application component's environment.
ejb-local-ref
element in the deployment descriptor. Each ejb-local-ref
element describes the interface requirements that the referencing application component has for the referenced enterprise bean. The ejb-local-ref
element contains the following child elements:
- An optional description element that provides the purpose of the reference.
- An ejb-ref-name element that specifies the name of the reference relative to the
java:comp/env
context. To place the reference under the recommendedjava:comp/env/ejb
context, use anejb/link-name
form for theejb-ref-name
value. - An ejb-ref-type element that specifies the type of the EJB. This must be either
Entity
orSession
. - A local-home element that gives the fully qualified class name of the EJB local home interface.
- A local element that gives the fully qualified class name of the EJB local interface.
- An ejb-link element that links the reference to another enterprise bean in the
ejb-jar
file or in the same J2EE application unit. Theejb-link
value is theejb-name
of the referenced bean. If there are multiple enterprise beans with the sameejb-name
, the value uses the path name specifying the location of theejb-jar
file that contains the referenced component. The path name is relative to the referencingejb-jar
file. The Application Assembler appends theejb-name
of the referenced bean to the path name separated by#
. This allows multiple beans with the same name to be uniquely identified. Anejb-link
element must be specified in JBoss to match the local reference to the corresponding EJB.
ejb-local-ref
element. This means that the EJB local reference is not accessible from other application components at runtime, and that other application components may define ejb-local-ref
elements with the same ejb-ref-name
without causing a name conflict. Example 9.10, “An example ejb-jar.xml ejb-local-ref descriptor fragment” provides an ejb-jar.xml
fragment that illustrates the use of the ejb-local-ref
element. A code sample that illustrates accessing the ProbeLocalHome
reference declared in Example 9.10, “An example ejb-jar.xml ejb-local-ref descriptor fragment” is given in Example 9.11, “ENC ejb-local-ref access code fragment”.
Example 9.10. An example ejb-jar.xml ejb-local-ref descriptor fragment
<!-- ... --> <session> <ejb-name>Probe</ejb-name> <home>org.jboss.test.perf.interfaces.ProbeHome</home> <remote>org.jboss.test.perf.interfaces.Probe</remote> <local-home>org.jboss.test.perf.interfaces.ProbeLocalHome</local-home> <local>org.jboss.test.perf.interfaces.ProbeLocal</local> <ejb-class>org.jboss.test.perf.ejb.ProbeBean</ejb-class> <session-type>Stateless</session-type> <transaction-type>Bean</transaction-type> </session> <session> <ejb-name>PerfTestSession</ejb-name> <home>org.jboss.test.perf.interfaces.PerfTestSessionHome</home> <remote>org.jboss.test.perf.interfaces.PerfTestSession</remote> <ejb-class>org.jboss.test.perf.ejb.PerfTestSessionBean</ejb-class> <session-type>Stateless</session-type> <transaction-type>Container</transaction-type> <ejb-ref> <ejb-ref-name>ejb/ProbeHome</ejb-ref-name> <ejb-ref-type>Session</ejb-ref-type> <home>org.jboss.test.perf.interfaces.SessionHome</home> <remote>org.jboss.test.perf.interfaces.Session</remote> <ejb-link>Probe</ejb-link> </ejb-ref> <ejb-local-ref> <ejb-ref-name>ejb/ProbeLocalHome</ejb-ref-name> <ejb-ref-type>Session</ejb-ref-type> <local-home>org.jboss.test.perf.interfaces.ProbeLocalHome</local-home> <local>org.jboss.test.perf.interfaces.ProbeLocal</local> <ejb-link>Probe</ejb-link> </ejb-local-ref> </session> <!-- ... -->
Example 9.11. ENC ejb-local-ref access code fragment
InitialContext iniCtx = new InitialContext(); Context ejbCtx = (Context) iniCtx.lookup("java:comp/env/ejb"); ProbeLocalHome home = (ProbeLocalHome) ejbCtx.lookup("ProbeLocalHome");
9.6.1.5. Resource Manager Connection Factory References
resource-ref
elements in the standard deployment descriptors. The Deployer
binds the resource manager connection factory references to the actual resource manager connection factories that exist in the target operational environment using the jboss.xml
and jboss-web.xml
descriptors.
resource-ref
element describes a single resource manager connection factory reference. The resource-ref
element consists of the following child elements:
- An optional description element that provides the purpose of the reference.
- A res-ref-name element that specifies the name of the reference relative to the
java:comp/env
context. The resource type based naming convention for which subcontext to place theres-ref-name
into is discussed in the next paragraph. - A res-type element that specifies the fully qualified class name of the resource manager connection factory.
- A res-auth element that indicates whether the application component code performs resource sign on programmatically, or whether the container signs on to the resource based on the principal mapping information supplied by the Deployer. It must be one of
Application
orContainer
. - An optional res-sharing-scope element. This currently is not supported by JBoss.
- JDBC
DataSource
references should be declared in thejava:comp/env/jdbc
subcontext. - JMS connection factories should be declared in the
java:comp/env/jms
subcontext. - JavaMail connection factories should be declared in the
java:comp/env/mail
subcontext. - URL connection factories should be declared in the
java:comp/env/url
subcontext.
web.xml
descriptor fragment that illustrates the resource-ref
element usage. Example 9.13, “ENC resource-ref access sample code fragment” provides a code fragment that an application component would use to access the DefaultMail
resource declared by the resource-ref
.
Example 9.12. A web.xml resource-ref descriptor fragment
<web> <!-- ... --> <servlet> <servlet-name>AServlet</servlet-name> <!-- ... --> </servlet> <!-- ... --> <!-- JDBC DataSources (java:comp/env/jdbc) --> <resource-ref> <description>The default DS</description> <res-ref-name>jdbc/DefaultDS</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> </resource-ref> <!-- JavaMail Connection Factories (java:comp/env/mail) --> <resource-ref> <description>Default Mail</description> <res-ref-name>mail/DefaultMail</res-ref-name> <res-type>javax.mail.Session</res-type> <res-auth>Container</res-auth> </resource-ref> <!-- JMS Connection Factories (java:comp/env/jms) --> <resource-ref> <description>Default QueueFactory</description> <res-ref-name>jms/QueueFactory</res-ref-name> <res-type>javax.jms.QueueConnectionFactory</res-type> <res-auth>Container</res-auth> </resource-ref> <web>
Example 9.13. ENC resource-ref access sample code fragment
Context initCtx = new InitialContext(); javax.mail.Session s = (javax.mail.Session) initCtx.lookup("java:comp/env/mail/DefaultMail");
9.6.1.6. Resource Manager Connection Factory References with jboss.xml and jboss-web.xml
jboss.xml
EJB deployment descriptor and jboss-web.xml
Web application deployment descriptor is to provide the link from the logical name defined by the res-ref-name
element to the JNDI name of the resource factory as deployed in JBoss. This is accomplished by providing a resource-ref
element in the jboss.xml
or jboss-web.xml
descriptor. The JBoss resource-ref
element consists of the following child elements:
- A res-ref-name element that must match the
res-ref-name
of a correspondingresource-ref
element from theejb-jar.xml
orweb.xml
standard descriptors - An optional res-type element that specifies the fully qualified class name of the resource manager connection factory
- A jndi-name element that specifies the JNDI name of the resource factory as deployed in JBoss
- A res-url element that specifies the URL string in the case of a
resource-ref
of typejava.net.URL
jboss-web.xml
descriptor fragment that shows sample mappings of the resource-ref
elements given in Example 9.12, “A web.xml resource-ref descriptor fragment”.
Example 9.14. A sample jboss-web.xml resource-ref descriptor fragment
<jboss-web> <!-- ... --> <resource-ref> <res-ref-name>jdbc/DefaultDS</res-ref-name> <res-type>javax.sql.DataSource</res-type> <jndi-name>java:/DefaultDS</jndi-name> </resource-ref> <resource-ref> <res-ref-name>mail/DefaultMail</res-ref-name> <res-type>javax.mail.Session</res-type> <jndi-name>java:/Mail</jndi-name> </resource-ref> <resource-ref> <res-ref-name>jms/QueueFactory</res-ref-name> <res-type>javax.jms.QueueConnectionFactory</res-type> <jndi-name>QueueConnectionFactory</jndi-name> </resource-ref> <!-- ... --> </jboss-web>
9.6.1.7. Resource Environment References
resource-env-ref
elements in the standard deployment descriptors. The Deployer
binds the resource environment references to the actual administered objects location in the target operational environment using the jboss.xml
and jboss-web.xml
descriptors.
resource-env-ref
element describes the requirements that the referencing application component has for the referenced administered object. The resource-env-ref
element consists of the following child elements:
- An optional description element that provides the purpose of the reference.
- A resource-env-ref-name element that specifies the name of the reference relative to the
java:comp/env
context. Convention places the name in a subcontext that corresponds to the associated resource factory type. For example, a JMS queue reference namedMyQueue
should have aresource-env-ref-name
ofjms/MyQueue
. - A resource-env-ref-type element that specifies the fully qualified class name of the referenced object. For example, in the case of a JMS queue, the value would be
javax.jms.Queue
.
resource-ref-env
element declaration by a session bean. Example 9.16, “ENC resource-env-ref access code fragment” gives a code fragment that illustrates how to look up the StockInfo
queue declared by the resource-env-ref
.
Example 9.15. An example ejb-jar.xml resource-env-ref fragment
<session> <ejb-name>MyBean</ejb-name> <!-- ... --> <resource-env-ref> <description>This is a reference to a JMS queue used in the processing of Stock info </description> <resource-env-ref-name>jms/StockInfo</resource-env-ref-name> <resource-env-ref-type>javax.jms.Queue</resource-env-ref-type> </resource-env-ref> <!-- ... --> </session>
Example 9.16. ENC resource-env-ref access code fragment
InitialContext iniCtx = new InitialContext(); javax.jms.Queue q = (javax.jms.Queue) envCtx.lookup("java:comp/env/jms/StockInfo");
9.6.1.8. Resource Environment References and jboss.xml, jboss-web.xml
jboss.xml
EJB deployment descriptor and jboss-web.xml
Web application deployment descriptor is to provide the link from the logical name defined by the resource-env-ref-name
element to the JNDI name of the administered object deployed in JBoss. This is accomplished by providing a resource-env-ref
element in the jboss.xml
or jboss-web.xml
descriptor. The JBoss resource-env-ref
element consists of the following child elements:
- A
resource-env-ref-name
element that must match theresource-env-ref-name
of a correspondingresource-env-ref
element from theejb-jar.xml
orweb.xml
standard descriptors - A
jndi-name
element that specifies the JNDI name of the resource as deployed in JBoss
jboss.xml
descriptor fragment that shows a sample mapping for the StockInfo
resource-env-ref
.
Example 9.17. A sample jboss.xml resource-env-ref descriptor fragment
<session> <ejb-name>MyBean</ejb-name> <!-- ... --> <resource-env-ref> <resource-env-ref-name>jms/StockInfo</resource-env-ref-name> <jndi-name>queue/StockInfoQueue</jndi-name> </resource-env-ref> <!-- ... --> </session>
Chapter 10. Web Services
Warning
10.1. The need for web services
10.2. What web services are not
10.3. Document/Literal
<binding name='EndpointInterfaceBinding' type='tns:EndpointInterface'> <soap:binding style='document' transport='http://schemas.xmlsoap.org/soap/http'/> <operation name='concat'> <soap:operation soapAction=''/> <input> <soap:body use='literal'/> </input> <output> <soap:body use='literal'/> </output> </operation> </binding>
<complexType name='concatType'> <sequence> <element name='String_1' nillable='true' type='string'/> <element name='long_1' type='long'/> </sequence> </complexType> <element name='concat' type='tns:concatType'/>
<message name='EndpointInterface_concat'> <part name='parameters' element='tns:concat'/> </message>
<message name='EndpointInterface_concat'> <part name='parameters' type='tns:concatType'/> </message>
10.4. Document/Literal (Bare)
@WebService @SOAPBinding(parameterStyle = SOAPBinding.ParameterStyle.BARE) public class DocBareServiceImpl { @WebMethod public SubmitBareResponse submitPO(SubmitBareRequest poRequest) { ... } }
@XmlAccessorType(XmlAccessType.FIELD) @XmlType(name = "SubmitBareRequest", namespace="http://soapbinding.samples.jaxws.ws.test.jboss.org/", propOrder = { "product" }) @XmlRootElement(namespace="http://soapbinding.samples.jaxws.ws.test.jboss.org/", name = "SubmitPO") public class SubmitBareRequest { @XmlElement(namespace="http://soapbinding.samples.jaxws.ws.test.jboss.org/", required = true) private String product; ... }
10.5. Document/Literal (Wrapped)
@WebService public class DocWrappedServiceImpl { @WebMethod @RequestWrapper (className="org.somepackage.SubmitPO") @ResponseWrapper (className="org.somepackage.SubmitPOResponse") public String submitPO(String product, int quantity) { ... } }
Note
10.6. RPC/Literal
- The port type operation name defines the endpoint method name
- Message parts are endpoint method parameters
<binding name='EndpointInterfaceBinding' type='tns:EndpointInterface'> <soap:binding style='rpc' transport='http://schemas.xmlsoap.org/soap/http'/> <operation name='echo'> <soap:operation soapAction=''/> <input> <soap:body namespace='http://org.jboss.ws/samples/jsr181pojo' use='literal'/> </input> <output> <soap:body namespace='http://org.jboss.ws/samples/jsr181pojo' use='literal'/> </output> </operation> </binding>
<portType name='EndpointInterface'> <operation name='echo' parameterOrder='String_1'> <input message='tns:EndpointInterface_echo'/> <output message='tns:EndpointInterface_echoResponse'/> </operation> </portType>
<message name='EndpointInterface_echo'> <part name='String_1' type='xsd:string'/> </message> <message name='EndpointInterface_echoResponse'> <part name='result' type='xsd:string'/> </message>
Note
@WebService @SOAPBinding(style = SOAPBinding.Style.RPC) public class JSEBean01 { @WebMethod @WebResult(name="result") public String echo(@WebParam(name="String_1") String input) { ... } }
10.7. RPC/Encoded
- element references
- soap arrays as bean properties
Note
10.8. Web Service Endpoints
10.9. Plain old Java Object (POJO)
@WebService @SOAPBinding(style = SOAPBinding.Style.RPC) public class JSEBean01 { @WebMethod public String echo(String input) { ... } }
10.10. The endpoint as a web application
<web-app ...> <servlet> <servlet-name>TestService</servlet-name> <servlet-class>org.jboss.test.ws.jaxws.samples.jsr181pojo.JSEBean01</servlet-class> </servlet> <servlet-mapping> <servlet-name>TestService</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping> </web-app>
10.11. Packaging the endpoint
*.war
file.
<war warfile="${build.dir}/libs/jbossws-samples-jsr181pojo.war" webxml="${build.resources.dir}/samples/jsr181pojo/WEB-INF/web.xml"> <classes dir="${build.dir}/classes"> <include name="org/jboss/test/ws/samples/jsr181pojo/JSEBean01.class"/> </classes> </war>
Note
web.xml
file are required.
10.12. Accessing the generated WSDL
http://yourhost:8080/jbossws/services
10.13. EJB3 Stateless Session Bean (SLSB)
@Stateless @Remote(EJB3RemoteInterface.class) @RemoteBinding(jndiBinding = "/ejb3/EJB3EndpointInterface") @WebService @SOAPBinding(style = SOAPBinding.Style.RPC) public class EJB3Bean01 implements EJB3RemoteInterface { @WebMethod public String echo(String input) { ... } }
A JSR-181 EJB service endpoint is packaged as an ordinary ejb deployment.
<jar jarfile="${build.dir}/libs/jbossws-samples-jsr181ejb.jar"> <fileset dir="${build.dir}/classes"> <include name="org/jboss/test/ws/samples/jsr181ejb/EJB3Bean01.class"/> <include name="org/jboss/test/ws/samples/jsr181ejb/EJB3RemoteInterface.class"/> </fileset> </jar>
A successfully deployed service endpoint will show up in the service endpoint manager. This is also where you will find the links to the generated WSDL.
http://yourhost:8080/jbossws/services
10.14. Endpoint Provider
@WebServiceProvider @ServiceMode(value = Service.Mode.PAYLOAD) public class ProviderBeanPayload implements Provider<Source> { public Source invoke(Source req) { // Access the entire request PAYLOAD and return the response PAYLOAD } }
10.15. WebServiceContext
WebServiceContext
is treated as an injectable resource that can be set at the time an endpoint is initialized. The WebServiceContext
object will then use thread-local information to return the correct information regardless of how many threads are concurrently being used to serve requests addressed to the same endpoint object.
@WebService public class EndpointJSE { @Resource WebServiceContext wsCtx; @WebMethod public String testGetMessageContext() { SOAPMessageContext jaxwsContext = (SOAPMessageContext)wsCtx.getMessageContext(); return jaxwsContext != null ? "pass" : "fail"; } ... @WebMethod public String testGetUserPrincipal() { Principal principal = wsCtx.getUserPrincipal(); return principal.getName(); } @WebMethod public boolean testIsUserInRole(String role) { return wsCtx.isUserInRole(role); } }
10.16. Web Service Clients
10.16.1. Service
Service
is an abstraction that represents a WSDL service. A WSDL service is a collection of related ports, each of which consists of a port type bound to a particular protocol and available at a particular endpoint address.
10.16.1.1. Service Usage
Most clients will start with a WSDL file, and generate some stubs using jbossws tools like wsconsume. This usually gives a mass of files, one of which is the top of the tree. This is the service implementation class.
// Generated Service Class @WebServiceClient(name="StockQuoteService", targetNamespace="http://example.com/stocks", wsdlLocation="http://example.com/stocks.wsdl") public class StockQuoteService extends javax.xml.ws.Service { public StockQuoteService() { super(new URL("http://example.com/stocks.wsdl"), new QName("http://example.com/stocks", "StockQuoteService")); } public StockQuoteService(String wsdlLocation, QName serviceName) { super(wsdlLocation, serviceName); } ... }
In the dynamic case, when nothing is generated, a web service client uses Service.create
to create Service instances, the following code illustrates this process.
URL wsdlLocation = new URL("http://example.org/my.wsdl"); QName serviceName = new QName("http://example.org/sample", "MyService"); Service service = Service.create(wsdlLocation, serviceName);
10.16.1.2. Handler Resolver
Service
instance provides access to a HandlerResolver
via a pair of getHandlerResolver
and setHandlerResolver
methods that may be used to configure a set of handlers on a per-service, per-port or per-protocol binding basis.
Service
instance is used to create a proxy or a Dispatch
instance then the handler resolver currently registered with the service is used to create the required handler chain. Subsequent changes to the handler resolver configured for a Service
instance do not affect the handlers on previously created proxies, or Dispatch
instances.
10.16.1.3. Executor
Service
instances can be configured with a java.util.concurrent.Executor
. The executor will then be used to invoke any asynchronous callbacks requested by the application. The setExecutor
and getExecutor
methods of Service
can be used to modify and retrieve the executor configured for a service.
10.16.2. Dynamic Proxy
getPort
methods on the Service
.
/** * The getPort method returns a proxy. A service client * uses this proxy to invoke operations on the target * service endpoint. The <code>serviceEndpointInterface</code> * specifies the service endpoint interface that is supported by * the created dynamic proxy instance. */ public <T> T getPort(QName portName, Class<T> serviceEndpointInterface) { ... } /** * The getPort method returns a proxy. The parameter * <code>serviceEndpointInterface</code> specifies the service * endpoint interface that is supported by the returned proxy. * In the implementation of this method, the JAX-WS * runtime system takes the responsibility of selecting a protocol * binding (and a port) and configuring the proxy accordingly. * The returned proxy should not be reconfigured by the client. * */ public <T> T getPort(Class<T> serviceEndpointInterface) { ... }
Service
usually also offers typed methods to get ports. These methods also return dynamic proxies that implement the SEI.
@WebServiceClient(name = "TestEndpointService", targetNamespace = "http://org.jboss.ws/wsref", wsdlLocation = "http://localhost.localdomain:8080/jaxws-samples-webserviceref?wsdl") public class TestEndpointService extends Service { ... public TestEndpointService(URL wsdlLocation, QName serviceName) { super(wsdlLocation, serviceName); } @WebEndpoint(name = "TestEndpointPort") public TestEndpoint getTestEndpointPort() { return (TestEndpoint)super.getPort(TESTENDPOINTPORT, TestEndpoint.class); } }
10.16.3. WebServiceRef
WebServiceRef
annotation is used to declare a reference to a Web service. It follows the resource pattern exemplified by the javax.annotation.Resource
annotation in JSR-250
WebServiceRef
annotation:
- To define a reference whose type is a generated service class. In this case, the type and value element will both refer to the generated service class type. Moreover, if the reference type can be inferred by the field or method declaration then the annotation is applied to the type, and value elements may have the default value (
Object.class
, that is). If the type cannot be inferred, then at least the type element must be present with a non-default value. - To define a reference whose type is a SEI. In this case, the type element may be present with its default value if the type of the reference can be inferred from the annotated field and method declaration, but the value element must always be present and refer to a generated service class type (a subtype of
javax.xml.ws.Service
). The wsdlLocation element, if present, overrides theWSDL location information specified in theWebService
annotation of the referenced generated service class.
public class EJB3Client implements EJB3Remote { @WebServiceRef public TestEndpointService service4; @WebServiceRef public TestEndpoint port3; }
In JBoss Enterprise Application Platform 5.0 we offer a number of overrides and extensions to the WebServiceRef
annotation. These include:
- define the port that should be used to resolve a container-managed port
- define default Stub property settings for Stub objects
- define the URL of a final WSDL document to be used
<service-ref> <service-ref-name>OrganizationService</service-ref-name> <wsdl-override>file:/wsdlRepository/organization-service.wsdl</wsdl-override> </service-ref> .. <service-ref> <service-ref-name>OrganizationService</service-ref-name> <config-name>Secure Client Config</config-name> <config-file>META-INF/jbossws-client-config.xml</config-file> <handler-chain>META-INF/jbossws-client-handlers.xml</handler-chain> </service-ref> <service-ref> <service-ref-name>SecureService</service-ref-name> <service-class-name>org.jboss.tests.ws.jaxws.webserviceref.SecureEndpointService</service-class-name> <service-qname>{http://org.jboss.ws/wsref}SecureEndpointService</service-qname> <port-info> <service-endpoint-interface>org.jboss.tests.ws.jaxws.webserviceref.SecureEndpoint</service-endpoint-interface> <port-qname>{http://org.jboss.ws/wsref}SecureEndpointPort</port-qname> <stub-property> <name>javax.xml.ws.security.auth.username</name> <value>kermit</value> </stub-property> <stub-property> <name>javax.xml.ws.security.auth.password</name> <value>thefrog</value> </stub-property> </port-info> </service-ref>
10.16.4. Dispatch
In this mode, client applications work directly with protocol-specific message structures. For example, when used with a SOAP protocol binding, a client application would work directly with a SOAP message.
In this mode, client applications work with the payload of messages rather than the messages themselves. For example, when used with a SOAP protocol binding, a client application would work with the contents of the SOAP Body rather than the SOAP message as a whole.
Service service = Service.create(wsdlURL, serviceName); Dispatch dispatch = service.createDispatch(portName, StreamSource.class, Mode.PAYLOAD); String payload = "<ns1:ping xmlns:ns1='http://oneway.samples.jaxws.ws.test.jboss.org/'/>"; dispatch.invokeOneWay(new StreamSource(new StringReader(payload))); payload = "<ns1:feedback xmlns:ns1='http://oneway.samples.jaxws.ws.test.jboss.org/'/>"; Source retObj = (Source)dispatch.invoke(new StreamSource(new StringReader(payload)));
10.16.5. Asynchronous Invocations
BindingProvider
interface represents a component that provides a protocol binding for use by clients, it is implemented by proxies and is extended by the Dispatch
interface.
BindingProvider
instances may provide asynchronous operation capabilities. When used, asynchronous operation invocations are decoupled from the BindingProvider
instance at invocation time such that the response context is not updated when the operation completes. Instead a separate response context is made available using the Response
interface.
public void testInvokeAsync() throws Exception { URL wsdlURL = new URL("http://" + getServerHost() + ":8080/jaxws-samples-asynchronous?wsdl"); QName serviceName = new QName(targetNS, "TestEndpointService"); Service service = Service.create(wsdlURL, serviceName); TestEndpoint port = service.getPort(TestEndpoint.class); Response response = port.echoAsync("Async"); // access future String retStr = (String) response.get(); assertEquals("Async", retStr); }
10.16.6. Oneway Invocations
@WebService (name="PingEndpoint") @SOAPBinding(style = SOAPBinding.Style.RPC) public class PingEndpointImpl { private static String feedback; ... @WebMethod @Oneway public void ping() { log.info("ping"); feedback = "ok"; } ... @WebMethod public String feedback() { log.info("feedback"); return feedback; } }
10.17. Common API
10.17.1. Handler Framework
10.17.1.1. Logical Handler
javax.xml.ws.handler.LogicalHandler
.
10.17.1.2. Protocol Handler
javax.xml.ws.handler.Handler
except javax.xml.ws.handler.LogicalHandler
.
10.17.1.3. Service endpoint handlers
@WebService @HandlerChain(file = "jaxws-server-source-handlers.xml") public class SOAPEndpointSourceImpl { ... }
10.17.1.4. Service client handlers
Service service = Service.create(wsdlURL, serviceName); Endpoint port = (Endpoint)service.getPort(Endpoint.class); BindingProvider bindingProvider = (BindingProvider)port; List<Handler> handlerChain = new ArrayList<Handler>(); handlerChain.add(new LogHandler()); handlerChain.add(new AuthorizationHandler()); handlerChain.add(new RoutingHandler()); bindingProvider.getBinding().setHandlerChain(handlerChain); // important!
10.17.2. Message Context
10.17.2.1. Accessing the message context
@WebServiceContext
annotation.
10.17.2.2. Logical Message Context
Logical Handlers
at invocation time. LogicalMessageContext extends MessageContext with methods to obtain and modify the message payload, it does not provide access to the protocol specific aspects of a message. A protocol binding defines what component of a message are available via a logical message context. The SOAP binding defines that a logical handler deployed in a SOAP binding can access the contents of the SOAP body but not the SOAP headers whereas the XML/HTTP binding defines that a logical handler can access the entire XML payload of a message.
10.17.2.3. SOAP Message Context
SOAP handlers
at invocation time. SOAPMessageContext extends MessageContext with methods to obtain and modify the SOAP message payload.
10.17.3. Fault Handling
public void throwSoapFaultException() { SOAPFactory factory = SOAPFactory.newInstance(); SOAPFault fault = factory.createFault("this is a fault string!", new QName("http://foo", "FooCode")); fault.setFaultActor("mr.actor"); fault.addDetail().addChildElement("test"); throw new SOAPFaultException(fault); }
public void throwApplicationException() throws UserException { throw new UserException("validation", 123, "Some validation error"); }
Note
10.18. DataBinding
10.18.1. Using JAXB with non annotated classes
10.19. Attachments
10.19.1. MTOM/XOP
10.19.1.1. Supported MTOM parameter types
image/jpeg
|
java.awt.Image
|
text/xml
|
javax.xml.transform.Source
|
application/xml
|
javax.xml.transform.Source
|
application/octet-stream
|
javax.activation.DataHandler
|
Note
10.19.1.2. Enabling MTOM per endpoint
@BindingType
annotation. JBossWS does handle SOAP1.1 and SOAP1.2. Both come with or without MTOM flavors:
package org.jboss.test.ws.jaxws.samples.xop.doclit; import javax.ejb.Remote; import javax.jws.WebService; import javax.jws.soap.SOAPBinding; import javax.xml.ws.BindingType; @Remote @WebService(targetNamespace = "http://org.jboss.ws/xop/doclit") @SOAPBinding(style = SOAPBinding.Style.DOCUMENT, parameterStyle = SOAPBinding.ParameterStyle.BARE) @BindingType(value="http://schemas.xmlsoap.org/wsdl/soap/http?mtom=true") (1) public interface MTOMEndpoint { ... }
- The MTOM enabled SOAP 1.1 binding ID
Binding
API to enable MTOM (Excerpt taken from the org.jboss.test.ws.jaxws.samples.xop.doclit.XOPTestCase
):
... Service service = Service.create(wsdlURL, serviceName); port = service.getPort(MTOMEndpoint.class); // enable MTOM binding = (SOAPBinding)((BindingProvider)port).getBinding(); binding.setMTOMEnabled(true);
Note
10.19.2. SwaRef
10.19.2.1. Using SwaRef with JAX-WS endpoints
DataHandler
types is to annotate a payload bean with the @XmlAttachmentRef
annotation as shown below:
/** * Payload bean that will use SwaRef encoding */ @XmlRootElement public class DocumentPayload { private DataHandler data; public DocumentPayload() { } public DocumentPayload(DataHandler data) { this.data = data; } @XmlElement @XmlAttachmentRef public DataHandler getData() { return data; } public void setData(DataHandler data) { this.data = data; } }
@XmlAttachmentRef
annotation on the service endpoint interface:
@WebService public interface DocWrappedEndpoint { @WebMethod DocumentPayload beanAnnotation(DocumentPayload dhw, String test); @WebMethod @XmlAttachmentRef DataHandler parameterAnnotation(@XmlAttachmentRef DataHandler data, String test); }
<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> <env:Header/> <env:Body> <ns2:parameterAnnotation xmlns:ns2='http://swaref.samples.jaxws.ws.test.jboss.org/'> <arg0>cid:0-1180017772935-32455963@ws.jboss.org</arg0> <arg1>Wrapped test</arg1> </ns2:parameterAnnotation> </env:Body> </env:Envelope>
10.19.2.2. Starting from WSDL
<element name="data" type="wsi:swaRef" xmlns:wsi="http://ws-i.org/profiles/basic/1.1/xsd"/>
10.20. Tools
- Exposing an already existing EJB3 bean as a Web Service
- Providing a new service, and you want the contract to be generated for you
- Replacing the implementation of an existing Web Service without breaking compatibility with older clients
- Exposing a service that conforms to a contract specified by a third party (e.g. a vendor that calls you back using an already defined protocol).
- Creating a service that adheres to the XML Schema and WSDL you developed by hand up front
Command
|
Description
|
---|---|
Generates JAX-WS portable artifacts, and provides the abstract contract. Used for bottom-up development.
| |
Consumes the abstract contract (WSDL and Schema files), and produces artifacts for both a server and client. Used for top-down and client development
| |
Executes a Java client (that has a main method) using the JBossWS classpath.
|
10.20.1. Bottom-Up (Using wsprovide)
package echo; @javax.jws.WebService public class Echo { public String echo(String input) { return input; } }
$ javac -d . -classpath jboss-jaxws.jar Echo.java $ wsprovide -w echo.Echo Generating WSDL: EchoService.wsdl Writing Classes: echo/jaxws/Echo.class echo/jaxws/EchoResponse.class
<service name='EchoService'> <port binding='tns:EchoBinding' name='EchoPort'> <soap:address location='REPLACE_WITH_ACTUAL_URL'/> </port> </service>
<portType name='Echo'> <operation name='echo' parameterOrder='echo'> <input message='tns:Echo_echo'/> <output message='tns:Echo_echoResponse'/> </operation> </portType>
Note
web.xml
needs to be created:
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4"> <servlet> <servlet-name>Echo</servlet-name> <servlet-class>echo.Echo</servlet-class> </servlet> <servlet-mapping> <servlet-name>Echo</servlet-name> <url-pattern>/Echo</url-pattern> </servlet-mapping> </web-app>
web.xml
and the single class can now be used to create a WAR:
$ mkdir -p WEB-INF/classes $ cp -rp echo WEB-INF/classes/ $ cp web.xml WEB-INF $ jar cvf echo.war WEB-INF added manifest adding: WEB-INF/(in = 0) (out= 0)(stored 0%) adding: WEB-INF/classes/(in = 0) (out= 0)(stored 0%) adding: WEB-INF/classes/echo/(in = 0) (out= 0)(stored 0%) adding: WEB-INF/classes/echo/Echo.class(in = 340) (out= 247)(deflated 27%) adding: WEB-INF/web.xml(in = 576) (out= 271)(deflated 52%)
cp echo.war <JBOSS_HOME>/server/default/deploy
10.20.2. Top-Down (Using wsconsume)
Note
$ wsconsume -k EchoService.wsdl echo/Echo.java echo/EchoResponse.java echo/EchoService.java echo/Echo_Type.java echo/ObjectFactory.java echo/package-info.java echo/Echo.java echo/EchoResponse.java echo/EchoService.java echo/Echo_Type.java echo/ObjectFactory.java echo/package-info.java
File
|
Purpose
|
Echo.java
|
Service Endpoint Interface
|
Echo_Type.java
|
Wrapper bean for request message
|
EchoResponse.java
|
Wrapper bean for response message
|
ObjectFactory.java
|
JAXB XML Registry
|
package-info.java
|
Holder for JAXB package annotations
|
EchoService.java
|
Used only by JAX-WS clients
|
@WebService(name = "Echo", targetNamespace = "http://echo/") public interface Echo { @WebMethod @WebResult(targetNamespace = "") @RequestWrapper(localName = "echo", targetNamespace = "http://echo/", className = "echo.Echo_Type") @ResponseWrapper(localName = "echoResponse", targetNamespace = "http://echo/", className = "echo.EchoResponse") public String echo(@WebParam(name = "arg0", targetNamespace = "") String arg0); }
package echo; @javax.jws.WebService(endpointInterface="echo.Echo") public class EchoImpl implements Echo { public String echo(String arg0) { return arg0; } }
10.20.3. Client Side
<service name='EchoService'> <port binding='tns:EchoBinding' name='EchoPort'> <soap:address location='REPLACE_WITH_ACTUAL_URL'/> </port> </service>
<service name="EchoService"> <port binding="tns:EchoBinding" name="EchoPort"> <soap:address location="http://localhost.localdomain:8080/echo/Echo"/> </port> </service>
$ wsconsume -k http://localhost:8080/echo/Echo?wsdl echo/Echo.java echo/EchoResponse.java echo/EchoService.java echo/Echo_Type.java echo/ObjectFactory.java echo/package-info.java echo/Echo.java echo/EchoResponse.java echo/EchoService.java echo/Echo_Type.java echo/ObjectFactory.java echo/package-info.java
EchoService.java
. Notice how it stores the location the WSDL was obtained from.
@WebServiceClient(name = "EchoService", targetNamespace = "http://echo/", wsdlLocation = "http://localhost:8080/echo/Echo?wsdl") public class EchoService extends Service { private final static URL ECHOSERVICE_WSDL_LOCATION; static { URL url = null; try { url = new URL("http://localhost:8080/echo/Echo?wsdl"); } catch (MalformedURLException e) { e.printStackTrace(); } ECHOSERVICE_WSDL_LOCATION = url; } public EchoService(URL wsdlLocation, QName serviceName) { super(wsdlLocation, serviceName); } public EchoService() { super(ECHOSERVICE_WSDL_LOCATION, new QName("http://echo/", "EchoService")); } @WebEndpoint(name = "EchoPort") public Echo getEchoPort() { return (Echo)super.getPort(new QName("http://echo/", "EchoPort"), Echo.class); } }
javax.xml.ws.Service
. While you can use Service
directly, this is far simpler since it provides the configuration info for you. The only method we really care about is the getEchoPort()
method, which returns an instance of our Service Endpoint Interface
. Any Web Services operation can then be called by just invoking a method on the returned interface.
Note
Note
import echo.*; .. public class EchoClient { public static void main(String args[]) { if (args.length != 1) { System.err.println("usage: EchoClient <message>"); System.exit(1); } EchoService service = new EchoService(); Echo echo = service.getEchoPort(); System.out.println("Server said: " + echo.echo(args[0])); } }
$ wsrunclient EchoClient 'Hello World!' Server said: Hello World!
... EchoService service = new EchoService(); Echo echo = service.getEchoPort(); /* Set NEW Endpoint Location */ String endpointURL = "http://NEW_ENDPOINT_URL"; BindingProvider bp = (BindingProvider)echo; bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpointURL); System.out.println("Server said: " + echo.echo(args[0])); ...
10.20.4. Command-line & Ant Task Reference
10.20.5. JAX-WS binding customization
10.21. Web Service Extensions
10.21.1. WS-Addressing
10.21.1.1. Specifications
10.21.1.2. Addressing Endpoint
Note
@WebService(name = "StatefulEndpoint", targetNamespace = "http://org.jboss.ws/samples/wsaddressing", serviceName = "TestService") @Addressing(enabled=true, required=true) @SOAPBinding(style = SOAPBinding.Style.RPC) public class StatefulEndpointImpl implements StatefulEndpoint, ServiceLifecycle { @WebMethod public void addItem(String item) { ... } @WebMethod public void checkout() { ... } @WebMethod public String getItems() { ... } }
javax.xml.ws.soap.Addressing
annotation to enable the server side addressing handler.
10.21.1.3. Addressing Client
javax.xml.ws.soap.AddressingFeature
feature from JAX-WS 2.1 API to enable the WS-Addressing.
Service service = Service.create(wsdlURL, serviceName); port1 = (StatefulEndpoint)service.getPort(StatefulEndpoint.class, new AddressingFeature());
public class AddressingStatefulTestCase extends JBossWSTest { ... public void testAddItem() throws Exception { port1.addItem("Ice Cream"); port1.addItem("Ferrari"); port2.addItem("Mars Bar"); port2.addItem("Porsche"); } public void testGetItems() throws Exception { String items1 = port1.getItems(); assertEquals("[Ice Cream, Ferrari]", items1); String items2 = port2.getItems(); assertEquals("[Mars Bar, Porsche]", items2); } }
<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> <env:Header xmlns:wsa='http://schemas.xmlsoap.org/ws/2004/08/addressing'> <wsa:To>uri:jbossws-samples-wsaddr/TestService</wsa:To> <wsa:Action>http://org.jboss.ws/addressing/stateful/action</wsa:Action> <wsa:ReferenceParameters> <ns1:clientid xmlns:ns1='http://somens'>clientid-1</ns1:clientid> </wsa:ReferenceParameters> </env:Header> <env:Body> <ns1:addItem xmlns:ns1='http://org.jboss.ws/samples/wsaddr'> <String_1>Ice Cream</String_1> </ns1:addItem> </env:Body> </env:Envelope> <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> <env:Header xmlns:wsa='http://schemas.xmlsoap.org/ws/2004/08/addressing'> <wsa:To>http://www.w3.org/2005/08/addressing/anonymous</wsa:To> <wsa:Action>http://org.jboss.ws/addressing/stateful/actionReply</wsa:Action> <ns1:clientid xmlns:ns1='http://somens'>clientid-1</ns1:clientid> </env:Header> <env:Body> <ns1:addItemResponse xmlns:ns1='http://org.jboss.ws/samples/wsaddr'/> </env:Body> </env:Envelope> ... <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> <env:Header xmlns:wsa='http://schemas.xmlsoap.org/ws/2004/08/addressing'> <wsa:To>uri:jbossws-samples-wsaddr/TestService</wsa:To> <wsa:Action>http://org.jboss.ws/addressing/stateful/action</wsa:Action> <wsa:ReferenceParameters> <ns1:clientid xmlns:ns1='http://somens'>clientid-1</ns1:clientid> </wsa:ReferenceParameters> </env:Header> <env:Body> <ns1:getItems xmlns:ns1='http://org.jboss.ws/samples/wsaddr'/> </env:Body> </env:Envelope> <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> <env:Header xmlns:wsa='http://schemas.xmlsoap.org/ws/2004/08/addressing'> <wsa:To>http://www.w3.org/2005/08/addressing/anonymous</wsa:To> <wsa:Action>http://org.jboss.ws/addressing/stateful/actionReply</wsa:Action> <ns1:clientid xmlns:ns1='http://somens'>clientid-1</ns1:clientid> </env:Header> <env:Body> <ns1:getItemsResponse xmlns:ns1='http://org.jboss.ws/samples/wsaddr'> <result>[Ice Cream, Ferrari]</result> </ns1:getItemsResponse> </env:Body> </env:Envelope>
10.21.2. WS-Security
10.21.2.1. Endpoint configuration
Note
10.21.2.2. Server side WSSE declaration (jboss-wsse-server.xml)
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <key-store-file>WEB-INF/wsse.keystore</key-store-file><key-store-password>jbossws</key-store-password>
<trust-store-file>WEB-INF/wsse.truststore</trust-store-file>
<trust-store-password>jbossws</trust-store-password>
<config>
<sign type="x509v3" alias="wsse"/>
<requires>
<signature/>
</requires> </config> </jboss-ws-security>
This specifies that the key store we wish to use is WEB-INF/wsse.keystore , which is located in our war file.
| |
This specifies that the store password is "jbossws". Password can be encypted using the {EXT} and {CLASS} commands. Please see samples for their usage.
| |
This specifies that the trust store we wish to use is WEB-INF/wsse.truststore , which is located in our war file.
| |
This specifies that the trust store password is also "jbossws". Password can be encrypted using the {EXT} and {CLASS} commands. Please see samples for their usage.
| |
Here we start our root config block. The root config block is the default configuration for all services in this war file.
| |
This means that the server must sign the message body of all responses. Type means that we are using X.509v3 certificate (a standard certificate). The alias option says that the certificate and key pair to use for signing is in the key store under the "wsse" alias
| |
Here we start our optional requires block. This block specifies all security requirements that must be met when the server receives a message.
| |
This means that all web services in this war file require the message body to be signed.
|
@EndpointConfig
annotation to set the config name. See JAX-WS_Endpoint_Configuration for the list of available config names.
@WebService @EndpointConfig(configName = "Standard WSSecurity Endpoint") public class HelloJavaBean { ... }
10.21.2.3. Client side WSSE declaration (jboss-wsse-client.xml)
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <config><sign type="x509v3" alias="wsse"/>
<requires>
<signature/>
</requires> </config> </jboss-ws-security>
Here we start our root config block. The root config block is the default configuration for all web service clients (Call, Proxy objects).
| |
This means that the client must sign the message body of all requests it sends. Type means that we are to use a X.509v3 certificate (a standard certificate). The alias option says that the certificate/key pair to use for signing is in the key store under the "wsse" alias
| |
Here we start our optional requires block. This block specifies all security requirements that must be met when the client receives a response.
| |
This means that all web service clients must receive signed response messages.
|
10.21.2.3.1. Client side key store configuration
<sysproperty key="org.jboss.ws.wsse.keyStore" value="${tests.output.dir}/resources/jaxrpc/samples/wssecurity/wsse.keystore"/> <sysproperty key="org.jboss.ws.wsse.trustStore" value="${tests.output.dir}/resources/jaxrpc/samples/wssecurity/wsse.truststore"/> <sysproperty key="org.jboss.ws.wsse.keyStorePassword" value="jbossws"/> <sysproperty key="org.jboss.ws.wsse.trustStorePassword" value="jbossws"/> <sysproperty key="org.jboss.ws.wsse.keyStoreType" value="jks"/> <sysproperty key="org.jboss.ws.wsse.trustStoreType" value="jks"/>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> <env:Header> <wsse:Security env:mustUnderstand="1" ...> <wsu:Timestamp wsu:Id="timestamp">...</wsu:Timestamp> <wsse:BinarySecurityToken ...> ... </wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> ... </ds:Signature> </wsse:Security> </env:Header> <env:Body wsu:Id="element-1-1140197309843-12388840" ...> <ns1:echoUserType xmlns:ns1="http://org.jboss.ws/samples/wssecurity"> <UserType_1 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <msg>Kermit</msg> </UserType_1> </ns1:echoUserType> </env:Body> </env:Envelope>
10.21.2.4. Installing the BouncyCastle JCE provider
java.security
properties file (found in $JAVA_HOME/jre/lib/security/java.security
, where $JAVA_HOME
is the location of your JDK and JRE distribution). You will find detailed instructions in the file but basically it comes down to adding a line:
security.provider.<n>=org.bouncycastle.jce.provider.BouncyCastleProvider
<n>
is the preference you want the provider at.
Note
10.21.2.5. Username Token Authentication
Example 10.1. Basic Username Token Configuration
jboss-wsse-client.xml
that contains the following information.
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <config> <username/> <timestamp ttl="300"/></config> </jboss-ws-security>
This line specifies that a <timestamp> element must be present in the message and that the message can not be older than 300 seconds. The seconds limitation is used to prevent replay attacks.
|
seconds
attribute in the jboss-wsse-server.xml
file so both headers match. You must also specify the <requires/> element to enforce this condition.
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <config> <timestamp ttl="300"/> <requires/> </config> </jboss-ws-security>
Warning
Example 10.1, “Basic Username Token Configuration” results in the client password being sent as plain text. You can use a combination of digested passwords, nonces, and timestamps to provide further protection from replay attacks.
Example 10.2. Enable Password Digesting
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <config> <username digestPassword="true" useNonce="true" useCreated="true"/><timestamp ttl="300"/> </config> </jboss-ws-security>
The <username> element of the jboss-wsse-client.xml file enables the digestPassword , nonces and timestamps attributes.
|
login-config.xml
file, you must also implement the UsernameTokenCallback
module option.
Example 10.3. UsernameTokenCallback Module
<application-policy name="JBossWSDigest"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties">META-INF/jbossws-users.properties</module-option> <module-option name="rolesProperties">META-INF/jbossws-roles.properties</module-option> <module-option name="hashAlgorithm">SHA</module-option> <module-option name="hashEncoding">BASE64</module-option> <module-option name="hashUserPassword">false</module-option> <module-option name="hashStorePassword">true</module-option> <module-option name="storeDigestCallback">org.jboss.ws.extensions.security.auth.callback.UsernameTokenCallback</module-option> <module-option name="unauthenticatedIdentity">anonymous</module-option> </login-module> </authentication> </application-policy>
- plug the
UsernameTokenCallback
callback into your login module - extend the
org.jboss.security.auth.spi.UsernamePasswordLoginModule
- set the hash attributes (
hashAlgorithm
,hashEncoding
,hashUserPassword
,hashStorePassword
) as shown in Example 10.3, “UsernameTokenCallback Module”.
The way nonces are created, and subsequently checked and stored on the server side, influences overall security against replay attacks. Currently JBossWS ships with a basic implementation of a nonce store that does not cache the received tokens on the server side.
NonceFactory
and NonceStore
interfaces. You can find these interfaces in the org.jboss.ws.extensions.security.nonce package.
jboss-wsse-server.xml
file.
If a Timestamp is present in the wsse:Security
header, header verification does not allow for any tolerance whatsoever in the time comparisons. If the message appears to have been created even slightly in the future or if the message has just expired it will be rejected. A new element called <timestamp-verification> is available for the wsse configuration. Example 10.4, “<timestamp-verification> Configuration” describes the required attributes for the <timestamp-verification> element.
Example 10.4. <timestamp-verification> Configuration
<jboss-ws-security xmlns='http://www.jboss.com/ws-security/config' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd'> <timestamp-verification createdTolerance="5" warnCreated="false" expiresTolerance="10" warnExpires="false" /> </jboss-ws-security>
-
createdTolerance
- Number of seconds in the future a message will be accepted. The default value is
0
-
expiresTolerance
- Number of seconds a message is rejected after being classed as expired. The default value is
0
. -
warnCreated
- Specifies whether to log a warning message if a message is accepted with a 'Created' value in the future. The default value is
true
. -
warnExpires
- Specifies whether to log a warning message if a message is accepted with an 'Expired' value in the past. The default value is
true
.
Note
warnCreated
and warnExpires
attributes can be used to identify accepted messages that would normally be rejected. You can use this data to identify clients that are out of sync with the server time, without rejecting the client messages.
10.21.2.5.1. Secure Transport
10.21.2.6. X509 Certificate Token
To configure encryption, you must specify the items in Example 10.5, “X509 Encryption Configuration”. The configuration is the same for clients and servers.
Example 10.5. X509 Encryption Configuration
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <key-store-file>WEB-INF/bob-sign_enc.jks</key-store-file><key-store-password>password</key-store-password> <key-store-type>jks</key-store-type> <trust-store-file>WEB-INF/wsse10.truststore</trust-store-file> <trust-store-password>password</trust-store-password> <config> <timestamp ttl="300"/> <sign type="x509v3" alias="1" includeTimestamp="true"/>
<encrypt type="x509v3"
alias="alice" algorithm="aes-256" keyWrapAlgorithm="rsa_oaep" tokenReference="keyIdentifier" /> <requires>
<signature/> <encryption/> </requires> </config> </jboss-ws-security>
Keystore and Truststore information: location of each store, the password, and type of store.
| |
Signature configuration: you must provide the certificate and key pair aliases to use. includeTimestamp specifies whether the timestamp is signed to prevent tampering.
| |
Encryption configuration: you must provide the certificate and key pair aliases to use. Refer to Algorithms for more information.
| |
Optional security requirements: incoming messages must be both signed, and encrypted.
|
When replying to multiple clients, a service provider must encrypt a message according to its destination using the correct public key. The JBossWS native implementation of WS-Security obtains the correct key to use from the signature received (and verified) in the incoming message.
Example 10.6. Dynamic Encryption Configuration
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <key-store-file>WEB-INF/bob-sign_enc.jks</key-store-file> <key-store-password>password</key-store-password> <key-store-type>jks</key-store-type> <trust-store-file>WEB-INF/wsse10.truststore</trust-store-file> <trust-store-password>password</trust-store-password> <config> <timestamp ttl="300"/> <sign type="x509v3" alias="1" includeTimestamp="true"/> <encrypt type="x509v3"algorithm="aes-256" keyWrapAlgorithm="rsa_oaep" tokenReference="keyIdentifier" /> <requires> <signature/>
<encryption/> </requires> </config> </jboss-ws-security>
Do not specify any encryption alias on the server side.
| |
Declare that a signature is required.
|
Asymmetric and symmetric encryption is performed whenever the <encrypt> element is declared. Message data are encrypted using a generated symmetric secured key. This key is written in the SOAP header after being encrypted (wrapped) with the receiver public key. You can set both the encryption and key wrap algorithms.
- AES 128 (aes-128) (default)
- AES 192 (aes-192)
- AES 256 (aes-256)
- Triple DES (triple-des)
- RSA v1.5 (rsa_15) (default)
- RSA OAEP (rsa_oaep)
Note
For interoperability reasons, you may need to configure the type of reference to encryption token to be used. For example, Microsoft Indigo does not support direct reference to local binary security tokens which are the default reference type used by JBossWS.
tokenReference
attribute in the <encrypt> element. The values for the tokenReference
attribute are:
directReference
(default)keyIdentifier
- specifies the token data by means of an X509 SubjectKeyIdentifier reference.x509IssuerSerial
- uniquely identifies an end entity certificate by its X509 Issuer and Serial Number
Note
JBossWS gives you precise control over elements that must be signed or encrypted. This allows you to encrypt important data only (such as credit card numbers) instead of other, security-trivial, information exchanged by the same service (email addresses, for example). To configure this, you must specify the Qualified Name (qname) of the SOAP elements to encrypt. The default behavior is to encrypt the whole SOAP body.
<encrypt type="x509v3" alias="alice"> <targets> <target type="qname">{http://www.my-company.com/cc}CardNumber</target> <target type="qname">{http://www.my-company.com/cc}CardExpiration</target> <target type="qname" contentOnly="true">{http://www.my-company.com/cc}CustomerData</target> </targets> </encrypt>
Signature verification errors can occur in signed message payloads that contain carriage returns (\r
) due to the way the special character is parsed by XML parsers. To prevent this issue, you can choose to implement custom encoding before sending the payload. Users can either encrypt the message, or force JBossWS to perform canonical normalization of messages.
true
in the MessageContext. The property must be set just before the invocation on the client side and in the endpoint implementation.
10.21.2.7. JAAS Integration
Username Token Profile provides a mean of specifying the caller's username and password. The wsse server configuration file can be used to have those information used when performing authentication and authorization through configured login module.
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <config> <username/> <authenticate> <usernameAuth/> </authenticate> </config> </jboss-ws-security>
In previous versions of JBossWS, the username token was always used to set the principal and credential of the caller whenever specified. This behavior is retained for backward compatibility reasons where no <authenticate> element is specified and the username token is used.
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <key-store-file>META-INF/bob-sign.jks</key-store-file> <key-store-password>password</key-store-password> <key-store-type>jks</key-store-type> <trust-store-file>META-INF/wsse10.truststore</trust-store-file> <trust-store-password>password</trust-store-password> <config> <sign type="x509v3" alias="1" includeTimestamp="false"/> <requires> <signature/> </requires> <authenticate> <signatureCertAuth certificatePrincipal="org.jboss.security.auth.certs.SubjectCNMapping"/></authenticate> </config> </jboss-ws-security>
The optional certificatePrincipal attribute specifies the class used to retrieve the principal from the X.509 certificate's attributes. The selected class must extend CertificatePrincipal . The default class used when no attribute is specified is org.jboss.security.auth.certs.SubjectDNMapping .
|
Example 10.7. BaseCertLoginModule Security Domain
CertRolesLoginModule
that also enables authorization (using the specified jbossws-roles.properties
file).
<application-policy name="JBossWSCert"> <authentication> <login-module code="org.jboss.security.auth.spi.CertRolesLoginModule" flag="required"> <module-option name="rolesProperties">jbossws-roles.properties</module-option> <module-option name="unauthenticatedIdentity">anonymous</module-option> <module-option name="securityDomain">java:/jaas/JBossWSCert</module-option> </login-module> </authentication> </application-policy>
org.jboss.security.plugins.JaasSecurityDomain
MBean as shown in Example 10.8, “BaseCertLoginModule Keystore”.
Example 10.8. BaseCertLoginModule Keystore
<mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=SecurityDomain"> <constructor> <arg type="java.lang.String" value="JBossWSCert"/> </constructor> <attribute name="KeyStoreURL">resource:META-INF/keystore.jks</attribute> <attribute name="KeyStorePass">password</attribute> <depends>jboss.security:service=JaasSecurityManager</depends> </mbean>
CertificatePrincipal
mapping class accesses the keystore using the principal obtained from the associated wsse header. If a certificate is found and is the same as the one specified in the wsse header, the user is successfully authenticated.
10.21.2.8. POJO Endpoint Authentication and Authorization
Important
Procedure 10.1. Enabling POJO Authentication and Authorization
Define Security Domain in Web Archive
You must define a security domain in the WAR containing the POJO.Specify a <security-domain> in the jboss-web deployment descriptor within the/WEB-INF
folder.<jboss-web> <security-domain>java:/jaas/JBossWS</security-domain> </jboss-web>
Configure the jboss-wsse-server.xml <authorize> element
Specify an <authorize> element within the <config> element.The <config> element can be defined globally, be port-specific, or operation-specific.The <authorize> element must contain either the <unchecked/> element or one or more <role> elements. Each <role> element must contain the name of a valid RoleName.You can choose to implement two types of authentication: unchecked, and role-based authentication.Unchecked AuthenticationThe authentication step is performed to validate the user's username and password, but no further role checking takes place. If the user's username and password are invalid, the request is rejected.
Example 10.9. Unchecked Authentication
<jboss-ws-security> <config> <authorize> <unchecked/> </authorize> </config> </jboss-ws-security>
Role-based AuthenticationThe user is authenticated using their username and password as per Unchecked Authentication. Once the user's username and password is verified, user credentials are checked again to ensure at least of the roles specified in the <role> element is assigned to the user.
Note
Authentication and authorization proceeds even if no username and password, or certificate was provided in the request message. In this scenario, authentication may proceed if the security domain's login module has been configured with an anonymous identity.Example 10.10. Role-based Authentication
<jboss-ws-security> <config> <authorize> <role>friend</role> <role>family</role> </authorize> </config> </jboss-ws-security>
10.21.3. XML Registries
10.21.3.1. Apache jUDDI Configuration
juddi-service.sar
archive in the all
server profile. The configuration of this service can be done in the jboss-service.xml
of the META-INF
directory in the juddi-service.sar
<!-- Datasource to Database --> <attribute name="DataSourceUrl">java:/DefaultDS</attribute>
<!-- Should all tables be created on Start--> <attribute name="CreateOnStart">false</attribute> <!-- Should all tables be dropped on Stop--> <attribute name="DropOnStop">true</attribute> <!-- Should all tables be dropped on Start--> <attribute name="DropOnStart">false</attribute>
<!-- Should I bind a Context to which JaxrConnectionFactory bound--> <attribute name="ShouldBindJaxr">true</attribute> <!-- Context to which JaxrConnectionFactory to bind to. If you have remote clients, please bind it to the global namespace(default behavior). To just cater to clients running on the same VM as JBoss, change to java:/JAXR --> <attribute name="BindJaxr">JAXR</attribute>
Look at the script META-INF/ddl/juddi_data.ddl for more details. Example for a user 'jboss' INSERT INTO PUBLISHER (PUBLISHER_ID,PUBLISHER_NAME, EMAIL_ADDRESS,IS_ENABLED,IS_ADMIN) VALUES ('jboss','JBoss User','jboss@xxx','true','true');
10.21.3.2. JBoss JAXR Configuration
javax.xml.registry.ConnectionFactoryClass=org.apache.ws.scout.registry. ConnectionFactoryImpl jaxr.query.url=http://localhost:8080/juddi/inquiry jaxr.publish.url=http://localhost:8080/juddi/publish scout.proxy.transportClass=org.jboss.jaxr.scout.transport.SaajTransport
- When the client code is running inside JBoss (maybe a servlet or an EJB). Then you will need to pass the System properties in the
run.sh
orrun.bat
scripts to the java process via the"-D"
option. - When the client code is running in an external JVM. Then you can pass the properties either as "-D" options to the java process or explicitly set them in the client code(not recommended).
System.setProperty(propertyname, propertyvalue);
10.21.3.3. JAXR Sample Code
- javax.xml.registry.RegistryService From J2EE 5.0 JavaDoc: "This is the principal interface implemented by a JAXR provider. A registry client can get this interface from a Connection to a registry. It provides the methods that are used by the client to discover various capability specific interfaces implemented by the JAXR provider."
- javax.xml.registry.BusinessLifeCycleManager From J2EE 5.0 JavaDoc: "The
BusinessLifeCycleManager
interface, which is exposed by the Registry Service, implements the life cycle management functionality of the Registry as part of a business level API. There is no authentication information provided, because the Connection interface keeps that state and context on behalf of the client." - javax.xml.registry.BusinessQueryManager From J2EE 5.0 JavaDoc: "The
BusinessQueryManager
interface, which is exposed by the Registry Service, implements the business style query interface. It is also referred to as the focused query interface."
String queryurl = System.getProperty("jaxr.query.url", "http://localhost:8080/juddi/inquiry"); String puburl = System.getProperty("jaxr.publish.url", "http://localhost:8080/juddi/publish"); .. Properties props = new Properties(); props.setProperty("javax.xml.registry.queryManagerURL", queryurl); props.setProperty("javax.xml.registry.lifeCycleManagerURL", puburl); String transportClass = System.getProperty("scout.proxy.transportClass", "org.jboss.jaxr.scout.transport.SaajTransport"); System.setProperty("scout.proxy.transportClass", transportClass); // Create the connection, passing it the configuration properties factory = ConnectionFactory.newInstance(); factory.setProperties(props); connection = factory.createConnection();
/** * Does authentication with the uddi registry */ protected void login() throws JAXRException { PasswordAuthentication passwdAuth = new PasswordAuthentication(userid, passwd.toCharArray()); Set creds = new HashSet(); creds.add(passwdAuth); connection.setCredentials(creds); }
/** * Creates a Jaxr Organization with 1 or more services */ protected Organization createOrganization(String orgname) throws JAXRException { Organization org = blm.createOrganization(getIString(orgname)); org.setDescription(getIString("JBoss Inc")); Service service = blm.createService(getIString("JBOSS JAXR Service")); service.setDescription(getIString("Services of XML Registry")); //Create serviceBinding ServiceBinding serviceBinding = blm.createServiceBinding(); serviceBinding.setDescription(blm.createInternationalString("Test Service Binding")); //Turn validation of URI off serviceBinding.setValidateURI(false); serviceBinding.setAccessURI("http://testjboss.org"); ... // Add the serviceBinding to the service service.addServiceBinding(serviceBinding); User user = blm.createUser(); org.setPrimaryContact(user); PersonName personName = blm.createPersonName("Anil S"); TelephoneNumber telephoneNumber = blm.createTelephoneNumber(); telephoneNumber.setNumber("111-111-7777"); telephoneNumber.setType(null); PostalAddress address = blm.createPostalAddress("111", "My Drive", "BuckHead", "GA", "USA", "1111-111", ""); Collection postalAddresses = new ArrayList(); postalAddresses.add(address); Collection emailAddresses = new ArrayList(); EmailAddress emailAddress = blm.createEmailAddress("anil@apache.org"); emailAddresses.add(emailAddress); Collection numbers = new ArrayList(); numbers.add(telephoneNumber); user.setPersonName(personName); user.setPostalAddresses(postalAddresses); user.setEmailAddresses(emailAddresses); user.setTelephoneNumbers(numbers); ClassificationScheme cScheme = getClassificationScheme("ntis-gov:naics", ""); Key cKey = blm.createKey("uuid:C0B9FE13-324F-413D-5A5B-2004DB8E5CC2"); cScheme.setKey(cKey); Classification classification = blm.createClassification(cScheme, "Computer Systems Design and Related Services", "5415"); org.addClassification(classification); ClassificationScheme cScheme1 = getClassificationScheme("D-U-N-S", ""); Key cKey1 = blm.createKey("uuid:3367C81E-FF1F-4D5A-B202-3EB13AD02423"); cScheme1.setKey(cKey1); ExternalIdentifier ei = blm.createExternalIdentifier(cScheme1, "D-U-N-S number", "08-146-6849"); org.addExternalIdentifier(ei); org.addService(service); return org; }
/** * Locale aware Search a business in the registry */ public void searchBusiness(String bizname) throws JAXRException { try { // Get registry service and business query manager this.getJAXREssentials(); // Define find qualifiers and name patterns Collection findQualifiers = new ArrayList(); findQualifiers.add(FindQualifier.SORT_BY_NAME_ASC); Collection namePatterns = new ArrayList(); String pattern = "%" + bizname + "%"; LocalizedString ls = blm.createLocalizedString(Locale.getDefault(), pattern); namePatterns.add(ls); // Find based upon qualifier type and values BulkResponse response = bqm.findOrganizations(findQualifiers, namePatterns, null, null, null, null); // check how many organization we have matched Collection orgs = response.getCollection(); if (orgs == null) { log.debug(" -- Matched 0 orgs"); } else { log.debug(" -- Matched " + orgs.size() + " organizations -- "); // then step through them for (Iterator orgIter = orgs.iterator(); orgIter.hasNext();) { Organization org = (Organization)orgIter.next(); log.debug("Org name: " + getName(org)); log.debug("Org description: " + getDescription(org)); log.debug("Org key id: " + getKey(org)); checkUser(org); checkServices(org); } } } finally { connection.close(); } }
10.21.3.4. Troubleshooting
- I cannot connect to the registry from JAXR. Please check the inquiry and publish url passed to the JAXR ConnectionFactory.
- I cannot connect to the jUDDI registry. Please check the jUDDI configuration and see if there are any errors in the server.log. And also remember that the jUDDI registry is available only in the "all" configuration.
- I cannot authenticate to the jUDDI registry. Have you added an authorized user to the jUDDI database, as described earlier in the chapter?
- I would like to view the SOAP messages in transit between the client and the UDDI Registry. Please use the tcpmon tool to view the messages in transit. TCPMon
10.21.3.5. Resources
10.22. JBossWS Extensions
10.22.1. Proprietary Annotations
10.22.1.1. EndpointConfig
/** * Defines an endpoint or client configuration. * This annotation is valid on an endpoint implementaion bean or a SEI. */ @Retention(value = RetentionPolicy.RUNTIME) @Target(value = { ElementType.TYPE }) public @interface EndpointConfig { ... /** * The optional config-name element gives the configuration name that must be present in * the configuration given by element config-file. * * Server side default: Standard Endpoint * Client side default: Standard Client */ String configName() default ""; ... /** * The optional config-file element is a URL or resource name for the configuration. * * Server side default: standard-jaxws-endpoint-config.xml * Client side default: standard-jaxws-client-config.xml */ String configFile() default ""; }
10.22.1.2. WebContext
/** * Provides web context specific meta data to EJB based web service endpoints. * * @author thomas.diesler@jboss.org * @since 26-Apr-2005 */ @Retention(value = RetentionPolicy.RUNTIME) @Target(value = { ElementType.TYPE }) public @interface WebContext { ... /** * The contextRoot element specifies the context root that the web service endpoint is deployed to. * If it is not specified it will be derived from the deployment short name. * * Applies to server side port components only. */ String contextRoot() default ""; ... /** * The virtual hosts that the web service endpoint is deployed to. * * Applies to server side port components only. */ String[] virtualHosts() default {}; /** * Relative path that is appended to the contextRoot to form fully qualified * endpoint address for the web service endpoint. * * Applies to server side port components only. */ String urlPattern() default ""; /** * The authMethod is used to configure the authentication mechanism for the web service. * As a prerequisite to gaining access to any web service which are protected by an authorization * constraint, a user must have authenticated using the configured mechanism. * * Legal values for this element are "BASIC", or "CLIENT-CERT". */ String authMethod() default ""; /** * The transportGuarantee specifies that the communication * between client and server should be NONE, INTEGRAL, or * CONFIDENTIAL. NONE means that the application does not require any * transport guarantees. A value of INTEGRAL means that the application * requires that the data sent between the client and server be sent in * such a way that it can not be changed in transit. CONFIDENTIAL means * that the application requires that the data be transmitted in a * fashion that prevents other entities from observing the contents of * the transmission. In most cases, the presence of the INTEGRAL or * CONFIDENTIAL flag will indicate that the use of SSL is required. */ String transportGuarantee() default ""; /** * A secure endpoint does not by default publish it's wsdl on an unsecure transport. * You can override this behavior by explicitly setting the secureWSDLAccess flag to false. * * Protect access to WSDL. See http://jira.jboss.org/jira/browse/JBWS-723 */ boolean secureWSDLAccess() default true; }
10.22.1.3. SecurityDomain
/** * Annotation for specifying the JBoss security domain for an EJB */ @Target(ElementType.TYPE) @Retention(RetentionPolicy.RUNTIME) public @interface SecurityDomain { /** * The required name for the security domain. * * Do not use the JNDI name * * Good: "MyDomain" * Bad: "java:/jaas/MyDomain" */ String value(); /** * The name for the unauthenticated pricipal */ String unauthenticatedPrincipal() default ""; }
10.23. Web Services Appendix
Note
Chapter 11. Additional Services
11.1. Exposing MBean Events via SNMP
snmp-adaptor.sar
. This service is only available in the all
configuration, so you will need to copy the .sar
file to your configuration if you want to use the service from another profile.
snmp-adaptor.sar
directory, there are two configuration files that control the SNMP service.
- managers.xml
- This file configures where to send traps. The content model for this file is shown in Figure 11.1, “The schema for the SNMP managers file”.
- notifications.xml
- This file specifies the exact mapping of each notification type to a corresponding SNMP trap. The content model for this file is shown in Figure 11.2, “The schema for the notification to trap mapping file”.
SNMPAgentService
MBean is configured in snmp-adaptor.sar/META-INF/jboss-service.xml
.
Table 11.1.
Parameter | Description |
---|---|
HeartBeatPeriod | The period in seconds at which heartbeat notifications are generated. |
ManagersResName | Specifies the resource name of the managers.xml file. |
NotificationMapResName | Specifies the resource name of the notifications.xml file. |
TrapFactoryClassName | The org.jboss.jmx.adaptor.snmp.agent.TrapFactory implementation class that takes care of translation of JMX Notifications into SNMP V1 and V2 traps. |
TimerName | Specifies the JMX ObjectName of the JMX timer service to use for heartbeat notifications. |
SubscriptionList | Specifies which MBeans and notifications to listen for. |

Figure 11.1. The schema for the SNMP managers file

Figure 11.2. The schema for the notification to trap mapping file
TrapdService
is a simple MBean that acts as an SNMP Manager. It listens to a configurable port for incoming traps and logs them as DEBUG messages using the system logger. You can modify the log4j configuration to redirect the log output to a file. SnmpAgentService
and TrapdService
are not dependent on each other.
Chapter 12. JBoss AOP
12.1. Some key terms
A joinpoint is any point in your Java program. The call of a method, the execution of a constructor, the access of a field; all these are joinpoints. You could also think of a joinpoint as a particular Java event, where an event is a method call, constructor call, field access, etc.
An invocation is a JBoss AOP class that encapsulates what a joinpoint is at runtime. It could contain information like which method is being called, the arguments of the method, etc.
An advice is a method that is called when a particular joinpoint is executed, such as the behavior that is triggered when a method is called. It could also be thought of as the code that performs the interception. Another analogy is that an advice is an "event handler".
Pointcuts are AOP's expression language. Just as a regular expression matches strings, a pointcut expression matches a particular joinpoint.
An introduction modifies the type and structure of a Java class. It can be used to force an existing class to implement an interface or to add an annotation to anything.
An aspect is a plain Java class that encapsulates any number of advices, pointcut definitions, mixins, or any other JBoss AOP construct.
An interceptor is an aspect with only one advice, named invoke
. It is a specific interface that you can implement if you want your code to be checked by forcing your class to implement an interface. It also will be portable and can be reused in other JBoss environments like EJBs and JMX MBeans.
public class BankAccountDAO { public void withdraw(double amount) { long startTime = System.currentTimeMillis(); try { // Actual method body... } finally { long endTime = System.currentTimeMillis() - startTime; System.out.println("withdraw took: " + endTime); } } }
- It's extremely difficult to turn metrics on and off, as you have to manually add the code in the
try
/finally
blocks to each and every method or constructor you want to benchmark. - Profiling code should not be combined with your application code. It makes your code more verbose and difficult to read, since the timings must be enclosed within the
try
/finally
blocks. - If you wanted to expand this functionality to include a method or failure count, or even to register these statistics to a more sophisticated reporting mechanism, you'd have to modify a lot of different files (again).
BankAccountDAO
to go through a metrics aspect before executing the actual body of that code.
12.2. Creating Aspects in JBoss AOP
try
/finally
block in our first code example's BankAccountDAO.withdraw()
method into Metrics
, an implementation of a JBoss AOP Interceptor class.
01. public class Metrics implements org.jboss.aop.advice.Interceptor 02. { 03. public Object invoke(Invocation invocation) throws Throwable 04. { 05. long startTime = System.currentTimeMillis(); 06. try 07. { 08. return invocation.invokeNext(); 09. } 10. finally 11. { 12. long endTime = System.currentTimeMillis() - startTime; 13. java.lang.reflect.Method m = ((MethodInvocation)invocation).method; 14. System.out.println("method " + m.toString() + " time: " + endTime + "ms"); 15. } 16. } 17. }
withdraw()
: when calling code invokes withdraw()
, the AOP framework breaks the method call into its parts and encapsulates those parts into an Invocation object. The framework then calls any aspects that sit between the calling code and the actual method body.
Metrics
's invoke method at line 3. Line 8 wraps and delegates to the actual method and uses an enclosing try
/finally
block to perform the timings. Line 13 obtains contextual information about the method call from the Invocation
object, while line 14 displays the method name and the calculated metrics.
Metrics
code within its own object allows us to easily expand and capture additional measurements later on. Now that metrics are encapsulated into an aspect, let us see how to apply it.
12.3. Applying Aspects in JBoss AOP
executeQuery()
, call the aspect that verifies SQL syntax."
<interceptor name="SimpleInterceptor" class="com.mc.Metrics"/><bind pointcut="execution (public void com.mc.BankAccountDAO->withdraw(double amount))" >
<interceptor-ref name="SimpleInterceptor" /> </bind>
<bind pointcut="execution (* com.mc.billing.->(..))">
<interceptor-ref name="com.mc.Metrics" /> </bind>
![]()
Defines the mapping of the interceptor name to the interceptor class.
| |
Lines 2-4 define a pointcut that applies the metrics aspect to the specific method BankAccountDAO.withdraw() .
| |
Lines 5-7 define a general pointcut that applies the metrics aspect to all methods in all classes in the com.mc.billing package. There is also an optional annotation mapping if you prefer to avoid XML.
|
BankAccountDAO
class does not detect that it is being profiled. Profiling is part of what aspect-oriented programmers deem orthogonal concerns. In the object-oriented programming code snippet at the beginning of this chapter, profiling was part of the application code. AOP allows you to remove that code. A modern promise of middleware is transparency, and AOP clearly delivers.
12.4. Packaging AOP Applications
deploy/
directory with the signature *-aop.xml
along with your package (this is how the base-aop.xml
, included in the jboss-aop.deployer
file works) or you can include it in the JAR file containing your classes. If you include your XML file in your JAR, it must have the file extension .aop
and a jboss-aop.xml
file must be contained in a META-INF
directory, for instance: META-INF/jboss-aop.xml
.
xmlns="urn:jboss:aop-beans:1:0
attribute to the root aop
element, as shown here:
<aop xmlns="urn:jboss:aop-beans:1.0"> </aop>
.aop
JAR files, you can make any top-level deployment contain an AOP file containing the XML binding configuration. For instance you can have an AOP file in an EAR file, or an AOP file in a WAR file. The bindings specified in the META-INF/jboss-aop.xml
file contained in the AOP file will affect all the classes in the whole WAR file.
.ear/META-INF/application.xml
as a Java module, as follows:
<?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE application PUBLIC '-//Sun Microsystems, Inc.//DTD J2EE Application 1.2//EN''http://java.sun.com/j2ee/dtds/application_1_2.dtd'> <application> <display-name>AOP in JBoss example</display-name> <module> <java>example.aop</java> </module> <module> <ejb>aopexampleejb.jar</ejb> </module> <module> <web> <web-uri>aopexample.war</web-uri> <context-root>/aopexample</context-root> </web> </module> </application>
Important
.ear
file are deployed in the order they are listed in the application.xml
. When using loadtime weaving the bindings listed in the example.aop
file must be deployed before the classes being advised are deployed, so that the bindings exist in the system before (for example) the ejb
and servlet
classes are loaded. This is achieved by listing the AOP file at the start of the application.xml
. Other types of archives are deployed before anything else and so do not require special consideration, such as .sar
and .war
files.
12.5. The JBoss AspectManager Service
AspectManager
Service can be managed at runtime using the JMX console, which is found at http://localhost:8080/jmx-console
. It is registered under the ObjectName jboss.aop:service=AspectManager
. If you want to configure it on start up you need to edit some configuration files.
AspectManager
Service is configured using a JBoss Microcontainer bean. The configuration file is jboss-as/server/PROFILE/conf/bootstrap/aop.xml
. The AspectManager
Service is deployed with the following XML:
<bean name="AspectManager" class="org.jboss.aop.deployers.AspectManagerJDK5"> <property name="jbossIntegration"><inject bean="AOPJBossIntegration"/></property> <property name="enableLoadtimeWeaving">false</property> <!-- only relevant when EnableLoadtimeWeaving is true. When transformer is on, every loaded class gets transformed. If AOP can not find the class, then it throws an exception. Sometimes, classes may not have all the classes they reference. So, the Suppressing is needed. (For instance, JBoss cache in the default configuration) --> <property name="suppressTransformationErrors">true</property> <property name="prune">true</property> <property name="include">org.jboss.test., org.jboss.injbossaop.</property> <property name="exclude">org.jboss.</property> <!-- This avoids instrumentation of hibernate cglib enhanced proxies <property name="ignore">*$$EnhancerByCGLIB$$*</property> --> <property name="optimized">true</property> <property name="verbose">false</property> <!-- Available choices for this attribute are: org.jboss.aop.instrument.ClassicInstrumentor (default) org.jboss.aop.instrument.GeneratedAdvisorInstrumentor --> <!-- <property name="instrumentor">org.jboss.aop.instrument.ClassicInstrumentor</property>--> <!-- By default the deployment of the aspects contained in ../deployers/jboss-aop-jboss5.deployer/base-aspects.xml are not deployed. To turn on deployment uncomment this property <property name="useBaseXml">true</property>--> </bean>
AspectManager
Service. To do this, replace the contents of the class
attribute of the bean
element.
12.6. Loadtime transformation in the JBoss Enterprise Application Platform Using Sun JDK
- Set the
enableLoadtimeWeaving
attribute/property totrue
. By default, JBoss Enterprise Application Platform will not do load-time bytecode manipulation of AOP files unless this is set. IfsuppressTransformationErrors
istrue
, failed bytecode transformation will only give an error warning. This flag is needed because sometimes a JBoss deployment will not include all of the classes referenced. - Copy the
pluggable-instrumentor.jar
from thelib/
directory of your JBoss AOP distribution to thebin/
directory of your JBoss Enterprise Application Platform. - Next edit
run.sh
orrun.bat
(depending on what OS you are on) and add the following to theJAVA_OPTS
environment variable:set JAVA_OPTS=%JAVA_OPTS% -Dprogram.name=%PROGNAME% -javaagent:pluggable-instrumentor.jar
Important
org.jboss.aop.deployers.AspectManagerJDK5
or org.jboss.aop.deployment.AspectManagerServiceJDK5
as these are what work with the -javaagent
option.
12.7. JRockit
-javaagent
switch mentioned in Section 12.6, “Loadtime transformation in the JBoss Enterprise Application Platform Using Sun JDK”. If you wish to use that, then the steps in Section 12.6, “Loadtime transformation in the JBoss Enterprise Application Platform Using Sun JDK” are sufficient. However, JRockit also comes with its own framework for intercepting when classes are loaded, which might be faster than the -javaagent
switch. If you want to do load-time transformations using the special JRockit hooks, these are the steps you must take.
- Set the
enableLoadtimeWeaving
attribute/property to true. By default, JBoss Enterprise Application Platform will not do load-time bytecode manipulation of AOP files unless this is set. IfsuppressTransformationErrors
istrue
, failed bytecode transformation will only give an error warning. This flag is needed because sometimes a JBoss deployment will not include all the classes referenced. - Copy the
jrockit-pluggable-instrumentor.jar
from thelib/
directory of your JBoss AOP distribution to thebin/
directory of your the JBoss Enterprise Application Platform installation. - Next edit
run.sh
orrun.bat
(depending on what OS you are on) and add the following to theJAVA_OPTS
andJBOSS_CLASSPATH
environment variables:# Setup JBoss specific properties JAVA_OPTS="$JAVA_OPTS -Dprogram.name=$PROGNAME \ -Xmanagement:class=org.jboss.aop.hook.JRockitPluggableClassPreProcessor" JBOSS_CLASSPATH="$JBOSS_CLASSPATH:jrockit-pluggable-instrumentor.jar"
- Set the class of the
AspectManager
Service toorg.jboss.aop.deployers.AspectManagerJRockit
on JBoss Enterprise Application Platform 5, ororg.jboss.aop.deployment.AspectManagerService
as these are what work with special hooks in JRockit.
12.8. Improving Loadtime Performance in the JBoss Enterprise Application Platform Environment
jboss-5.x.x.GA/server/xxx/conf/aop.xml
file talked about earlier in this chapter.
12.9. Scoping the AOP to the classloader
12.9.1. Deploying as part of a scoped classloader
.aop/META-INF/jboss-aop.xml
file will only apply to the classes within the scoped archive and not to anything else in the application server. Another alternative is to deploy -aop.xml
files as part of a service archive (SAR). Again, if the SAR is scoped, the bindings contained in the -aop.xml
files will only apply to the contents of the SAR file. It is not currently possible to deploy a standalone -aop.xml
file and have that attach to a scoped deployment. Standalone -aop.xml
files will apply to classes in the whole application server.
12.9.2. Attaching to a scoped deployment
jboss-app.xml
file, with the scoped loader repository jboss.test:service=scoped
:
<jboss-app> <loader-repository> jboss.test:service=scoped </loader-repository> </jboss-app>
loader-repository
tag in the AOP file's META-INF/jboss-aop.xml
file.
<?xml version="1.0" encoding="UTF-8"?> <aop> <loader-repository>jboss.test:service=scoped</loader-repository> <!-- Aspects and bindings --> </aop>
Chapter 13. Transaction Management
13.1. Overview
- JBoss Transaction Service JTS
- A Transaction Manager capable of distributing transaction context on remote IIOP method calls, creating a single distributed transaction which spans multiple Java Virtual Machines. This is useful for large-scale applications that span multiple servers, or for standards based interoperability with transactional business logic running in CORBA based systems. The functionality of this module can be accessed through the standard JTA API. In this way, it is a drop-in replacement and does not require changes to transactional business logic. To enable it, refer to Section 13.8, “Using the JTS Module” for more information.
- JBoss Transaction Service XTS
- A Transaction Manager, based on XML, which implements the WS-AtomicTransaction (WS-AT) and WS-BusinessActivity (WS-BA) specifications. This additional module uses core transaction support provided by the JTA or JTS managers, along with web services functionality provided by JBossWS Native. It is deployed into the server as an application. Applications may use WS-AT to provide standards based, distributed ACID transactions in a manner similar to JTS but using a Web Services transport, instead of CORBA. The WS-BA implementation compliments this by providing an alternative, compensation-based transaction model, well suited to coordinating long-running, loosely coupled business processes. XTS also implements a WS-Coordination (WS-C) service which is usually accessed internally by the local WS-AT and WS-BA implementations. However, this WS-C service can also be used to provide remote coordination for WS-AT and WS-BA transactions created in other server instances or non-JBoss containers. Refer to the JBoss Transactions Web Services Programmer's Guide for more details. To enable XTS, refer to Section 13.9, “Using the XTS Module”.
13.2. Configuration Essentials
<JBOSS_HOME>/server/<PROFILE>/conf/jbossts-properties.xml
. It contains defaults for the most commonly used properties. Many more are detailed in the accompanying JBoss Transaction Service Administration Guide. Each setting has a hard-coded default, but the system may not function properly if a configuration file does not exist. Additional configuration is also possible as part of the Microcontainer beans configuration found in the <JBOSS_HOME>/server/<PROFILE>/deploy/transaction-jboss-beans.xml
file. This ties the transaction manager into the overall server profile, overriding the transaction configuration file settings with values specific to the application server where appropriate. In particular, it uses the Service Binding Manager to set port binding information, as well as overriding selected other properties. Configuration properties are read by the Transaction Service at server initialization, and the server must be restarted to incorporate any changes made to the configuration files.
Table 13.1. Most Critical Properties for JBoss Transaction Service
Property Name
|
Default Value
|
Description
|
---|---|---|
transactionTimeout
|
300 seconds
|
the default time, in seconds, after which a transaction will time out and be rolled back by. Adjust this to suit your environment and workload.
It may come as a surprise that transactions are processed asynchronously. This was a design decision, and needs to be accounted for by your code.
|
objectStoreDir
| |
The directory where transaction data is logged. The transaction log is required to complete transactions in the case of system failure, and needs to be on reliable storage. Normally one file is generated per transaction, and each file is a few kilobytes in size. These are distributed over a directory tree for optimal performance. If a RAID controller is used, it should be configured for write through cache, in much the same manner as database storage devices. Writing of the transaction log is automatically skipped in the case of transactions that are rolling back or contain only a single resource.
|
max-pool-size
| |
The Java EE Connector Architecture container keeps a dedicated physical connection open against the EIS where recovery is performed. Therefore, set the
max-pool-size to the maximum number of connection possible minus 1.
|
Table 13.2. Additional Properties for JBoss Transaction Service
Property Name
|
Default Value
|
Description
|
---|---|---|
com.arjuna.common.util.logging.DebugLevel
| 0x00000000 , which equates to no logging
|
determines the internal log threshold for the transaction manager codebase. It is independent of the overall server's log4j logging configuration, and acts to suppress extraneous log entries from being printed. When the default value is active, INFO and WARN messages are still printed, and this setting provides optimal performance.
0xffffffff enables full debug logging. This setting results in large log files.
Log messages that pass the internal
DebugLevel check are passed to the server's logging system for further processing. In theory, full debugging may be left on and log4j can be used to turn logging on or off, but in reality this has a performance impact.
|
com.arjuna.ats.arjuna.coordinator.commitOnePhase
| YES
|
Determines whether the transaction manager automatically applies the one-phase commit optimization to the transaction completion protocol, when only a single resource is registered with the transaction. Enabled by default to prevent writing transaction logs needlessly.
|
com.arjuna.ats.arjuna.objectstore.transactionSync
| ON
|
Controls the flushing of transaction logs to disk during transaction termination. The default value results in a
FileDescriptor.sync call for each committing transaction. This behavior is required to provide recovery and ACID properties. If these features are unimportant to the application in question, you can achieve better performance by disabling this property. This is discouraged, since it is usually better to write such applications in a way that avoids using transactions at all.
|
com.arjuna.ats.arjuna.xa.nodeIdentifier
com.arjuna.ats.jta.xaRecoveryNode
| |
These properties determine the behavior of the transaction recovery system. They must be configured correctly to ensure that transactions are resolved correctly so that recovery can happen if the server crashes. Please refer to the Recovery chapter of the JBoss Transactions Administration Guide for more details.
|
com.arjuna.ats.arjuna.coordinator.enableStatistics
| NO
|
Enables gathering of transaction statistics. The statistics can be viewed using methods on the
TransactionManagerService bean or its corresponding JMX MBean. Disabled by default.
|
13.3. Transactional Resources
XAResource
implementations, which are provided by the various resource managers. Resource managers may include databases, message queues or third-party JCA resource adapters. The list of databases and JDBC drivers which have been certified on JBoss Enterprise Application Platform is located at http://www.jboss.com/products/platforms/application/supportedconfigurations/. Most standards-compliant JDBC drivers should function correctly, but you should perform extensive testing when using an uncertified configuration, since interpretations of the XA specifications different from one vendor to another.
-ds.xml
. Datasources which use the <xa-datasource> property automatically interact with the transaction manager. Connections obtained by looking up such datasource in JNDI and calling getConnection
automatically participate in ongoing transactions. This is the preferred use case when transactional guarantees for data access are required.
13.4. Last Resource Commit Optimization (LRCO)
prepare
phase of the transaction, at which time an attempt is made to commit it. If the attempt is successful, the transaction log is written and the remaining resources go through the phase-two commit. If the last resource fails to commit, the transaction is rolled back. Although this protocol allows most transactions to complete normally, some errors can cause an inconsistent transaction outcome. For this reason, use LRCO as a last resort. When a single <local-tx-datasource> is used in a transaction, the LRCO is automatically applied to it. In other situations, you can designate a last resource by using a special marker interface. Refer to the JBoss Transactions Programmer's Guide for more details.
13.5. Transaction Timeout Handling
TransactionReaper
. The reaper rolls back transactions without interrupting any threads that may be operating within their scope. This prevents instability that results from interrupting threads executing arbitrary code. Furthermore, it allows for timely abort of transactions where the business logic thread may be executing non-interruptible operations such as network I/O operations. This approach may, cause unexpected behavior in code that is not designed to handle multithreaded transactions. Warning or error messages may be printed from transaction-aware components as a result of the unexpected change in transaction status. The transaction outcome should usually be unaffected. Any problems can be minimized by tuning the transaction timeout values. See Chapter 17, Datasource Configuration for more information.
13.6. Recovery Configuration
13.7. Transaction Service FAQ
- Q: I turned on debug logging, but nothing is logged.
- Q: Why do server logs show WARN Adding multiple last resources is disallowed., and why are my transactions are aborted?
- Q: My server terminated unexpectedly. It is running again, but my logs are filling with messages like WARN [com.arjuna.ats.jta.logging.loggerI18N] [com.arjuna.ats.internal.jta.resources.arjunacore.norecoveryxa] Could not find new XAResource to use for recovering non-serializable XAResource.
- Q: My transactions take a long time and sometimes strange things happen. The server log contains WARN [arjLoggerI18N] [BasicAction_58] - Abort of action id ... invoked while multiple threads active within it.
- Logs go through JBoss Transaction Service's own logging abstraction layer.
- Logs go through JBoss Enterprise Application Platform's
log4j
logging system.
WARN Adding multiple last resources is disallowed.
, and why are my transactions are aborted?
WARN [com.arjuna.ats.jta.logging.loggerI18N] [com.arjuna.ats.internal.jta.resources.arjunacore.norecoveryxa] Could not find new XAResource to use for recovering non-serializable XAResource
.
WARN [arjLoggerI18N] [BasicAction_58] - Abort of action id ... invoked while multiple threads active within it.
13.8. Using the JTS Module
jbossts-properties.xml
file to move between the JTA and JTS modules.
jbossts-properties.xml
file is located in the <JBOSS_HOME>/docs/examples/transactions/
directory. Consult the README.txt
file in the same directory for more information about changes that need to be made to other files, including the transactions-jboss-beans.xml
file. An ANT script is provided to perform all of the steps automatically, but it is recommended to consult the README.txt
carefully before running the script, as well as backing up your existing configuration.
INFO [TransactionManagerService] JBossTS Transaction Service (JTA version - ...)
INFO [TransactionManagerService] JBossTS Transaction Service (JTS version - ...)
13.9. Using the XTS Module
<JBOSS_HOME>/docs/examples/transactions/
.
Procedure 13.1. Installing the XTS Module
- Create a subdirectory in the
<JBOSS_HOME>/server/[name]/deploy/
directory, calledjbossxts.sar/
. - Unpack the .sar, which is a ZIP archive, into this new directory.
- Restart JBoss Enterprise Application Platform for the module to be active.
Note
jbossxts-api.jar
file included in the XTS Service Archive, but should avoid packaging it with their applications, to avoid classloading problems. All other JAR files contain internal implementation classes and should not be used directly.
<JBOSS_HOME>/docs/examples/transactions/README.txt
for more configuration information. The JBoss Web Services Transactions User Guide contains information about using XTS in your applications.
13.10. Transaction Management Console
<JBOSS_HOME>/docs/example/transactions/
. It is provided as an unsupported, experimental prototype. Consult the README.txt
file for its capabilities and information about its use.
13.11. Experimental Components
Warning
- txbridge
- Sometimes you may need the ability to invoke traditional transaction components, such as EJBs, within the scope of a Web Services transaction. Conversely, some traditional transactional applications may need to invoke transactional web services. The Transaction Bridge (txbridge) provides mechanisms for linking these two types of transactional services together.
- BA Framework
- The XTS API operates at a very low level, requiring the developer to undertake much of the transaction infrastructure work involved in WS-BA. The BA Framework provides high-level annotations that enable JBoss Transaction Service to handle this infrastructure. The developer can then focus more on business logic instead.
13.12. Source Code and Upgrading
INFO [TransactionManagerService] JBossTS Transaction Service (JTA version - tag:JBOSSTS_4_6_1_GA_CP02) - JBoss Inc.
tag
element corresponds to a tree under /tags/ in the Subversion repository. Note that the version refers to the version of the JBoss Transaction Service component used in the Enterprise Application Platform, not the version of EAP itself. If you build Enterprise Application Platform from source, you can also find the version by searching for the string version.jboss.jbossts
in the component-matrix/pom.xml
file.
Warning
Chapter 14. Remoting
14.1. Background
socket://bluemonkeydiamond.com:8888/?timeout=10000&serialization=jboss
14.2. JBoss Remoting Configuration
14.2.1. MBeans
<mbean code="org.jboss.remoting.transport.Connector" name="jboss.messaging:service=Connector,transport=bisocket" display-name="Bisocket Transport Connector"> <attribute name="Configuration"> <config> <invoker transport="bisocket"> <attribute name="marshaller" isParam="true">org.jboss.jms.wireformat.JMSWireFormat</attribute> <attribute name="unmarshaller" isParam="true">org.jboss.jms.wireformat.JMSWireFormat</attribute> <attribute name="serverBindAddress">${jboss.bind.address}</attribute> <attribute name="serverBindPort">4457</attribute> <attribute name="callbackTimeout">10000</attribute> ... </invoker> ... </config> </attribute> </mbean>
- This server uses the bisocket transport;
- it runs on port 4457 of host ${jboss.bind.address}; and
- JBoss Messaging uses its own marshaling algorithm.
bisocket://bluemonkeydiamond.com:4457/?marshaller= org.jboss.jms.wireformat.JMSWireFormat& unmarshaller=org.jboss.jms.wireformat.JMSWireFormat
14.2.2. POJOs
org.jboss.remoting.ServerConfiguration
POJO:
<bean name="JBMConnector" class="org.jboss.remoting.transport.Connector"> <annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX (name="jboss.messaging:service=Connector,transport=bisocket", exposedInterface=org.jboss.remoting.transport.ConnectorMBean.class, registerDirectly=true)</annotation> <property name="serverConfiguration"><inject bean="JBMConfiguration"/></property> </bean> <!-- Remoting server configuration --> <bean name="JBMConfiguration" class="org.jboss.remoting.ServerConfiguration"> <constructor> <parameter>bisocket</parameter> </constructor> <!-- Parameters visible to both client and server --> <property name="invokerLocatorParameters"> <map keyClass="java.lang.String" valueClass="java.lang.String"> <entry> <key>serverBindAddress</key> <value> <value-factory bean="ServiceBindingManager" method="getStringBinding"> <parameter>JBMConnector</parameter> <parameter>${host}</parameter> </value-factory> </value> </entry> <entry> <key>serverBindPort</key> <value> <value-factory bean="ServiceBindingManager" method="getStringBinding"> <parameter>JBMConnector</parameter> <parameter>${port}</parameter> </value-factory> </value> </entry> ... <entry><key>marshaller</key> <value>org.jboss.jms.wireformat.JMSWireFormat</value></entry> <entry><key>unmarshaller</key> <value>org.jboss.jms.wireformat.JMSWireFormat</value></entry> </map </property> <!-- Parameters visible only to server --> <property name="serverParameters"> <map keyClass="java.lang.String" valueClass="java.lang.String"> <entry><key>callbackTimeout</key> <value>10000</value></entry> </map> </property> ... </bean>
ServerConfiguration
POJO, which is then injected into the JBMConnector org.jboss.remoting.transport.Connector
POJO. The syntax is that of the Microcontainer, which is beyond the scope of this chapter. See Chapter 8, Microcontainer for details. One variation from the MBean version is the use of the ServiceBindingManager, which is also beyond the scope of this chapter. Note that the @org.jboss.aop.microcontainer.aspects.jmx.JMX annotation causes the JBMConnector to be visible as an MBean named "jboss.messaging:service=Connector,transport=bisocket".
14.3. Multihomed servers
<!-- Beans homes1 and homes2 are used to construct a multihome Remoting server. --> <bean name="homes1" class="java.lang.StringBuffer"> <constructor> <parameter class="java.lang.String"> <value-factory bean="ServiceBindingManager" method="getStringBinding"> <parameter>JBMConnector:bindingHome1</parameter> <parameter>${host}:${port}</parameter> </value-factory> </parameter> </constructor> </bean> <bean name="homes2" class="java.lang.StringBuffer"> <constructor factoryMethod="append"> <factory bean="homes1"/> <parameter> <value-factory bean="ServiceBindingManager" method="getStringBinding"> <parameter>JBMConnector:bindingHome2</parameter> <parameter>!${host}:${port}</parameter> </value-factory> </parameter> </constructor> </bean>
<entry> <key>homes</key> <value><value-factory bean="homes2" method="toString"/></value> </entry>
bisocket://multihome/?homes=external.acme.com:5555!internal.acme.com: 4444&marshaller=org.jboss.jms.wireformat.JMSWireFormat& unmarshaller=org.jboss.jms.wireformat.JMSWireFormat
14.4. Address translation
14.5. Where are they now?
<JBOSS_HOME>/server/<PROFILE>/deploy/remoting-jboss-beans.xml
<JBOSS_HOME>/server/<PROFILE>/deploy/ejb3-connectors-jboss-beans.xml
<JBOSS_HOME>/server/<PROFILE>/deploy/messaging/remoting-bisocket-service.xml
14.6. Further information.
Chapter 15. Messaging
15.1. Default JMS messaging providers
- JBoss Messaging - detailed information can be found in JBoss Messaging User Guide.
- HornetQ - detailed information can be found in HornetQ User Guide.
15.2. IBM WebSphere MQ Integration
15.2.1. Configuring WebSphere MQ Integration
The following is required before you get started configuring your instance of JBoss Enterprise Application Platform for integration with WebSphere MQ.
- A running instance of WebSphere MQ version
7.5
. - A WebSphere MQ JMS resource adapter. It is supplied with your distribution of WebSphere MQ as a Resource Archive (RAR) file called
wmq.jmsra.rar
. You can find it in theMQ.HOME/java/lib/jca
directory. - To configure the connection properly, you also need to know the values listed below. The names shown in capital letters are used in the code samples further in this chapter. When reusing the code, make sure that you replace these names with the actual values relevant for your WebSphere MQ instance.
- MQ.HOST.NAME
- The host name of the machine where the WebSphere MQ instance is running. It is also possible to specify the machine's IP address instead of the hostname.
- MQ.PORT
- The port used to connect to the WebSphere MQ queue manager. The default value is
1414
. - MQ.CHANNEL.NAME
- The server channel used to connect to the WebSphere MQ queue manager. The default value is
SYSTEM.DEF.SVRCONN
. - MQ.TRANSPORT.TYPE
- The transport type used for the connection to WebSphere MQ. The default value is
CLIENT
. - MQ.HOME
- The path to the WebSphere MQ instance's base directory. The default is
/opt/mqm/
on Linux or Unix,/usr/mqm/
on AIX andC:\ProgramFiles\IBM\WebSphere MQ
on Windows. - MQ.USER
- The user name of a user account with permissions to connect to the WebSphere MQ server by the broker.
- MQ.PASSWORD
- The password of the MQ.USER user account.
- Within the WebSphere MQ instance, you need to have objects like queue managers, queues, topics and channels defined according to the needs of your specific system. The list below contains WebSphere MQ objects that are used to demonstrate the configuration in the code samples further in this chapter. Similarly as above, when reusing the code samples, make sure that you replace the capitalized names with the names of the actual objects defined in your WebSphere MQ instance.
- MQ.QUEUE.MANAGER
- The name of the WebSphere MQ queue manager with which the connection will be established.
- MQ.QUEUE.REQUESTS
- The name of the destination message queue in WebSphere MQ to which request messages will be sent.
- MQ.QUEUE.RESPONSES
- The name of the source message queue in WebSphere MQ from which response messages will be received.
- MQ.TOPIC1
- The name of a topic defined in WebSphere MQ.
- MQ.TOPIC2
- The name of another topic defined in WebSphere MQ.
Procedure 15.1. Deploying the WebSphere MQ Resource Adapter
- Copy the
wmq.jmsra.rar
file to theJBOSS_HOME/server/PROFILE/deploy/
directory.cp MQ.HOME/java/lib/jca/wmq.jmsra.rar JBOSS_HOME/server/PROFILE/deploy/
- Create a file named
jboss_jmsra_ds.xml
in theJBOSS_HOME/server/PROFILE/deploy/
directory.Below, you can find a code sample showing the expected content of the file. The first part of the XML file defines a connection factory used to establish the connection with the WebSphere MQ instance. The second part of the file defines JNDI bindings of objects defined in WebSphere MQ to JMS administered objects.<?xml version="1.0" encoding="UTF-8"?> <connection-factories> <!-- connection factory definition --> <tx-connection-factory> <jndi-name>jms/CF</jndi-name> <xa-transaction /> <rar-name>wmq.jmsra.rar</rar-name> <connection-definition>javax.jms.ConnectionFactory</connection-definition> <config-property name="channel" type="java.lang.String">MQ.CHANNEL.NAME</config-property> <config-property name="hostName" type="java.lang.String">MQ.HOST.NAME</config-property> <config-property name="port" type="java.lang.String">MQ.PORT</config-property> <config-property name="username" type="java.lang.String">MQ.USER</config-property> <config-property name="password" type="java.lang.String">MQ.PASSWORD</config-property> <config-property name="queueManager" type="java.lang.String">MQ.QUEUE.MANAGER</config-property> <config-property name="transportType" type="java.lang.String">MQ.TRANSPORT.TYPE</config-property> <security-domain-and-application>JmsXARealm</security-domain-and-application> </tx-connection-factory> <!-- admin object definitions --> <mbean code="org.jboss.resource.deployment.AdminObject" name="jca.wmq:name=queue1"> <attribute name="JNDIName"> jms/queue/MQ.QUEUE.REQUESTS </attribute> <depends optional-attribute-name="RARName"> jboss.jca:service=RARDeployment,name='wmq.jmsra.rar' </depends> <attribute name="Type">javax.jms.Queue</attribute> <attribute name="Properties"> baseQueueManagerName=MQ.QUEUE.MANAGER baseQueueName=MQ.QUEUE.REQUESTS </attribute> </mbean> <mbean code="org.jboss.resource.deployment.AdminObject" name="jca.wmq:name=topic1"> <attribute name="JNDIName"> jms/topic/MQ.TOPIC1 </attribute> <depends optional-attribute-name="RARName"> jboss.jca:service=RARDeployment,name='wmq.jmsra.rar' </depends> <attribute name="Type">javax.jms.Topic</attribute> <attribute name="Properties"> brokerPubQueueManager=MQ.QUEUE.MANAGER baseTopicName=MQ.TOPIC1 </attribute> </mbean> <mbean code="org.jboss.resource.deployment.AdminObject" name="jca.wmq:name=queue2"> <attribute name="JNDIName"> jms/queue/MQ.QUEUE.RESPONSES </attribute> <depends optional-attribute-name="RARName"> jboss.jca:service=RARDeployment,name='wmq.jmsra.rar' </depends> <attribute name="Type">javax.jms.Queue</attribute> <attribute name="Properties"> baseQueueManagerName=MQ.QUEUE.MANAGER baseQueueName=MQ.QUEUE.RESPONSES </attribute> </mbean> <mbean code="org.jboss.resource.deployment.AdminObject" name="jca.wmq:name=topic2"> <attribute name="JNDIName"> jms/topic/MQ.TOPIC2 </attribute> <depends optional-attribute-name="RARName"> jboss.jca:service=RARDeployment,name='wmq.jmsra.rar' </depends> <attribute name="Type">javax.jms.Topic</attribute> <attribute name="Properties"> brokerPubQueueManager=MQ.QUEUE.MANAGER baseTopicName=MQ.TOPIC2 </attribute> </mbean> </connection-factories>
15.2.1.1. Using the WebSphere MQ resource adapter in an MDB
ActivationConfigProperty
and ResourceAdapter
annotations as in the following code sample:
@MessageDriven(name="WebSphereMQMDB". activationConfig = { @ActivationConfigProperty(propertyName = "destinationType",propertyValue = "javax.jms.Queue"), @ActivationConfigProperty(propertyName = "useJNDI", propertyValue = "false"), @ActivationConfigProperty(propertyName = "hostName", propertyValue = "MQ.HOST.NAME"), @ActivationConfigProperty(propertyName = "port", propertyValue = "MQ.PORT"), @ActivationConfigProperty(propertyName = "channel", propertyValue = "MQ.CHANNEL.NAME"), @ActivationConfigProperty(propertyName = "queueManager", propertyValue = "MQ.QUEUE.MANAGER"), @ActivationConfigProperty(propertyName = "destination", propertyValue = "MQ.QUEUE.REQUESTS"), @ActivationConfigProperty(propertyName = "transportType", propertyValue = "MQ.TRANSPORT.TYPE"), @ActivationConfigProperty(propertyName = "username", propertyValue = "MQ.USER"), @ActivationConfigProperty(propertyName = "password", propertyValue = "MQ.PASSWORD") }) @ResourceAdapter(value = "wmq.jmsra.rar") public class WebSphereMQMDB implements MessageListener { }
15.2.1.2. Configuration for XA Transaction Recovery
Before you begin the configuration for XA transaction recovery, you need:
- JBoss Enterprise Application Platform and WebSphere MQ configured as described previously in this chapter.
- The
mqcontext.jar
library. It is available as part of IBM Support Pac: ME01, which can be downloaded from the IBM website. Installation of the pack adds the library to theMQ.HOME/java/lib/
directory. - An additional message queue created in WebSphere MQ for transaction recovery purposes. In the following code samples, it is referred to as
MQ.RECOVERY.QUEUE
.
Procedure 15.2. Configuring WebSphere MQ Integration for XA Transaction Recovery
- In a directory of your choice on the WebSphere MQ server, create a
JMSAdmin.config
file with the following content:INITIAL_CONTEXT_FACTORY=com.ibm.mq.jms.context.WMQInitialContextFactory PROVIDER_URL=MQ.HOST.NAME:MQ.PORT/MQ.CHANNEL.NAME
- In the same directory, create a file called
xaqcf_def.scp
. In the file, define an XA queue connection factory as follows:def xaqcf(WNPMQMXACF) qmgr(MQ.QUEUE.MANAGER) tran(MQ.TRANSPORT.TYPE) chan(MQ.CHANNEL.NAME) host(MQ.HOST.NAME) port(MQ.PORT)
- Still in the same directory, create a
JMSAdmin.sh
script as follows:CLASSPATH=$CLASSPATH:/opt/mqm/java/lib/jms.jar CLASSPATH=$CLASSPATH:/opt/mqm/java/lib/com.ibm.mq.jar CLASSPATH=$CLASSPATH:/opt/mqm/java/lib/com.ibm.mqjms.jar CLASSPATH=$CLASSPATH:/opt/mqm/java/lib/jta.jar CLASSPATH=$CLASSPATH:/opt/mqm/java/lib/connector.jar CLASSPATH=$CLASSPATH:/opt/mqm/java/lib/jndi.jar CLASSPATH=$CLASSPATH:/opt/mqm/java/lib/providerutil.jar CLASSPATH=$CLASSPATH:/opt/mqm/java/lib/fscontext.jar CLASSPATH=$CLASSPATH:/opt/mqm/java/lib/com.ibm.mqjms.jar CLASSPATH=$CLASSPATH:/opt/mqm/java/lib/mqcontext.jar export CLASSPATH /opt/mqm/java/bin/JMSAdmin -v -cfg $PWD/JMSAdmin.config < xaqcf_def.scp
All libraries necessary for JMSAdmin tools are linked from the default WebSphere MQ installation directory, which is/opt/mqm
. Please modify the paths in the script accordingly if your WebSphere MQ installation is located elsewhere. - Launch the script created in the previous step. The script will append the required paths to the CLASSPATH variable and create the XA queue connection factory.
- Copy the following libraries from
MQ.HOME/java/lib/
to theJBOSS_HOME/server/PROFILE/lib/
directory:- dhbcore.jar
- mqcontext.jar
- com.ibm.mq.jar
- com.ibm.mqjms.jar
- com.ibm.mq.pcf.jar
- com.ibm.mq.jmqi.jar
- com.ibm.mq.headers.jar
- com.ibm.mq.commonservices.jar
- Create an external JNDI context by adding the following code to the
JBOSS_HOME/server/PROFILE/conf/jboss-service.xml
file:<mbean code="org.jboss.naming.ExternalContext" name="jboss.jndi:service=ExternalContext,jndiName=IBMMQInitialContext"> <attribute name="JndiName">IBMMQInitialContext</attribute> <attribute name="InitialContext">javax.naming.InitialContext</attribute> <attribute name="Properties"> java.naming.factory.initial=com.ibm.mq.jms.context.WMQInitialContextFactory java.naming.factory.url.pkgs=com.ibm.mq.jms.naming java.naming.provider.url=MQ.HOST.NAME:MQ.PORT/MQ.CHANNEL.NAME </attribute> </mbean>
Alternatively, it is possible to define the external JNDI context as a remote one by adding theRemoteAccess
attribute to the MBean definition. In this case, theIBMMQInitialContext/WNPMQMXACF
JNDI name used in the following step points to a remote connection factory in the WebSphere MQ broker.<mbean code="org.jboss.naming.ExternalContext" name="jboss.jndi:service=ExternalContext,jndiName=IBMMQIntialContext"> <attribute name="JndiName">IBMMQIntialContext</attribute> <attribute name="InitialContext">javax.naming.InitialContext</attribute> <!-- Indicates that the external context is remote --> <attribute name="RemoteAccess">true</attribute> <attribute name="Properties"> java.naming.factory.initial=com.ibm.mq.jms.context.WMQInitialContextFactory java.naming.factory.url.pkgs=com.ibm.mq.jms.naming java.naming.provider.url=MQ.HOST.NAME:MQ.PORT/MQ.CHANNEL.NAME </attribute> </mbean>
- Create a file called
wsmq-jmsprovider-ds.xml
in theJBOSS_HOME/server/PROFILE/conf/
directory.Below, you can find a code sample showing the expected content of the file. The first part of the XML file defines a connection factory that supports XA transactions. The second part of the file defines JNDI bindings of the recovery queue defined in WebSphere MQ and of the XA connection factory. See the comments inside the code sample for more information.<?xml version="1.0" encoding="UTF-8"?> <connection-factories> <!-- connection factory definition --> <tx-connection-factory> <!-- Bind this ConnectionFactory with the JNDI --> <jndi-name>IbmMQJMSXA</jndi-name> <!-- Indicate that the connection factory supports XA transactions --> <xa-transaction/> <!-- rar-name is the actual RAR file name, in this case wmq.jmsra.rar --> <rar-name>wmq.jmsra.rar</rar-name> <!-- Do not prefix the JNDI name of the connection factory with the java: context and thus allow it to be looked up externally --> <use-java-context>true</use-java-context> <!-- connection-definition is the ConnectionFactory interface defined in the jboss_jmsra_ds.xml file --> <connection-definition> javax.jms.ConnectionFactory </connection-definition> <config-property name="hostName" type="java.lang.String">MQ.HOST.NAME:</config-property> <config-property name="username" type="java.lang.String">MQ.USER</config-property> <config-property name="password" type="java.lang.String">MQ.PASSWORD</config-property> <config-property name="port" type="java.lang.String">MQ.PORT</config-property> <config-property name="queueManager" type="java.lang.String">MQ.QUEUE.MANAGER</config-property> <config-property name="channel" type="java.lang.String">MQ.CHANNEL.NAME</config-property> <config-property name="transportType" type="java.lang.String">MQ.TRANSPORT.TYPE</config-property> <!-- define the security domain --> <security-domain-and-application>JmsXARealm</security-domain-and-application> </tx-connection-factory> <!-- admin object definitions --> <!-- Binding of the crash recovery queue in WebSphere MQ --> <mbean code="org.jboss.resource.deployment.AdminObject" name="jca.wmq:name=crashRecovery"> <attribute name="JNDIName"> queue/crashRecoveryQueue </attribute> <depends optional-attribute-name="RARName"> jboss.jca:service=RARDeployment,name='wmq.jmsra.rar' </depends> <attribute name="Type">javax.jms.Queue</attribute> <attribute name="Properties"> baseQueueManagerName=MQ.QUEUE.MANAGER baseQueueName=MQ.RECOVERY.QUEUE </attribute> </mbean> <!-- Binding of the XA Connection factory to the JMSProvider that is used by the transaction module --> <!-- The properties must match the Websphere MQ JNDI entry and the FactoryRef must match the xaqcf name --> <mbean code="org.jboss.jms.jndi.JMSProviderLoader" name="jboss.jms:service=JMSProviderLoader,name=WSMQJmsWNPMQMProvider"> <!-- this will be bound to java:/... and you will need to use it in conf/jbossts-properties.xml --> <attribute name="ProviderName">WSMQJmsWNPMQMProvider</attribute> <attribute name="ProviderAdapterClass">org.jboss.jms.jndi.JNDIProviderAdapter</attribute> <attribute name="FactoryRef">IBMMQInitialContext/WNPMQMXACF</attribute> <attribute name="QueueFactoryRef">IBMMQInitialContext/WNPMQMXACF</attribute> <attribute name="TopicFactoryRef">IBMMQInitialContext/WNPMQMXACF</attribute> <!-- external context defined in conf/jboss-service.xml --> <depends>jboss.jndi:service=ExternalContext,jndiName=IBMMQInitialContext</depends> </mbean> </connection-factories>
- Add the the
JMSProviderLoader
reference to the<properties depends="arjuna" name="jta">
section of theJBOSS_HOME/server/PROFILE/conf/jbossts-properties.xml
file. TheWSMQJmsWNPMQMProvider
value must match the name in the JMSProviderLoader definition in thewsmq-jmsprovider-ds.xml
file.<!-- the value has to correspond with property com.arjuna.ats.arjuna.xa.nodeIdentifier --> <property name="com.arjuna.ats.jta.xaRecoveryNode" value="1" /> <!-- IBM MQ settings --> <!-- the WSMQJmsWNPMQMProvider must match the name in the JMSProviderLoader definition in the *-ds.xml file. --> <property name="com.arjuna.ats.jta.recovery.XAResourceRecovery.WSMQWNPMQM" value="org.jboss.jms.server.recovery.MessagingXAResourceRecovery;java:/WSMQJmsWNPMQMProvider"/>
- Restart the JBoss Enterprise Application Server instance. After the restart, the connection will be established. The connection factory will be available under the
IbmMQJMSXA
JNDI name (bound by JCA). The XA connection factory will be available under theIBMMQInitialContext/WNPMQMXACF
JNDI name (bound as external context).If the connection is not established successfully, the following WARN message will be periodically logged:2011-06-10 10:44:08,707 WARN [loggerI18N] [com.arjuna.ats.internal.jta.recovery.xarecovery1] Local XARecoveryModule.xaRecovery got XA exception javax.transaction.xa.XAException: Error trying to connect to provider java:/WSMQJmsWNPMQMProvider, XAException.XAER_RMERR
Chapter 16. Using Production Databases with JBoss Enterprise Application Platform
16.1. How to Use Production Databases
16.2. Installing JDBC Drivers
<JBOSS_HOME>/server/<PROFILE>/lib
directory. Replace <PROFILE> with the server profile you are using.
JBDC Driver Download Locations
- MySQL
- Download from http://www.mysql.com/products/connector/.
- PostgreSQL
- Download from http://jdbc.postgresql.org/.
- Oracle
- IBM
- Download from http://www-306.ibm.com/software/data/db2/java/.
- Sybase
- Download from the Sybase jConnect product page http://www.sybase.com/products/allproductsa-z/softwaredeveloperkit/jconnect.
Note
When using Sybase database with this driver, theMaxParams
attribute cannot be set higher than481
due to a limitation in the driver'sPreparedStatement
class. - Microsoft
- Download from the MSDN web site http://msdn.microsoft.com/data/jdbc/.
16.2.1. Special Notes on Sybase
sp_dboption db_name, "allow nulls by default", true
@@textsize
global variable. The default setting for this variable depends on the software used to access Adaptive Server. For the JDBC driver, the default value is 32 kilobytes.
16.2.1.1. Enable JAVA services
sp_configure "enable java",1
com.sybase.jdbc2.jdbc.SybSQLException: Cannot run this command because Java services are not enabled. A user with System Administrator (SA) role must reconfigure the system to enable Java
16.2.1.2. CMP Configuration
sysxtypes
contains one row for each extended Java-SQL datatype. This table is only used for Adaptive Servers enabled for Java. Install Java classes using the installjava program.
installjava -f <jar-file-name> -S<sybase-server> -U<super-user> -P<super-pass> -D<db-name>
16.2.1.3. Installing Java Classes
- You have to be a super-user with required privileges to install Java classes.
- The JAR file you are trying to install should be created without compression.
- Java classes that you install and use in the server must be compiled with JDK 1.2.2. If you compile a class with a later JDK, you will be able to install it in the server using the installjava utility, but you will get a java.lang.ClassFormatError exception when you attempt to use the class. This is because Sybase Adaptive Server uses an older JVM internally, and requires the Java classes to be compiled with the same.
16.2.1.4. Increase @@textsize Default for Sybase v15.0.3
@@textsize
value from 32768 (bytes) to 2147483647 (bytes).
sybase-ds.xml
file inside a <connection-url> directive. An example sybase-ds.xml
file is located in <JBOSS_HOME>/jboss-as/docs/examples/jca/
Important
<connection-url>jdbc:sybase:[domain]:[port]/db_name?SQLINITSTRING=set TextSize 2147483647</connection-url>
16.2.2. Configuring JDBC DataSources
<JBOSS_HOME>/server/<PROFILE>/deploy
directory, alongside other deployable applications and resources. The files use a standard naming scheme of DBNAME-ds.xml
.
<JBOSS_HOME>/docs/examples/jca
directory. Edit the datasource that corresponds to your database, and copy it to the deploy/
directory before restarting the application server.
connection-url
, user-name
, and password
to correspond to your database of choice.
16.3. Switching to a Production Database
JBOSS_HOME/jboss-as/tools/schema/
directory.
Prerequisites
- Apache Ant must be installed.
- The database that you wish to use must already exist.
- A user with permission to make changes to that database must already exist.
- The JDBC driver JAR file for the database must be in the server configuration's
lib/
directory.
Warning
Back Up Your Server Profile
Make a copy of the server profile for which you plan to configure your database as the Database Configuration Tool modifies the configuration settings.cp -R JBOSS_HOME/jboss-as/server/Profile /path/to/backup/folder
.Run the Database Configuration Tool
Change to the directory containing the Database Configuration Tool script:cd JBOSS_HOME/jboss-as/tools/schema
Run Apache Ant
Run theant
command to launch the script.Enter Data
Following the prompts, enter the following information as it is requested:- the type of database being used,
- the name of the database,
- the host name or IP Address of the database,
- the TCP port being used for the database,
- the user name needed to access the database, and
- the password for the user account.
Note
You could also add these values directly to thebuild.properties
file (found in the same directory) before running the script. The Database Configuration Tool will not prompt you for these properties if it finds you have already added them to the file.
The Database Configuration Tool updates the relevant configuration files and exits. JBoss Enterprise Application Platform is then reconfigured for use with the production database.
16.4. Common Database-Related Tasks
16.4.1. Security and Pooling
ResourceAdapter
has <reauthentication-support>
, using multiple security identities will create subpools for each identity.
Note
16.4.2. Change Database for the JMS Services
<JBOSS_HOME>/server/<PROFILE>/deploy/messaging/$DATABASE-persistence-service.xml
with the $DATABASE-persistence-service.xml
filename depending on your external database.
- MySQL:
mysql-persistence-service.xml
- PostgreSQL:
postgresql-persistence-service.xml
- Oracle:
oracle-persistence-service.xml
- DB2:
db2-persistence-service.xml
- Sybase:
sybase-persistence-service.xml
- MS SQL Server:
mssql-persistence-service.xml
16.4.3. Support Foreign Keys in CMP Services
<JBOSS_HOME>/server/<PROFILE>/conf/standardjbosscmp-jdbc.xml
file so that the fk-constraint
property is true
. That is needed for all external databases we support on the JBoss Enterprise Application Platform. This file configures the database connection settings for the EJB2 CMP beans deployed in the JBoss Enterprise Application Platform.
<fk-constraint>true</fk-constraint>
16.4.4. Specify Database Dialect for Java Persistence API
<JBOSS_HOME>/server/<PROFILE>/deployers/ejb3.deployer/META-INF/jpa-deployers-jboss-beans.xml
file. To configure this file you need to uncomment the set of tags related to the map entry hibernate.dialect
and change the values to the following based on the database you setup.
- Oracle 10g:
org.hibernate.dialect.Oracle10gDialect
- Oracle 11g:
org.hibernate.dialect.Oracle10gDialect
- Microsoft SQL Server 2008:
org.hibernate.dialect.SQLServerDialect
- PostgresSQL 8.2.3:
org.hibernate.dialect.PostgreSQLDialect
- PostgresSQL 8.3.7:
org.hibernate.dialect.PostgreSQLDialect
- MySQL 5.0:
org.hibernate.dialect.MySQL5InnoDBDialect
- MySQL 5.1:
org.hibernate.dialect.MySQL5InnoDBDialect
- DB2 9.1:
org.hibernate.dialect.DB2Dialect
- Sybase ASE 15:
org.hibernate.dialect.SybaseASE15Dialect
16.4.5. Change Other JBoss Enterprise Application Platform Services to use the External Database
16.4.5.1. The Easy Way
DefaultDS
. Most JBoss services are hard-wired to use the DefaultDS
by default. So, by changing the DataSource name, we do not need to change the configuration for each service individually.
*-ds.xml
file for your external database, and change the value of the jndi-name
property to DefaultDS
. For instance, in mysql-ds.xml
, you would change MySqlDS
to DefaultDS
and so on. You will need to remove the <JBOSS_HOME>/server/<PROFILE>/deploy/hsqldb-ds.xml
file after you are done to avoid duplicated DefaultDS
definition.
messaging/$DATABASE-persistence-service.xml
file, you should also change the datasource name in the depends
tag for the PersistenceManagers
MBean to DefaultDS
. For instance, for mysql-persistence-service.xml
file, we change the MySqlDS
to DefaultDS
.
<mbean code="org.jboss.messaging.core.jmx.JDBCPersistenceManagerService" name="jboss.messaging:service=PersistenceManager" xmbean-dd="xmdesc/JDBCPersistenceManager-xmbean.xml"> <depends>jboss.jca:service=DataSourceBinding,name=DefaultDS</depends>
16.4.5.2. The More Flexible Way
DefaultDS
is convenient. But if you have applications that assume the DefaultDS
always points to the factory-default HSQL DB, that approach could break your application. Also, changing DefaultDS
destination forces all JBoss services to use the external database. What if you want to use the external database only on some services?
DefaultDS
in all standard JBoss services to the DataSource JNDI name defined in your *-ds.xml
file (for example, the MySqlDS
in mysql-ds.xml
, etc.). Below is a complete list of files that contain DefaultDS
. You can update them all to use the external database on all JBoss services or update some of them to use different combination of DataSources for different services.
<JBOSS_HOME>/server/<PROFILE>/conf/login-config.xml
: This file is used in Java EE container managed security services.JBOSS_HOME/server/<PROFILE>/conf/standardjbosscmp-jdbc.xml
: This file configures the CMP beans in the EJB container.<JBOSS_HOME>/server/<PROFILE>/deploy/ejb2-timer-service.xml
: This file configures the EJB timer services.<JBOSS_HOME>/server/<PROFILE>/deploy/juddi-service.sar/META-INF/jboss-service.xml
: This file configures the UUDI service.<JBOSS_HOME>/server/<PROFILE>/deploy/juddi-service.sar/juddi.war/WEB-INF/jboss-web.xml
: This file configures the UUDI service.<JBOSS_HOME>/server/<PROFILE>/deploy/juddi-service.sar/juddi.war/WEB-INF/juddi.properties
: This file configures the UUDI service.<JBOSS_HOME>/server/<PROFILE>/deploy/uuid-key-generator.sar/META-INF/jboss-service.xml
: This file configures the UUDI service.<JBOSS_HOME>/server/<PROFILE>/deploy/messaging/messaging-jboss-beans.xml
and<JBOSS_HOME>/server/<PROFILE>/deploy/messaging/persistence-service.xml
: Those files configure the JMS persistence service as we discussed earlier.
16.4.6. A Special Note About Oracle Databases
schemaname.tablename
. The TIMERS
and HILOSEQUENCES
tables needed by JBoss Enterprise Application Platform would not be created on a schema if the table already existed on a different schema. To work around this issue, you need to edit the <JBOSS_HOME>/server/<PROFILE>/deploy/ejb2-timer-service.xml
file to change the table name from TIMERS
to something like schemaname2.tablename
.
<mbean code="org.jboss.ejb.txtimer.DatabasePersistencePolicy" name="jboss.ejb:service=EJBTimerService,persistencePolicy=database"> <!-- DataSourceBinding ObjectName --> <depends optional-attribute-name="DataSource"> jboss.jca:service=DataSourceBinding,name=DefaultDS </depends> <!-- The plugin that handles database persistence --> <attribute name="DatabasePersistencePlugin"> org.jboss.ejb.txtimer.GeneralPurposeDatabasePersistencePlugin </attribute> <!-- The timers table name --> <attribute name="TimersTable">TIMERS</attribute> </mbean>
<JBOSS_HOME>/server/<PROFILE>/deploy/uuid-key-generator.sar/META-INF/jboss-service.xml
file to change the table name from HILOSEQUENCES
to something like schemaname2.tablename
as well.
<!-- HiLoKeyGeneratorFactory --> <mbean code="org.jboss.ejb.plugins.keygenerator.hilo.HiLoKeyGeneratorFactory" name="jboss:service=KeyGeneratorFactory,type=HiLo"> <depends>jboss:service=TransactionManager</depends> <!-- Attributes common to HiLo factory instances --> <!-- DataSource JNDI name --> <depends optional-attribute-name="DataSource">jboss.jca:service=DataSourceBinding,name=DefaultDS</depends> <!-- table name --> <attribute name="TableName">HILOSEQUENCES</attribute>
Important
SQLException
("Bigger type length than Maximum") on Oracle 11g R1.
Chapter 17. Datasource Configuration
Warning
- no transaction isolation;
- thread and socket leaks (
connection.close()
does not tidy up resources); - persistence quality (logs commonly become corrupted after a failure, preventing automatic recovery);
- database corruption;
- stability under load (database processes cease when dealing with too much data);
- and not viable in clustered environments.
Important
17.1. Types of Datasources
Datasource Definitions
<no-tx-datasource>
- Does not take part in JTA transactions. The
java.sql.Driver
is used. <local-tx-datasource>
- Does not support two phase commit. The
java.sql.Driver
is used. Suitable for a single database or a non-XA-aware resource. <xa-datasource>
- Supports two phase commit. The
javax.sql.XADataSource
driver is used.
17.2. Datasource Parameters
Common Datasource Parameters
<mbean>
- A standard JBoss MBean deployment.
<depends>
- The
ObjectName
of an MBean service thisConnectionFactory
orDataSource
deployment depends upon. The connection manager service will not be started until the dependent services have been started. <jndi-name>
- The JNDI name under which the Datasource should be bound.
<use-java-context>
- Boolean value indicating whether the jndi-name should be prefixed with java:. This prefix causes the Datasource to only be accessible from within the JBoss Enterprise Application Platform virtual machine. Defaults to
TRUE
. <user-name>
- The user name used to create the connection to the datasource.
Note
Not used when security is configured. <password>
- The password used to create the connection to the datasource.
Note
Not used when security is configured. <transaction-isolation>
- The default transaction isolation of the connection. If not specified, the database-provided default is used.
Possible values for <transaction-isolation>
TRANSACTION_READ_UNCOMMITTED
TRANSACTION_READ_COMMITTED
TRANSACTION_REPEATABLE_READ
TRANSACTION_SERIALIZABLE
TRANSACTION_NONE
<new-connection-sql>
- An SQL statement that is executed against each new connection. This can be used to set up the connection schema, for instance.
<check-valid-connection-sql>
- An SQL statement that is executed before the connection is checked out from the pool to make sure it is still valid. If the SQL statement fails, the connection is closed and a new one is created.
<valid-connection-checker-class-name>
- A class that checks whether a connection is valid using a vendor-specific mechanism.
<exception-sorter-class-name>
- A class that parses vendor-specific messages to determine whether SQL errors are fatal, and destroys the connection if so. If empty, no errors are treated as fatal.
<track-statements>
- Whether to monitor for un-closed Statements and ResultSets and issue warnings when they have not been closed. The default value is
NOWARN
. <prepared-statement-cache-size>
- The number of prepared statements per connection to be kept open and reused in subsequent requests. They are stored in a Least Recently Used (LRU) cache. The default value is
0
, meaning that no cache is kept. <share-prepared-statements>
- When the
<prepared-statement-cache-size>
is non-zero, determines whether two requests in the same transaction should return the same statement. Defaults toFALSE
.Example 17.1. Using
<share-prepared-statements>
The goal is to work around questionable driver behavior, where the driver applies auto-commit semantics to local transactions.Connection c = dataSource.getConnection(); // auto-commit == false PreparedStatement ps1 = c.prepareStatement(...); ResultSet rs1 = ps1.executeQuery(); PreparedStatement ps2 = c.prepareStatement(...); ResultSet rs2 = ps2.executeQuery();
This assumes that the prepared statements are the same. For some drivers,ps2.executeQuery()
automatically closesrs1
, so you actually need two real prepared statements behind the scenes. This only applies to the auto-commit semantic, where re-running the query starts a new transaction automatically. For drivers that follow the specification, you can set it toTRUE
to share the same real prepared statement. <set-tx-query-timeout>
- Whether to enable query timeout based on the length of time remaining until the transaction times out. Defaults to
FALSE
. <query-timeout>
- The maximum time, in seconds, before a query times out. You can override this value by setting
<set-tx-query-timeout>
toTRUE
. <type-mapping>
- A pointer to the type mapping in
conf/standardjbosscmp.xml
. This element is a child element of<metadata>
. A legacy from JBoss4. <validate-on-match>
- Whether to validate the connection when the JCA layer matches a managed connection, such as when the connection is checked out of the pool. With the addition of
<background-validation>
this is not required. It is usually not necessary to specifyTRUE
for<validate-on-match>
in conjunction with specifyingTRUE
for<background-validation>
. Defaults toTRUE
. <prefill>
- Whether to attempt to prefill the connection pool to the minimum number of connections. Only supporting pools (OnePool) support this feature. A warning is logged if the pool does not support prefilling. Defaults to
TRUE
. <background-validation>
- Background connection validation reduces the overall load on the RDBMS system when validating a connection. When using this feature, EAP checks whether the current connection in the pool a separate thread (ConnectionValidator).
<background-validation-minutes>
depends on this value also being set toTRUE
. Defaults toFALSE
.Warning
The <background-validation> parameter has been deprecated and is no longer supported: set the <background-validation-millis> parameter to a value greater than 0 and background validation will be enabled automatically. <background-validation-millis>
- Background connection validation reduces the overall load on the RDBMS system when validating a connection. Setting this parameter means that JBoss will attempt to validate the current connections in the pool as a separate thread (
ConnectionValidator
). This parameter's value defines the interval for which theConnectionValidator
runs. The value should differ from the <idle-timeout-minutes > value). The default value of the property is0
. If <background-validation-millis> is set to a value greater than 0, the background validation is enabled.This value should not be the same as your<idle-timeout-minutes>
value.Note
You should set this to a smaller value than<idle-timeout-minutes>
, unless you have specified<min-pool-size>
a minimum pool size set. <idle-timeout-minutes>
- The maximum time, in minutes, before an idle connection is closed. A value of
0
disables timeout. Defaults to15
minutes. <track-connection-by-tx>
- Whether the connection should be locked to the transaction, instead of returning it to the pool at the end of the transaction. In previous releases, this was
true
for local connection factories andfalse
for XA connection factories. The default is nowtrue
for both local and XA connection factories, and the element has been deprecated. <interleaving>
- Enables interleaving for XA connection factories.
<background-validation-minutes>
- How often, in minutes, the ConnectionValidator runs. Default to 0 mills.
Warning
The <background-validation-minutes> parameter has been deprecated and is no longer supported: use the <background-validation-millis> parameter instead.Note
You should set this to a smaller value than <idle-timeout-minutes>, unless you have specified <min-pool-size> a minimum pool size set. <url-delimiter>, <url-property>, <url-selector-strategy-class-name>
- Parameters dealing with database failover. As of JBoss Enterprise Application Platform 5.1, these are configured as part of the main datasource configuration. In previous versions,
<url-delimiter>
appeared as<url-delimiter>
. <stale-connection-checker-class-name>
- An implementation of
org.jboss.resource.adapter.jdbc.StateConnectionChecker
that decides whetherSQLException
s that notify of bad connections throw theorg.jboss.resource.adapter.jdbc.StateConnectionException
exception. <max-pool-size>
- The maximum number of connections allowed in the pool. If undefined, the size defaults to
10
. The value in the example datasource definition (<JBOSS_HOME>/server/<PROFILE>/deploy/hsqldb-ds.xml
) is set to 20. <min-pool-size>
- The minimum number of connections maintained in the pool. Unless
<prefill>
isTRUE
, the pool remains empty until the first use, at which point the pool is filled to the<min-pool-size>
. When the pool size drops below the<min-pool-size>
due to idle timeouts, the pool is refilled to the<min-pool-size>
. Defaults to0
. <blocking-timeout-millis>
- The length of time, in milliseconds, to wait for a connection to become available when all the connections are checked out. Defaults to
30000
, which is 30 seconds. <use-fast-fail>
- Whether to continue trying to acquire a connection from the pool even if the previous attempt has failed, or begin failover. This is to address performance issues where validation SQL takes significant time and resources to execute. Defaults to
FALSE
.
Parameters for javax.sql.XADataSource
Usage
<connection-url>
- The JDBC driver connection URL string
<driver-class>
- The JDBC driver class implementing the
java.sql.Driver
<connection-property>
- Used to configure the connections retrieved from the
java.sql.Driver
.Example 17.2. Example
<connection-property>
<connection-property name="char.encoding">UTF-8</connection-property>
Parameters for javax.sql.XADataSource
Usage
<xa-datasource-class>
- The class implementing the
XADataSource
<xa-datasource-property>
- Properties used to configure the
XADataSource
.Example 17.3. Example
<xa-datasource-property> Declarations
<xa-datasource-property name="IfxWAITTIME">10</xa-datasource-property> <xa-datasource-property name="IfxIFXHOST">myhost.mydomain.com</xa-datasource-property> <xa-datasource-property name="PortNumber">1557</xa-datasource-property> <xa-datasource-property name="DatabaseName">mydb</xa-datasource-property> <xa-datasource-property name="ServerName">myserver</xa-datasource-property>
<xa-resource-timeout>
- The number of seconds passed to
XAResource.setTransactionTimeout()
when not zero. <isSameRM-override-value>
- When set to
FALSE
, fixes some problems with Oracle databases. <no-tx-separate-pools>
- Pool transactional and non-transactional connections separately
Warning
Using this option will cause your total pool size to be twicemax-pool-size
, because two actual pools will be created.Used to fix problems with Oracle.
Security Parameters
-
<application-managed-security>
- Uses the username and password passed on the
getConnection
orcreateConnection
request by the application. -
<security-domain>
- Uses the identified login module configured in
conf/login-module.xml
. -
<security-domain-and-application>
- Uses the identified login module configured in
conf/login-module.xml
and other connection request information supplied by the application, for example JMS Queues and Topics.
Parameters for XA Recovery in the JCA Layer
<recover-user-name>
- The user with credentials to perform a recovery operation.
<recover-password>
- Password of the user with credentials to perform a recovery operation.
<recover-security-domain>
- Security domain for recovery.
<no-recover>
- Excludes a datasource from recovery.
<user-name>
, < password>
and <security-domain>
.
17.3. Datasource Examples
17.3.1. Generic Datasource Example
Example 17.4. Generic Datasource Example
<datasources> <local-tx-datasource> <jndi-name>GenericDS</jndi-name> <connection-url>[jdbc: url for use with Driver class]</connection-url> <driver-class>[fully qualified class name of java.sql.Driver implementation]</driver-class> <user-name>x</user-name> <password>y</password> <!-- you can include connection properties that will get passed in the DriverManager.getConnection(props) call--> <!-- look at your Driver docs to see what these might be --> <connection-property name="char.encoding">UTF-8</connection-property> <transaction-isolation>TRANSACTION_SERIALIZABLE</transaction-isolation> <!--pooling parameters--> <min-pool-size>5</min-pool-size> <max-pool-size>100</max-pool-size> <blocking-timeout-millis>5000</blocking-timeout-millis> <idle-timeout-minutes>15</idle-timeout-minutes> <!-- sql to call when connection is created <new-connection-sql>some arbitrary sql</new-connection-sql> --> <!-- sql to call on an existing pooled connection when it is obtained from pool <check-valid-connection-sql>some arbitrary sql</check-valid-connection-sql> --> <set-tx-query-timeout></set-tx-query-timeout> <query-timeout>300</query-timeout> <!-- maximum of 5 minutes for queries --> <!-- pooling criteria. USE AT MOST ONE--> <!-- If you do not use JAAS login modules or explicit login getConnection(usr,pw) but rely on user/pw specified above, do not specify anything here --> <!-- If you supply the usr/pw from a JAAS login module --> <security-domain>MyRealm</security-domain> <!-- if your app supplies the usr/pw explicitly getConnection(usr, pw) --> <application-managed-security></application-managed-security> <!--Anonymous depends elements are copied verbatim into the ConnectionManager mbean config--> <depends>myapp.service:service=DoSomethingService</depends> </local-tx-datasource> <!-- you can include regular mbean configurations like this one --> <mbean code="org.jboss.tm.XidFactory" name="jboss:service=XidFactory"> <attribute name="Pad">true</attribute> </mbean> <!-- Here's an xa example --> <xa-datasource> <jndi-name>GenericXADS</jndi-name> <xa-datasource-class>[fully qualified name of class implementing javax.sql.XADataSource goes here]</xa-datasource-class> <xa-datasource-property name="SomeProperty">SomePropertyValue</xa-datasource-property> <xa-datasource-property name="SomeOtherProperty">SomeOtherValue</xa-datasource-property> <user-name>x</user-name> <password>y</password> <transaction-isolation>TRANSACTION_SERIALIZABLE</transaction-isolation> <!--pooling parameters--> <min-pool-size>5</min-pool-size> <max-pool-size>100</max-pool-size> <blocking-timeout-millis>5000</blocking-timeout-millis> <idle-timeout-minutes>15</idle-timeout-minutes> <!-- sql to call when connection is created <new-connection-sql>some arbitrary sql</new-connection-sql> --> <!-- sql to call on an existing pooled connection when it is obtained from pool <check-valid-connection-sql>some arbitrary sql</check-valid-connection-sql> --> <!-- pooling criteria. USE AT MOST ONE--> <!-- If you do not use JAAS login modules or explicit login getConnection(usr,pw) but rely on user/pw specified above, do not specify anything here --> <!-- If you supply the usr/pw from a JAAS login module --> <security-domain></security-domain> <!-- if your app supplies the usr/pw explicitly getConnection(usr, pw) --> <application-managed-security></application-managed-security> </xa-datasource> </datasources>
17.3.2. Configuring a DataSource for Remote Usage
use-java-context
=false
.
Example 17.5. Configuring a Datasource for Remote Usage
<datasources> <local-tx-datasource> <jndi-name>GenericDS</jndi-name> <use-java-context>false</use-java-context> <connection-url>...</connection-url> ...
GenericDS
instead of the default of java:/GenericDS
, which restricts the lookup to the same Virtual Machine as the EAP server.
Note
<use-java-context>
setting is not recommended in a production environment. It requires accessing a connection pool remotely and this can cause unexpected problems, since connections are not serializable. Also, transaction propagation is not supported, since it can lead to connection leaks if unreliability is present, such as in a system crash or network failure. A remote session bean facade is the preferred way to access a datasource remotely.
17.3.3. Configuring a Datasource to Use Login Modules
Procedure 17.1. Configuring a Datasource to Use Login Modules
Add the
<security-domain-parameter>
to the XML file for the datasource.<datasources> <local-tx-datasource> ... <security-domain>MyDomain</security-domain> ... </local-tx-datasource> </datasources>
Add an application policy to the
login-config.xml
file.The authentication section needs to include the configuration for your login-module. For example, to encrypt the database password, use theSecureIdentityLoginModule
login module.<application-policy name="MyDomain"> <authentication> <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required"> <module-option name="username">scott</module-option> <module-option name="password">-170dd0fbd8c13748</module-option> <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=OracleDSJAAS</module-option> </login-module> </authentication> </application-policy>
- If you plan to fetch the data source connection from a web application, authentication must be enabled for the web application, so that the
Subject
is populated. - If users need the ability to connect anonymously, add an additional login module to the application-policy, to populate the security credentials.
- Add the
UsersRolesLoginModule
module to the beginning of the chain. TheusersProperties
androlesProperties
parameters can be directed to dummy files.<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">nobody</module-option> <module-option name="usersProperties">props/users.properties</module-option> <module-option name="rolesProperties">props/roles.properties</module-option> </login-module>
Chapter 18. Pooling
18.1. Strategy
ManagedConnectionPool
to perform the pooling. The ManagedConnectionPool
is made up of subpools depending upon the strategy chosen and other pooling parameters.
XML
|
mbean
|
Internal Name
|
Description
|
---|---|---|---|
|
ByNothing
|
OnePool
|
A single pool of equivalent connections
|
<application-managed-security/>
|
ByApplication
|
PoolByCRI
|
Use the connection properties from allocateConnection()
|
<security-domain/>
|
ByContainer
|
PoolBySubject
|
A pool per Subject, e.g. preconfigured or EJB/Web log in subjects
|
<security-domain-and-application/>
|
ByContainerAndApplicaton
|
PoolBySubjectAndCri
|
A per Subject and connection property combination
|
Subject
always overrides any user/password from createConnection(user, password) in the CRI:
( ConnectionRequestInfo )
18.2. Workaround for Oracle's JDK
18.3. Pool Access
No Managed Connections Available
exception. More information about this exception can be found at http://www.jboss.org/community/wiki/WhatDoesTheMessageNoManagedConnectionsAvailableMean.
<allocation-retry/>
and <allocation-retry-wait-millis/>
elements to have the pool retry to obtain a connection before throwing the exception.
18.4. Pool Filling
- <min-pool-size/> - When the number of connections falls below this size, new connections are created
- <max-pool-size/> - No more than this number of connections are created
- <prefill/> - Feature Request has been implemented for 4.0.5.
Important
min-pool-size
only on their first usage.
18.5. Idle Connections
idle-timeout-minutes
parameter.
idle-timeout-minutes
) are purged regularly. The check is performed at an interval that is half of the idle-timeout-minutes
value.
min-pool-size
value, new connections are created.
Note
18.6. Dead connections
connectionErrorOccured()
event when a connection is broken. To support dead/broken connection checking there are a number of plug-ins.
18.6.1. Valid connection checking
<check-valid-connection-sql>select 1 from dual</check-valid-connection-sql>
pingDatabase()
tool:
<valid-connection-checker-class-name/>
18.6.2. Errors during SQL queries
SQLException
for FATAL
errors rather than normal SQLExceptions
. These codes or messages can be vendor specific, such as:
<exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
FATAL
errors, the connection will be closed.
18.6.3. Changing, Closing or Flushing the pool
Procedure 18.1. Changing or Flushing the pool
- Use JMX to change the attributes on the connection pool
jboss.jca:service=JBossManagedConnectionPool,name=<jndi-name>
. - Use JMX to invoke
flush()
to reset the pools.
flush()
is invoked;
- All idle connections are immediately closed;
- Any in use connections are closed when the application finishes with them;
- New connections are created.
18.6.4. Using Third Party Pools
Part III. Clustering Guide
Chapter 19. Introduction and Quick Start
production
server profile. The production
server profile includes support for the following:
- A scalable, fault-tolerant JNDI implementation (HA-JNDI).
- Web tier clustering, including:
- High availability for web session state via state replication.
- Ability to integrate with hardware and software load balancers, including special integration with mod_jk and other JK-based software load balancers.
- Single Sign-on support across a cluster.
- EJB session bean clustering, for both stateful and stateless beans, and for both EJB3 and EJB2.
- A distributed cache for JPA/Hibernate entities.
- A framework for keeping local EJB2 entity caches consistent across a cluster by invalidating cache entries across the cluster when a bean is changed on any node.
- Distributed JMS queues and topics via JBoss Messaging.
- Deploying a service or application on multiple nodes in the cluster but having it active on only one (but at least one) node is called a HA Singleton.
- Keeping deployed content in sync on all nodes in the cluster via the
Farm
service.
19.1. Quick Start Guide
19.1.1. Initial Preparation
- Install JBoss Enterprise Application Platform on all your servers. In its simplest form, this is just a matter of unzipping the JBoss download onto the file system on each server.If you want to run multiple JBoss Enterprise Application Platform instances on a single server, you can either install the full JBoss distribution onto multiple locations on your file system, or you can simply make copies of the
production
server profile. For example, assuming the root of the JBoss distribution was unzipped to/var/jboss
, you would:$ cd /var/jboss/server $ cp -r production node1 $ cp -r production node2
- For each node, determine the address to bind sockets to. When you start JBoss, whether clustered or not, you need to tell JBoss on what address its sockets should listen for traffic. (The default is
localhost
which is secure but is not very useful, particularly in a cluster.) So, you need to decide what those addresses will be. - Ensure multicast is working. By default JBoss Enterprise Application Platform uses UDP multicast for most intra-cluster communications. Make sure each server's networking configuration supports multicast and that multicast support is enabled for any switches or routers between your servers. If you are planning to run more than one node on a server, make sure the server's routing table includes a multicast route. See the JGroups documentation at http://www.jgroups.org for more on this general area, including information on how to use JGroups' diagnostic tools to confirm that multicast is working.
Note
JBoss Enterprise Application Platform clustering does not require the use of UDP multicast; the Enterprise Application Platform can also be reconfigured to use TCP unicast for intra-cluster communication. - Determine a unique integer "ServerPeerID" for each node. This is needed for JBoss Messaging clustering, and can be skipped if you will not be running JBoss Messaging (that is, you will remove JBM from the server profile's
deploy
directory). JBM requires that each node in a cluster has a unique integer ID, known as a "ServerPeerID", that should remain consistent across server restarts.Important
A simple 1, 2, 3, ..., x naming scheme is acceptable, however the value must be between the range0
to1023
. Values outside this range will result in a java.lang.IllegalArgumentException with the ServerPeer start Service.We will cover how to use the ServerPeerID in Section 19.1.2, “Launching a JBoss Enterprise Application Platform Cluster”.
- Pick a unique name for your cluster. The default name for a JBoss Enterprise Application Platform cluster is "DefaultPartition". Come up with a different name for each cluster in your environment, e.g. "QAPartition" or "BobsDevPartition". The use of "Partition" is not required; it's just a semi-convention. As a small aid to performance try to keep the name short, as it gets included in every message sent around the cluster. We will cover how to use the name you pick in the next section.
- Pick a unique multicast address for your cluster. By default JBoss Enterprise Application Platform uses UDP multicast for most intra-cluster communication. Pick a different multicast address for each cluster you run. Generally a good multicast address is of the form
239.255.x.y
. We will cover how to use the address you pick in the next section.
19.1.2. Launching a JBoss Enterprise Application Platform Cluster
-c production
command line option for each instance. Those server instances will detect each other and automatically form a cluster.
1
and for the second node is 2
. We've decided to call our cluster "DocsPartition" and to use 239.255.100.100
as our multicast address. These scenarios are meant to be illustrative; the use of a two node cluster should not be taken to mean that is the best size for a cluster; it's just that's the simplest way to do the examples.
- Scenario 1: Nodes on Separate MachinesThis is the most common production scenario. Assume the machines are named "node1" and "node2", while node1 has an IP address of
192.168.0.101
and node2 has an address of192.168.0.102
. Assume the "ServerPeerID" for node1 is1
and for node2 it's2
. Assume on each machine JBoss is installed in/var/jboss
.On node1, to launch JBoss:$ cd /var/jboss/bin $ ./run.sh -c production -g DocsPartition -u 239.255.100.100 \ -b 192.168.0.101 -Djboss.messaging.ServerPeerID=1
On node2, it's the same except for a different-b
value and ServerPeerID:$ cd /var/jboss/bin $ ./run.sh -c production -g DocsPartition -u 239.255.100.100 \ -b 192.168.0.102 -Djboss.messaging.ServerPeerID=2
The-c
switch says to use theproduction
config, which includes clustering support. The-g
switch sets the cluster name. The-u
switch sets the multicast address that will be used for intra-cluster communication. The-b
switch sets the address on which sockets will be bound. The-D
switch sets system propertyjboss.messaging.ServerPeerID
, from which JBoss Messaging gets its unique id. - Scenario 2: Two Nodes on a Single, Multihomed, ServerRunning multiple nodes on the same machine is a common scenario in a development environment, and is also used in production in combination with Scenario 1. (Running all the nodes in a production cluster on a single machine is generally not recommended, since the machine itself becomes a single point of failure.) In this version of the scenario, the machine is multihomed, i.e. has more than one IP address. This allows the binding of each JBoss instance to a different address, preventing port conflicts when the nodes open sockets.Assume the single machine has the
192.168.0.101
and192.168.0.102
addresses assigned, and that the two JBoss instances use the same addresses and ServerPeerIDs as in Scenario 1. The difference from Scenario 1 is we need to be sure each Enterprise Application Platform instance has its own work area. So, instead of using theproduction
config, we are going to use thenode1
andnode2
configs we copied fromproduction
earlier in the previous section.To launch the first instance, open a console window and:$ cd /var/jboss/bin $ ./run.sh -c node1 -g DocsPartition -u 239.255.100.100 \ -b 192.168.0.101 -Djboss.messaging.ServerPeerID=1
For the second instance, it's the same except for different -b and -c values and a different ServerPeerID:$ cd /var/jboss/bin $ ./run.sh -c node2 -g DocsPartition -u 239.255.100.100 \ -b 192.168.0.102 -Djboss.messaging.ServerPeerID=2
- Scenario 3: Two Nodes on a Single, Non-Multihomed, ServerThis is similar to Scenario 2, but here the machine only has one IP address available. Two processes can not bind sockets to the same address and port, so we will have to tell JBoss to use different ports for the two instances. This can be done by configuring the ServiceBindingManager service by setting the
jboss.service.binding.set
system property.To launch the first instance, open a console window and:$ cd /var/jboss/bin $ ./run.sh -c node1 -g DocsPartition -u 239.255.100.100 \ -b 192.168.0.101 -Djboss.messaging.ServerPeerID=1 \ -Djboss.service.binding.set=ports-default
For the second instance:$ cd /var/jboss/bin $ ./run.sh -c node2 -g DocsPartition -u 239.255.100.100 \ -b 192.168.0.101 -Djboss.messaging.ServerPeerID=2 \ -Djboss.service.binding.set=ports-01
This tells the ServiceBindingManager on the first node to use the standard set of ports (e.g. JNDI on 1099). The second node uses the "ports-01" binding set, which by default for each port has an offset of 100 from the standard port number (e.g. JNDI on 1199). See theconf/bindingservice.beans/META-INF/bindings-jboss-beans.xml
file for the full ServiceBindingManager configuration.Note that this setup is not advised for production use, due to the increased management complexity that comes with using different ports. But it is a fairly common scenario in development environments where developers want to use clustering but cannot multihome their workstations.Note
Including-Djboss.service.binding.set=ports-default
on the command line for node1 is not technically necessary, sinceports-default
is the default value. But using a consistent set of command line arguments across all servers is helpful to people less familiar with all the details.
19.1.3. Web Application Clustering Quick Start
HttpSession
state is stored on one or more nodes in the cluster. In case the primary node handling the session fails or is shut down, any other node in the cluster can handle subsequent requests for the session by accessing the backup copy. Web tier clustering is discussed in detail in the HTTP Connectors Load Balancing Guide.
- Configuring an External Load Balancer. Web applications require an external load balancer to balance HTTP requests across the cluster of JBoss Enterprise Application Platform instances (see Section 20.2.2, “External Load Balancer Architecture” for more on why that is). JBoss Enterprise Application Platform itself does not act as an HTTP load balancer. So, you will need to set up a hardware or software load balancer. There are many possible load balancer choices, so how to configure one is really beyond the scope of a Quick Start. Refer to the HTTP Connectors Load Balancing Guide for details on how to set up the popular mod_jk software load balancer.
- Configuring Your Web Application for Clustering. This aspect involves telling JBoss you want clustering behavior for a particular web app, and it could not be simpler. Just add an empty
distributable
element to your application'sweb.xml
file:<?xml version="1.0"?> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <distributable/> </web-app>
Simply doing that is enough to get the default JBoss Enterprise Application Platform web session clustering behavior, which is appropriate for most applications. Refer to the HTTP Connectors Load Balancing Guide for more advanced configuration options.
19.1.4. EJB Session Bean Clustering Quick Start
org.jboss.ejb3.annotation.Clustered
annotation to the bean class for your stateful or stateless bean:
@javax.ejb.Stateless @org.jboss.ejb3.annotation.Clustered public class MyBean implements MySessionInt { public void test() { // Do something cool } }
clustered
element to the bean's section in the JBoss-specific deployment descriptor, jboss.xml
:
<jboss> <enterprise-beans> <session> <ejb-name>example.StatelessSession</ejb-name> <jndi-name>example.StatelessSession</jndi-name> <clustered>true</clustered> </session> </enterprise-beans> </jboss>
19.1.5. Entity Clustering Quick Start
persistence.xml
as follows:
<?xml version="1.0" encoding="UTF-8"?> <persistence xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd" version="1.0"> <persistence-unit name="somename" transaction-type="JTA"> <jta-data-source>java:/SomeDS</jta-data-source> <properties> <property name="hibernate.cache.use_second_level_cache" value="true"/> <property name="hibernate.cache.region.factory_class" value="org.hibernate.cache.jbc2.JndiMultiplexedJBossCacheRegionFactory"/> <property name="hibernate.cache.region.jbc2.cachefactory" value="java:CacheManager"/> <!-- Other configuration options ... --> </properties> </persistence-unit> </persistence>
org.hibernate.annotations.Cache
annotation to your entity class:
package org.example.entities; import java.io.Serializable; import javax.persistence.Entity; import org.hibernate.annotations.Cache; import org.hibernate.annotations.CacheConcurrencyStrategy; @Entity @Cache(usage=CacheConcurrencyStrategy.TRANSACTIONAL) public class Account implements Serializable {
Note
Chapter 20. Clustering Concepts
20.1. Cluster Definition
Channel
providing the core functionality of tracking who is in the cluster and reliably exchanging messages between the cluster members. JGroups channels with the same configuration and name have the ability to dynamically discover each other and form a group. This is why simply executing “run -c production” on two Enterprise Application Platform instances on the same network is enough for them to form a cluster – each Enterprise Application Platform starts a Channel
(actually, several) with the same default configuration, so they dynamically discover each other and form a cluster. Nodes can be dynamically added to or removed from clusters at any time, simply by starting or stopping a Channel
with a configuration and name that matches the other cluster members.
Channel
. In a standard start of the Enterprise Application Platform 5 production server profile, two different services create a total of four different channels – JBoss Messaging creates two and a core general purpose clustering service known as HAPartition creates two more. If you deploy clustered web applications, clustered EJB3 SFSBs or a clustered JPA/Hibernate entity cache, additional channels will be created. The channels the Enterprise Application Platform connects can be divided into three broad categories: a general purpose channel used by the HAPartition service, channels created by JBoss Cache for special purpose caching and cluster wide state replication, and two channels used by JBoss Messaging.
run -c production
, the channels will discover each other and you'll have a conceptual cluster
. It's easy to think of this as a two node cluster, but it's important to understand that you really have multiple channels, and hence multiple two node clusters.
-g
(partition name) and -u
(multicast address) start up switches. For each set of servers, different values should be chosen. The sections on “JGroups Configuration” and “Isolating JGroups Channels” cover in detail how to configure the Enterprise Application Platform such that desired peers find each other and unwanted peers do not.

Figure 20.1. Clusters and server nodes
20.2. Service Architectures
20.2.1. Client-side interceptor architecture

Client communicates with proxy
| |
Proxy sends request to Node 1
| |
Node 1 goes offline
| |
Proxy switches to Node 2
| |
Proxy sends request to Node 2
| |
Proxy downloads class dynamically from Node 2
|
20.2.2. External Load Balancer Architecture

Browser sends a request.
| |
Load Balancer forwards request to Node 1.
| |
Node 1 goes offline.
| |
Load Balancer switches to using Node 2.
| |
Load Balancer forwards to Node 2.
|
20.3. Load Balancing Policies
20.3.1. Client-side interceptor architecture
- Round-Robin: each call is dispatched to a new node, proceeding sequentially through the list of nodes. The first target node is randomly selected from the list. Implemented by
org.jboss.ha.framework.interfaces.RoundRobin
(legacy) andorg.jboss.ha.client.loadbalance.RoundRobin
(EJB3). - Random-Robin: for each call the target node is randomly selected from the list. Implemented by
org.jboss.ha.framework.interfaces.RandomRobin
(legacy) andorg.jboss.ha.client.loadbalance.RandomRobin
(EJB3). - First Available: one of the available target nodes is elected as the main target and is thereafter used for every call; this elected member is randomly chosen from the list of members in the cluster. When the list of target nodes changes (because a node starts or dies), the policy will choose a new target node unless the currently elected node is still available. Each client-side proxy elects its own target node independently of the other proxies, so if a particular client downloads two proxies for the same target service (for example, an EJB), each proxy will independently pick its target. This is an example of a policy that provides “session affinity” or “sticky sessions”, since the target node does not change once established. Implemented by
org.jboss.ha.framework.interfaces.FirstAvailable
(legacy) andorg.jboss.ha.client.loadbalance.aop.FirstAvailable
(EJB3). - First Available Identical All Proxies: has the same behavior as the "First Available" policy but the elected target node is shared by all proxies in the same client-side VM that are associated with the same target service. So if a particular client downloads two proxies for the same target service (e.g. an EJB), each proxy will use the same target. Implemented by
org.jboss.ha.framework.interfaces.FirstAvailableIdenticalAllProxies
(legacy) andorg.jboss.ha.client.loadbalance.aop.FirstAvailableIdenticalAllProxies
(EJB3).
org.jboss.ha.framework.interfaces.LoadBalancePolicy
interface; users are free to write their own implementation of this simple interface if they need some special behavior. In later sections we will see how to configure the load balance policies used by different services.
20.3.2. External load balancer architecture
- Transaction-Sticky Round-Robin: Transaction-sticky variant of Round-Robin. Implemented by
org.jboss.ha.framework.interfaces.TransactionStickyRoundRobin
. - Transaction-Sticky Random-Robin: Transaction-sticky variant of Random-Robin. Implemented by
org.jboss.ha.framework.interfaces.TransactionStickyRandomRobin
. - Transaction-Sticky First Available: Transaction-sticky variant of First Available. Implemented by
org.jboss.ha.framework.interfaces.TransactionStickyFirstAvailable
. - Transaction-Sticky First Available Identical All Proxies: Transaction-sticky variant of First Available Identical All Proxies. Implemented by
org.jboss.ha.framework.interfaces.TransactionStickyFirstAvailableIdenticalAllProxies
.
Chapter 21. Clustering Building Blocks

Figure 21.1. The JBoss Enterprise Application Platform clustering architecture
21.1. Group Communication with JGroups
Channel
and use it to communicate. The Channel
handles such tasks as managing which nodes are members of the group, detecting node failures, ensuring lossless, first-in-first-out delivery of messages to all group members, and providing flow control to ensure fast message senders cannot overwhelm slow message receivers.
Channel
are determined by the set of protocols that compose it. Each protocol handles a single aspect of the overall group communication task; for example the UDP
protocol handles the details of sending and receiving UDP datagrams. A Channel
that uses the UDP
protocol is capable of communicating with UDP unicast and multicast; alternatively one that uses the TCP
protocol uses TCP unicast for all messages. JGroups supports a wide variety of different protocols (see Section 28.1, “Configuring a JGroups Channel's Protocol Stack” for details), but the Enterprise Application Platform ships with a default set of channel configurations that should meet most needs.
<JBOSS_HOME>/bin/
create run.conf
. Open the file and add the following: JAVA_OPTS="$JAVA_OPTS -Djboss.default.jgroups.stack=<METHOD>"
.
21.1.1. The Channel Factory Service
ChannelFactory
service is used as a registry for named channel configurations and as a factory for Channel
instances. A service that needs a channel requests the channel from the ChannelFactory
, passing in the name of the desired configuration.
server/production/deploy/cluster/jgroups-channelfactory.sar
. On start up the ChannelFactory service parses the server/production/deploy/cluster/jgroups-channelfactory.sar/META-INF/jgroups-channelfactory-stacks.xml
file, which includes various standard JGroups configurations identified by name (for example, UDP or TCP). Services needing a channel access the channel factory and ask for a channel with a particular named configuration.
Note
cluster_name
argument to the Channel.connect(String cluster_name)
method. The Channel uses that cluster_name
as one of the factors that determine whether a particular message received over the network is intended for it.
21.1.1.1. Standard Protocol Stack Configurations
udp
, jbm-control
and jbm-data
, with all clustering services other than JBoss Messaging using udp
.
stack
element to the server/production/deploy/cluster/jgroups-channelfactory.sar/META-INF/jgroups-channelfactory-stacks.xml
file. You can alter the behavior of an existing configuration by editing this file. Before doing this though, have a look at the other standard configurations the Enterprise Application Platform ships; perhaps one of those meets your needs. Also, please note that before editing a configuration you should understand what services are using that configuration; make sure the change you are making is appropriate for all affected services. If the change is not appropriate for a particular service, create a new configuration and change some services to use that new configuration.
- udpUDP multicast based stack meant to be shared between different channels. Message bundling is disabled, as it can add latency to synchronous group RPCs. Services that only make asynchronous RPCs (for example, JBoss Cache configured for REPL_ASYNC) and do so in high volume may be able to improve performance by configuring their cache to use the
udp-async
stack below. Services that only make synchronous RPCs (for example JBoss Cache configured for REPL_SYNC or INVALIDATION_SYNC) may be able to improve performance by using theudp-sync
stack below, which does not include flow control. - udp-asyncSame as the default
udp
stack above, except message bundling is enabled in the transport protocol (enable_bundling=true
). Useful for services that make high-volume asynchronous RPCs (e.g. high volume JBoss Cache instances configured for REPL_ASYNC) where message bundling may improve performance. - udp-syncUDP multicast based stack, without flow control and without message bundling. This can be used instead of
udp
if (1) synchronous calls are used and (2) the message volume (rate and size) is not that large. Do not use this configuration if you send messages at a high sustained rate, or you might run out of memory. - tcpTCP based stack, with flow control and message bundling. TCP stacks are usually used when IP multicasting cannot be used in a network (e.g. routers discard multicast).
- tcp-syncTCP based stack, without flow control and without message bundling. TCP stacks are usually used when IP multicasting cannot be used in a network (e.g.routers discard multicast). This configuration should be used instead of
tcp
above when (1) synchronous calls are used and (2) the message volume (rate and size) is not that large. Do not use this configuration if you send messages at a high sustained rate, or you might run out of memory. - jbm-controlStack optimized for the JBoss Messaging Control Channel. By default uses the same UDP transport protocol configuration as is used for the default
udp
stack defined above. This allows the JBoss Messaging Control Channel to use the same sockets, network buffers and thread pools as are used by the other standard JBoss Enterprise Application Platform clustered services (see Section 21.1.2, “The JGroups Shared Transport”) - jbm-dataTCP-based stack optimized for the JBoss Messaging Data Channel.
21.1.1.2. Changing the Protocol Stack Configuration
udp
protocol stack configuration. If you want to use a TCP-based configuration, set the system property jboss.default.jgroups.stack to the tcp
value (-Djboss.default.jgroups.stack=tcp
). This change configures most of the services that use a JGroups channel to use the TCP-based configuration. To make tcp
the default protocol stack, add the system property to the JAVA_OPTS environment variable in the <JBOSS_HOME>/bin/run.conf
file on Linux platforms or <JBOSS_HOME>/bin/run.conf.bat
on Windows platforms.
tcp
stack uses UDP multicast (via the MPING layer) for peer discovery. This allows the stack to avoid environment-specific configuration of hosts and work out of the box. If you cannot use UDP multicast, you need to change to a non-UDP-based peer-discovery layer (the TCPPING layer) and configure the addresses/ports of the possible cluster nodes. You can change the protocol stack configuration in jgroups-channelfactory-stacks.xml
. The file contains definitions for both peer-discovery layers: by default, the definition of MPING layer is uncommented and the TCPPING layer is commented. To switch to non-UDP based peer-discovery, comment out the MPING layer, and uncomment and configure the TCPPING layer. For more information on MPING and TCPPING, refer to Section 28.1.3, “Discovery Protocols”.
21.1.1.3. Changing the Protocol Stack Configuration of JBoss Messaging
jbm-control
and jbm-data
protocol stack configurations by default. The jbm-control protocol stack is fully UDP-based and jbm-data uses the MPING discovery protocol, which uses UDP multicast. Therefore, if you want JBoss Messaging to use only TCP-based configurations, you need to configure the JBoss Messaging control channel to use the tcp
protocol stack instead of the jbm-control stack and modify the jbm-data protocol stack to use TCPPING layer instead of the MPING layer.
tcp
protocol stack, open the deploy/messaging/RDMS-persistence-service.xml
file (the RDMS value depends on the relational database management system you are using for message persistence) and change the ControlChannelName
attribute value of the org.jboss.messaging.core.jmx.MessagingPostOfficeService mbean to tcp
:
<!--<attribute name="ControlChannelName">jbm-control</attribute>--> <attribute name="ControlChannelName">tcp</attribute>
/server/PROFILE/deploy/cluster/jgroups-channelfactory.sar/META-INF/jgroups-channelfactory-stacks.xml
and replace the MPING layer with an equivalent TCPPING layer as shown in Example 21.1, “Definition of the jbm-data protocol stack with TCPPING definition”.
Example 21.1. Definition of the jbm-data protocol stack with TCPPING definition
<!-- <MPING timeout="3000" num_initial_members="3" mcast_addr="${jboss.jgroups.tcp.mping_mcast_addr:230.11.11.11}" mcast_port="${jgroups.tcp.mping_mcast_port:45700}" ip_ttl="${jgroups.udp.ip_ttl:2}"/> --> <TCPPING timeout="5000" initial_hosts="${jbm.data.tcpping.initial_hosts:localhost[7900],localhost[7901]}" port_range="1" num_initial_members="3"/>
21.2. Distributed Caching with JBoss Cache
Important
- replication of clustered webapp sessions
- replication of clustered EJB3 Stateful Session beans
- clustered caching of JPA and Hibernate entities
- clustered Single Sign-On
- the HA-JNDI replicated tree
- DistributedStateService
21.2.1. The JBoss Enterprise Application Platform CacheManager Service
deploy/
directory, which had a number of disadvantages:
- Caches that end user applications did not need were deployed anyway, with each creating an expensive JGroups channel. For example, even if there were no clustered EJB3 SFSBs, a cache to store them was started.
- Caches are internal details of the services that use them. They should not be first-class deployments.
- Services would find their cache via JMX look ups. Using JMX for purposes other than exposing management interfaces is just not the JBoss Enterprise Application Platform 5 way.
<JBOSS_HOME>/server/<PROFILE>/deploy/cluster/jboss-cache-manager.sar
. The CacheManager is a factory and registry for JBoss Cache instances. It is configured with a set of named JBoss Cache configurations. Services that need a cache ask the cache manager for the cache by name; the cache manager creates the cache (if not already created) and returns it. The cache manager keeps a reference to each cache it has created, so all services that request the same cache configuration name will share the same cache. When a service is done with the cache, it releases it to the cache manager. The cache manager keeps track of how many services are using each cache, and will stop and destroy the cache when all services have released it.
21.2.1.1. Standard Cache Configurations
deploy/cluster/jboss-cache-manager.sar/META-INF/jboss-cache-manager-jboss-beans.xml
file (see Section 29.2.1, “Deployment Via the CacheManager Service” for details). Note however that these configurations are specifically optimized for their intended use, and except as specifically noted in the documentation chapters for each service in this guide, it is not advisable to change them.
- standard-session-cacheStandard cache used for web sessions.
- field-granularity-session-cacheStandard cache used for FIELD granularity web sessions.
- sfsb-cacheStandard cache used for EJB3 SFSB caching.
- ha-partitionUsed by web tier Clustered Single Sign-On, HA-JNDI, Distributed State.
- mvcc-entityA configuration appropriate for JPA/Hibernate entity/collection caching that uses JBoss Cache's MVCC locking (see notes below).
- optimistic-entityA configuration appropriate for JPA/Hibernate entity/collection caching that uses JBoss Cache's optimistic locking (see notes below).
- pessimistic-entityA configuration appropriate for JPA/Hibernate entity/collection caching that uses JBoss Cache's pessimistic locking (see notes below).
- mvcc-entity-repeatableSame as "mvcc-entity" but uses JBoss Cache's REPEATABLE_READ isolation level instead of READ_COMMITTED (see notes below).
- pessimistic-entity-repeatableSame as "pessimistic-entity" but uses JBoss Cache's REPEATABLE_READ isolation level instead of READ_COMMITTED (see notes below).
- local-queryA configuration appropriate for JPA/Hibernate query result caching. Does not replicate query results. DO NOT store the timestamp data Hibernate uses to verify validity of query results in this cache.
- replicated-queryA configuration appropriate for JPA/Hibernate query result caching. Replicates query results. DO NOT store the timestamp data Hibernate uses to verify validity of query result in this cache.
- timestamps-cacheA configuration appropriate for the timestamp data cached as part of JPA/Hibernate query result caching. A replicated timestamp cache is required if query result caching is used, even if the query results themselves use a non-replicating cache like
local-query
. - mvcc-sharedA configuration appropriate for a cache that's shared for JPA/Hibernate entity, collection, query result and timestamp caching. Not an advised configuration, since it requires cache mode REPL_SYNC, which is the least efficient mode. Also requires a full state transfer at start up, which can be expensive. Maintained for backwards compatibility reasons, as a shared cache was the only option in JBoss 4. Uses JBoss Cache's MVCC locking.
- optimistic-sharedA configuration appropriate for a cache that's shared for JPA/Hibernate entity, collection, query result and timestamp caching. Not an advised configuration, since it requires cache mode REPL_SYNC, which is the least efficient mode. Also requires a full state transfer at start up, which can be expensive. Maintained for backwards compatibility reasons, as a shared cache was the only option in JBoss 4. Uses JBoss Cache's optimistic locking.
- pessimistic-sharedA configuration appropriate for a cache that's shared for JPA/Hibernate entity, collection, query result and timestamp caching. Not an advised configuration, since it requires cache mode REPL_SYNC, which is the least efficient mode. Also requires a full state transfer at start up, which can be expensive. Maintained for backwards compatibility reasons, as a shared cache was the only option in JBoss 4. Uses JBoss Cache's pessimistic locking.
- mvcc-shared-repeatableSame as "mvcc-shared" but uses JBoss Cache's REPEATABLE_READ isolation level instead of READ_COMMITTED (see notes below).
- pessimistic-shared-repeatableSame as "pessimistic-shared" but uses JBoss Cache's REPEATABLE_READ isolation level instead of READ_COMMITTED. (see notes below).
Note
Note
21.2.1.2. Cache Configuration Aliases
jboss-cache-manager-jboss-beans.xml
file. The following redacted configuration shows the standard aliases in Enterprise Application Platform 5:
<bean name="CacheManager" class="org.jboss.ha.cachemanager.CacheManager"> . . . <!-- Aliases for cache names. Allows caches to be shared across services that may expect different cache configuration names. --> <property name="configAliases"> <map keyClass="java.lang.String" valueClass="java.lang.String"> <!-- Use the HAPartition cache for ClusteredSSO caching --> <entry> <key>clustered-sso</key> <value>ha-partition</value> </entry> <!-- Handle the legacy name for the EJB3 SFSB cache --> <entry> <key>jboss.cache:service=EJB3SFSBClusteredCache</key> <value>sfsb-cache</value> </entry> <!-- Handle the legacy name for the EJB3 Entity cache --> <entry> <key>jboss.cache:service=EJB3EntityTreeCache</key> <value>mvcc-shared</value> </entry> </map> </property> . . . </bean>
21.3. The HAPartition Service
Channel
that provides support for making/receiving RPC invocations on/from one or more cluster members. HAPartition allows services that use it to share a single Channel
and multiplex RPC invocations over it, eliminating the configuration complexity and runtime overhead of having each service create its own Channel
. HAPartition also supports a distributed registry of which clustering services are running on which cluster members. It provides notifications to interested listeners when the cluster membership changes or the clustered service registry changes. HAPartition forms the core of many of the clustering services we will be discussing in the rest of this guide, including smart client-side clustered proxies, EJB 2 SFSB replication and entity cache management, farming, HA-JNDI and HA singletons. Custom services can also make use of HAPartition.
HAPartition
service definition packaged with the standard JBoss Enterprise Application Platform distribution. This configuration can be found in the server/production/deploy/cluster/hapartition-jboss-beans.xml
file.
<bean name="HAPartitionCacheHandler" class="org.jboss.ha.framework.server.HAPartitionCacheHandlerImpl"> <property name="cacheManager"><inject bean="CacheManager"/></property> <property name="cacheConfigName">ha-partition</property> </bean> <bean name="HAPartition" class="org.jboss.ha.framework.server.ClusterPartition"> <depends>jboss:service=Naming</depends> <annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX (name="jboss:service=HAPartition,partition=${jboss.partition.name:DefaultPartition}", exposedInterface=org.jboss.ha.framework.server.ClusterPartitionMBean.class, registerDirectly=true)</annotation> <!-- ClusterPartition requires a Cache for state management --> <property name="cacheHandler"><inject bean="HAPartitionCacheHandler"/></property> <!-- Name of the partition being built --> <property name="partitionName">${jboss.partition.name:DefaultPartition}</property> <!-- The address used to determine the node name --> <property name="nodeAddress">${jboss.bind.address}</property> <!-- Max time (in ms) to wait for state transfer to complete. Increase for large states --> <property name="stateTransferTimeout">30000</property> <!-- Max time (in ms) to wait for RPC calls to complete. --> <property name="methodCallTimeout">60000</property> <!-- Optionally provide a thread source to allow async connect of our channel --> <property name="threadPool"><inject bean="jboss.system:service=ThreadPool"/></property> <property name="distributedStateImpl"> <bean name="DistributedState" class="org.jboss.ha.framework.server.DistributedStateImpl"> <annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX (name="jboss:service=DistributedState,partitionName=${jboss.partition.name:DefaultPartition}", exposedInterface=org.jboss.ha.framework.server.DistributedStateImplMBean.class, registerDirectly=true)</annotation> <property name="cacheHandler"><inject bean="HAPartitionCacheHandler"/></property> </bean> </property> </bean>
HAPartitionCacheHandler
and the HAPartition
itself.
HAPartition
bean itself exposes the following configuration properties:
- partitionName is an optional attribute to specify the name of the cluster. Its default value is
DefaultPartition
. Use the-g
(a.k.a. --partition) command line switch to set this value at server start up.Note
If you use the partitionName property on the MCBean:ServerConfig Profile Service component, the system returns a null value for the property. Use the PartionName from the MCBean:HAPartition managed component to obtain the correct value. - nodeAddress is unused and can be ignored.
- stateTransferTimeout specifies the timeout (in milliseconds) for initial application state transfer. State transfer refers to the process of obtaining a serialized copy of initial application state from other already-running cluster members at service start up. Its default value is
30000
. - methodCallTimeout specifies the timeout (in milliseconds) for obtaining responses to group RPCs from the other cluster members. Its default value is
60000
.
HAPartitionCacheHandler
is a small utility service that helps the HAPartition integrate with JBoss Cache (see Section 21.2.1, “The JBoss Enterprise Application Platform CacheManager Service”). HAPartition exposes a child service called DistributedState (see Section 21.3.2, “DistributedState Service”) that uses JBoss Cache; the HAPartitionCacheHandler
helps ensure consistent configuration between the JGroups Channel
used by Distributed State's cache and the one used directly by HAPartition.
- cacheConfigName the name of the JBoss Cache configuration to use for the HAPartition-related cache. Indirectly, this also specifies the name of the JGroups protocol stack configuration HAPartition should use. See Section 29.1.5, “JGroups Integration” for more on how the JGroups protocol stack is configured.
partitionName
and the HAPartitionCacheHandler
's cacheConfigName
must specify an identical JBoss Cache configuration. Changes in either element on some but not all nodes would prevent proper clustering behavior.
http://hostname:8080/jmx-console/
) and then clicking on the jboss:service=HAPartition,partition=DefaultPartition
MBean (change the MBean name to reflect your partitioner name if you use the -g switch). A list of IP addresses for the current cluster members is shown in the CurrentView field.
Note
21.3.1. DistributedReplicantManager Service
DistributedReplicantManager
(DRM) service is a component of the HAPartition service made available to HAPartition users via the HAPartition.getDistributedReplicantManager()
method. Generally speaking, JBoss Enterprise Application Platform users will not directly make use of the DRM; we discuss it here as an aid to those who want a deeper understanding of how Enterprise Application Platform clustering internals work.
- Clustered Smart ProxiesHere the keys are the names of the various services that need a clustered smart proxy (see Section 20.2.1, “Client-side interceptor architecture”, e.g. the name of a clustered EJB. The value object each node stores in the DRM is known as a "target". It's something a smart proxy's transport layer can use to contact the node (e.g. an RMI stub, an HTTP URL or a JBoss Remoting
InvokerLocator
). The factory that builds clustered smart proxies accesses the DRM to get the set of "targets" that should be injected into the proxy to allow it to communicate with all the nodes in a cluster. - HASingletonHere the keys are the names of the various services that need to function as High Availability Singletons (see the HASingleton chapter). The value object each node stores in the DRM is simply a String that acts as a token to indicate that the node has the service deployed, and thus is a candidate to become the "master" node for the HA singleton service.
21.3.2. DistributedState Service
DistributedState
service is a legacy component of the HAPartition service made available to HAPartition users via the HAPartition.getDistributedState()
method. This service provides coordinated management of arbitrary application state around the cluster. It is supported for backwards compatibility reasons, but new applications should not use it; they should use the much more sophisticated JBoss Cache instead.
DistributedState
service actually delegates to an underlying JBoss Cache instance.
21.3.3. Custom Use of HAPartition
org.jboss.ha.framework.server.HAServiceImpl
base class, or the org.jboss.ha.jxm.HAServiceMBeanSupport
class if JMX registration and notification support are desired.
Chapter 22. Clustered JNDI Services
- Transparent failover of naming operations. If an HA-JNDI naming Context is connected to the HA-JNDI service on a particular JBoss Enterprise Application Platform instance, and that service fails or is shut down, the HA-JNDI client can transparently fail over to another Enterprise Application Platform instance.
- Load balancing of naming operations. A HA-JNDI naming Context will automatically load balance its requests across all the HA-JNDI servers in the cluster.
- Automatic client discovery of HA-JNDI servers (using multicast).
- Unified view of JNDI trees cluster-wide. A client can connect to the HA-JNDI service running on any node in the cluster and find objects bound in JNDI on any other node. This is accomplished via two mechanisms:
- Cross-cluster lookups. A client can perform a lookup and the server side HA-JNDI service has the ability to find things bound in regular JNDI on any node in the cluster.
- A replicated cluster-wide context tree. An object bound into the HA-JNDI service will be replicated around the cluster, and a copy of that object will be available in-VM on each node in the cluster.
- If an EJB is not configured as clustered, looking up the EJB via HA-JNDI does not somehow result in the addition of clustering capabilities (load balancing of EJB calls, transparent failover, state replication) to the EJB.
- If an EJB is configured as clustered, looking up the EJB via regular JNDI instead of HA-JNDI does not somehow result in the removal of the bean proxy's clustering capabilities.
22.1. How it works
InitialContext
object) and invokes JNDI lookup services on the remote server through the proxy. The client specifies that it wants an HA-JNDI proxy by configuring the naming properties used by the InitialContext
object. This is covered in detail in Section 22.2, “Client configuration”. Other than the need to ensure the appropriate naming properties are provided to the InitialContext
, the fact that the naming Context is using HA-JNDI is completely transparent to the client.
- It avoids migration issues with applications that assume that their JNDI implementation is local. This allows clustering to work out-of-the-box with just a few tweaks of configuration files.
- In a homogeneous cluster, this configuration actually cuts down on the amount of network traffic. A homogeneous cluster is one where the same types of objects are bound under the same names on each node.
- Designing it in this way makes the HA-JNDI service an optional service since all underlying cluster code uses a straight new
InitialContext
to lookup or create bindings.
new InitialContext()
will be bound to the local-only, non-cluster-wide JNDI Context. So, all EJB homes and such will not be bound to the cluster-wide JNDI Context, but rather, each home will be bound into the local JNDI.
- If the binding is available in the cluster-wide JNDI tree, return it.
- If the binding is not in the cluster-wide tree, delegate the lookup query to the local JNDI service and return the received answer if available.
- If not available, the HA-JNDI service asks all other nodes in the cluster if their local JNDI service owns such a binding and returns the answer from the set it receives.
- If no local JNDI service owns such a binding, a
NameNotFoundException
is finally raised.
Note
Note
Note
ExternalContext
MBean to bind non-JBoss JNDI trees into the JBoss JNDI namespace. Furthermore, nothing prevents you using one centralized JNDI server for your whole cluster and scrapping HA-JNDI and JNP.
22.2. Client configuration
InitialContext
is created. How this is done varies depending on whether the client is running inside JBoss Enterprise Application Platform itself or is in another VM.
22.2.1. For clients running inside the Enterprise Application Platform
InitialContext
by passing in JNDI properties to the constructor. The following code shows how to create a naming Context bound to HA-JNDI:
Properties p = new Properties(); p.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory"); p.put(Context.URL_PKG_PREFIXES, "jboss.naming:org.jnp.interfaces"); // HA-JNDI is listening on the address passed to JBoss via -b String bindAddress = System.getProperty("jboss.bind.address", "localhost"); p.put(Context.PROVIDER_URL, bindAddress + ":1100"); // HA-JNDI address and port. return new InitialContext(p);
deploy/cluster/hajndi-jboss-beans.xml
file (see Section 22.3, “JBoss configuration”). By default this service listens on the interface named via the jboss.bind.address
system property, which itself is set to whatever value you assign to the -b
command line option when you start JBoss Enterprise Application Platform (or localhost
if not specified). The above code shows an example of accessing this property.
InitialContext
to statically find the in-VM HA-JNDI by specifying the jnp.partitionName
property:
Properties p = new Properties(); p.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory"); p.put(Context.URL_PKG_PREFIXES, "jboss.naming:org.jnp.interfaces"); // HA-JNDI is registered under the partition name passed to JBoss via -g String partitionName = System.getProperty("jboss.partition.name", "DefaultPartition"); p.put("jnp.partitionName", partitionName); return new InitialContext(p);
jboss.partition.name
system property to identify the partition with which the HA-JNDI service works. This system property is set to whatever value you assign to the -g
command line option when you start JBoss Enterprise Application Platform (or DefaultPartition
if not specified).
jndi.properties
file in your deployment or by editing the Enterprise Application Platform's conf/jndi.properties
file. Doing either will almost certainly break things for your application and quite possibly across the server. If you want to externalize your client configuration, one approach is to deploy a properties file not named jndi.properties
, and then programatically create a Properties
object that loads that file's contents.
22.2.1.1. Accessing HA-JNDI Resources from EJBs and WARs -- Environment Naming Context
<resource-ref> <res-ref-name>jms/ConnectionFactory</res-ref-name> <res-type>javax.jms.QueueConnectionFactory</res-type> <res-auth>Container</res-auth> </resource-ref> <resource-ref> <res-ref-name>jms/Queue</res-ref-name> <res-type>javax.jms.Queue</res-type> <res-auth>Container</res-auth> </resource-ref>
<resource-ref> <res-ref-name>jms/ConnectionFactory</res-ref-name> <jndi-name>jnp://${jboss.bind.address}:1100/ConnectionFactory</jndi-name> </resource-ref> <resource-ref> <res-ref-name>jms/Queue</res-ref-name> <jndi-name>jnp://${jboss.bind.address}:1100/queue/A</jndi-name> </resource-ref>
${jboss.bind.address}
syntax used above tells JBoss to use the value of the jboss.bind.address
system property when determining the URL. That system property is itself set to whatever value you assign to the -b
command line option when you start JBoss Enterprise Application Platform.
22.2.1.2. Why do this programmatically and not just put this in a jndi.properties file?
conf/jndi.properties
file, which should not be edited.
22.2.1.3. How can I tell if things are being bound into HA-JNDI that should not be?
list
operation on the jboss:service=JNDIView
mbean. Towards the bottom of the results, the contents of the "HA-JNDI Namespace" are listed. Typically this will be empty; if any of your own deployments are shown there and you did not explicitly bind them there, there's probably an improper jndi.properties file on the classpath. Please visit the following link for an example: Problem with removing a Node from Cluster.
22.2.2. For clients running outside the Enterprise Application Platform
java.naming.provider.url
JNDI setting in the jndi.properties
file. Each server node is identified by its IP address and the JNDI port number. The server nodes are separated by commas (see Section 22.3, “JBoss configuration” for how to configure the servers and ports).
java.naming.provider.url=server1:1100,server2:1100,server3:1100,server4:1100
Note
java.naming.provider.url
is empty or if all servers it mentions are not reachable, the JNP client will try to discover a HA-JNDI server through a multicast call on the network (auto-discovery). See Section 22.3, “JBoss configuration” for how to configure auto-discovery on the JNDI server nodes. Through auto-discovery, the client might be able to get a valid HA-JNDI server node without any configuration. Of course, for auto-discovery to work, the network segment(s) between the client and the server cluster must be configured to propagate such multicast datagrams.
Note
java.naming.provider.url
property, you can specify a set of other properties. The following list shows all clustering-related client side properties you can specify when creating a new InitialContext
. (All of the standard, non-clustering-related environment properties used with regular JNDI are also available.)
java.naming.provider.url
: Provides a list of IP addresses and port numbers for HA-JNDI provider nodes in the cluster. The client tries those providers one by one and uses the first one that responds.jnp.disableDiscovery
: When set totrue
, this property disables the automatic discovery feature. Default isfalse
.jnp.partitionName
: In an environment where multiple HA-JNDI services bound to distinct clusters (a.k.a. partitions), are running, this property allows you to ensure that your client only accepts automatic-discovery responses from servers in the desired partition. If you do not use the automatic discovery feature (i.e. jnp.disableDiscovery is true), this property is not used. By default, this property is not set and the automatic discovery selects the first HA-JNDI server that responds, regardless of the cluster partition name.jnp.discoveryTimeout
: Determines how many milliseconds the context will wait for a response to its automatic discovery packet. Default is 5000 ms.jnp.discoveryGroup
: Determines which multicast group address is used for the automatic discovery. Default is 230.0.0.4. Must match the value of the AutoDiscoveryAddress configured on the server side HA-JNDI service. Note that the server side HA-JNDI service by default listens on the address specified via the-u
switch, so if-u
is used on the server side (as is recommended), jnp.discoveryGroup will need to be configured on the client side.jnp.discoveryPort
: Determines which multicast port is used for the automatic discovery. Default is 1102. Must match the value of the AutoDiscoveryPort configured on the server side HA-JNDI service.jnp.discoveryTTL
: specifies the TTL (time-to-live) for autodiscovery IP multicast packets. This value represents the number of network hops a multicast packet can be allowed to propagate before networking equipment should drop the packet. Despite its name, it does not represent a unit of time.
22.3. JBoss configuration
hajndi-jboss-beans.xml
file in the <JBOSS_HOME>/server/production/deploy/cluster
directory includes the following bean to enable HA-JNDI services.
<bean name="HAJNDI" class="org.jboss.ha.jndi.HANamingService"> <annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX (name="jboss:service=HAJNDI", exposedInterface=org.jboss.ha.jndi.HANamingServiceMBean.class)</annotation> <!-- The partition used for group RPCs to find locally bound objects on other nodes --> <property name="HAPartition"><inject bean="HAPartition"/></property> <!-- Handler for the replicated tree --> <property name="distributedTreeManager"> <bean class="org.jboss.ha.jndi.impl.jbc.JBossCacheDistributedTreeManager"> <property name="cacheHandler"><inject bean="HAPartitionCacheHandler"/></property> </bean> </property> <property name="localNamingInstance"> <inject bean="jboss:service=NamingBeanImpl" property="namingInstance"/> </property> <!-- The thread pool used to control the bootstrap and auto discovery lookups --> <property name="lookupPool"><inject bean="jboss.system:service=ThreadPool"/></property> <!-- Bind address of bootstrap endpoint --> <property name="bindAddress">${jboss.bind.address}</property> <!-- Port on which the HA-JNDI stub is made available --> <property name="port"> <!-- Get the port from the ServiceBindingManager --> <value-factory bean="ServiceBindingManager" method="getIntBinding"> <parameter>jboss:service=HAJNDI</parameter> <parameter>Port</parameter> </value-factory> </property> <!-- Bind address of the HA-JNDI RMI endpoint --> <property name="rmiBindAddress">${jboss.bind.address}</property> <!-- RmiPort to be used by the HA-JNDI service once bound. 0 = ephemeral. --> <property name="rmiPort"> <!-- Get the port from the ServiceBindingManager --> <value-factory bean="ServiceBindingManager" method="getIntBinding"> <parameter>jboss:service=HAJNDI</parameter> <parameter>RmiPort</parameter> </value-factory> </property> <!-- Accept backlog of the bootstrap socket --> <property name="backlog">50</property> <!-- A flag to disable the auto discovery via multicast --> <property name="discoveryDisabled">false</property> <!-- Set the auto-discovery bootstrap multicast bind address. If not specified and a BindAddress is specified, the BindAddress will be used. --> <property name="autoDiscoveryBindAddress">${jboss.bind.address}</property> <!-- Multicast Address and group port used for auto-discovery --> <property name="autoDiscoveryAddress">${jboss.partition.udpGroup:230.0.0.4}</property> <property name="autoDiscoveryGroup">1102</property> <!-- The TTL (time-to-live) for autodiscovery IP multicast packets --> <property name="autoDiscoveryTTL">16</property> <!-- The load balancing policy for HA-JNDI --> <property name="loadBalancePolicy">org.jboss.ha.framework.interfaces.RoundRobin</property> <!-- Client socket factory to be used for client-server RMI invocations during JNDI queries <property name="clientSocketFactory">custom</property> --> <!-- Server socket factory to be used for client-server RMI invocations during JNDI queries <property name="serverSocketFactory">custom</property> --> </bean>
- HAPartition accepts the core clustering service used manage HA-JNDI's clustered proxies and to make the group RPCs that find locally bound objects on other nodes. See Section 21.3, “The HAPartition Service” for more.
- distributedTreeManager accepts a handler for the replicated tree. The standard handler uses JBoss Cache to manage the replicated tree. The JBoss Cache instance is retrieved using the injected
HAPartitionCacheHandler
bean. See Section 21.3, “The HAPartition Service” for more details. - localNamingInstance accepts the reference to the local JNDI service.
- lookupPool accepts the thread pool used to provide threads to handle the bootstrap and auto discovery lookups.
- bindAddress specifies the address to which the HA-JNDI server will bind to listen for naming proxy download requests from JNP clients. The default value is the value of the
jboss.bind.address
system property, orlocalhost
if that property is not set. Thejboss.bind.address
system property is set if the-b
command line switch is used when JBoss is started. - port specifies the port to which the HA-JNDI server will bind to listen for naming proxy download requests from JNP clients. The value is obtained from the ServiceBindingManager bean configured in
conf/bootstrap/bindings.xml
. The default value is1100
. - backlog specifies the maximum queue length for incoming connection indications for the TCP server socket on which the service listens for naming proxy download requests from JNP clients. The default value is
50
. - rmiBindAddress specifies the address to which the HA-JNDI server will bind to listen for RMI requests (e.g. for JNDI lookups) from naming proxies. The default value is the value of the
jboss.bind.address
system property, orlocalhost
if that property is not set. Thejboss.bind.address
system property is set if the-b
command line switch is used when JBoss is started. - rmiPort specifies the port to which the server will bind to communicate with the downloaded stub. The value is obtained from the ServiceBindingManager bean configured in
conf/bootstrap/bindings.xml
. The default value is1101
. If no value is set, the operating system automatically assigns a port. - discoveryDisabled is a boolean flag that disables configuration of the auto discovery multicast listener. The default is
false
. - autoDiscoveryAddress specifies the multicast address to listen to for JNDI automatic discovery. The default value is the value of the
jboss.partition.udpGroup
system property, or 230.0.0.4 if that is not set. Thejboss.partition.udpGroup
system property is set if the-u
command line switch is used when JBoss is started. - autoDiscoveryGroup specifies the port to listen on for multicast JNDI automatic discovery packets. The default value is
1102
. - autoDiscoveryBindAddress sets the interface on which HA-JNDI should listen for auto-discovery request packets. If this attribute is not specified and a
bindAddress
is specified, thebindAddress
will be used. - autoDiscoveryTTL specifies the TTL (time-to-live) for autodiscovery IP multicast packets. This value represents the number of network hops a multicast packet can be allowed to propagate before networking equipment should drop the packet. Despite its name, it does not represent a unit of time.
- loadBalancePolicy specifies the class name of the LoadBalancePolicy implementation that should be included in the client proxy. See Chapter 19, Introduction and Quick Start the Introduction and Quick Start chapter for details.
- clientSocketFactory is an optional attribute that specifies the fully qualified classname of the
java.rmi.server.RMIClientSocketFactory
that should be used to create client sockets. The default isnull
. - serverSocketFactory is an optional attribute that specifies the fully qualified classname of the
java.rmi.server.RMIServerSocketFactory
that should be used to create server sockets. The default isnull
.
22.3.1. Adding a Second HA-JNDI Service
<-- Cache Handler for secondary HAPartition --> <bean name="SecondaryHAPartitionCacheHandler" class="org.jboss.ha.framework.server.HAPartitionCacheHandlerImpl"> <property name="cacheManager"><inject bean="CacheManager"/></property> <property name="cacheConfigName">secondary-ha-partition</property> </bean> <-- The secondary HAPartition --> <bean name="SecondaryHAPartition" class="org.jboss.ha.framework.server.ClusterPartition"> <depends>jboss:service=Naming</depends> <annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX (name="jboss:service=HAPartition,partition=SecondaryPartition", exposedInterface=org.jboss.ha.framework.server.ClusterPartitionMBean.class, registerDirectly=true)</annotation> <property name="cacheHandler"><inject bean="SecondaryHAPartitionCacheHandler"/></property> <property name="partitionName">SecondaryPartition</property> .... </bean> <bean name="MySpecialPartitionHAJNDI" class="org.jboss.ha.jndi.HANamingService"> <annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX (name="jboss:service=HAJNDI,partitionName=SecondaryPartition", exposedInterface=org.jboss.ha.jndi.HANamingServiceMBean.class)</annotation> <property name="HAPartition"><inject bean="SecondaryHAPartition"/></property> <property name="distributedTreeManager"> <bean class="org.jboss.ha.jndi.impl.jbc.JBossCacheDistributedTreeManager"> <property name="cacheHandler"><inject bean="SecondaryHAPartitionPartitionCacheHandler"/></property> </bean> </property> <property name="port">56789</property> <property name="rmiPort">56790</property> <property name="autoDiscoveryGroup">56791</property> ..... </bean>
Chapter 23. Clustered Session EJBs
23.1. Stateless Session Bean in EJB 3.0
@Clustered
annotation. This annotation contains optional parameters for overriding both the load balance policy and partition to use.
public @interface Clustered { String partition() default "${jboss.partition.name:DefaultPartition}"; String loadBalancePolicy() default "LoadBalancePolicy"; }
- partition specifies the name of the cluster the bean participates in. While the
@Clustered
annotation lets you override the default partition,DefaultPartition
, for an individual bean, you can override this for all beans using thejboss.partition.name
system property. - loadBalancePolicy defines the name of a class implementing
org.jboss.ha.client.loadbalance.LoadBalancePolicy
, indicating how the bean stub should balance calls made on the nodes of the cluster. The default value,LoadBalancePolicy
is a special token indicating the default policy for the session bean type. For stateless session beans, the default policy isorg.jboss.ha.client.loadbalance.RoundRobin
. You can override the default value using your own implementation, or choose one from the list of available policies:-
org.jboss.ha.client.loadbalance.RoundRobin
- Starting with a random target, always favors the next available target in the list, ensuring maximum load balancing always occurs.
-
org.jboss.ha.client.loadbalance.RandomRobin
- Randomly selects its target without any consideration to previously selected targets.
-
org.jboss.ha.client.loadbalance.aop.FirstAvailable
- Once a target is chosen, always favors that same target; i.e. no further load balancing occurs. Useful in cases where "sticky session" behavior is desired, e.g. stateful session beans.
-
org.jboss.ha.client.loadbalance.aop.FirstAvailableIdenticalAllProxies
- Similar to
FirstAvailable
, except that the favored target is shared across all proxies.
-
@Stateless @Clustered public class MyBean implements MySessionInt { public void test() { // Do something cool } }
@Clustered
annotation, you can also enable clustering for a session bean in jboss.xml:
<jboss> <enterprise-beans> <session> <ejb-name>NonAnnotationStateful</ejb-name> <clustered>true</clustered> <cluster-config> <partition-name>FooPartition</partition-name> <load-balance-policy>org.jboss.ha.framework.interfaces.RandomRobin</load-balance-policy> </cluster-config> </session> </enterprise-beans> </jboss>
Note
<clustered>true</clustered>
element is really just an alias for the <container-name>Clustered Stateless SessionBean</container-name>
element in the conf/standardjboss.xml file.
@Clustered
annotation.
23.2. Stateful Session Beans in EJB 3.0
23.2.1. The EJB application configuration
@Clustered
annotation, just as we did with the EJB 3.0 stateless session bean earlier. In contrast to stateless session beans, stateful session bean method invocations are load balanced using org.jboss.ha.client.loadbalance.aop.FirstAvailable
policy, by default. Using this policy, methods invocations will stick to a randomly chosen node.
@org.jboss.ejb3.annotation.CacheConfig
annotation can also be applied to the bean to override the default caching behavior. Below is the definition of the @CacheConfig
annotation:
public @interface CacheConfig { String name() default ""; int maxSize() default 10000; long idleTimeoutSeconds() default 300; boolean replicationIsPassivation() default true; long removalTimeoutSeconds() default 0; }
name
specifies the name of a cache configuration registered with theCacheManager
service discussed in Section 23.2.3, “CacheManager service configuration”. By default, thesfsb-cache
configuration will be used.maxSize
specifies the maximum number of beans that can cached before the cache should start passivating beans, using an LRU algorithm.idleTimeoutSeconds
specifies the max period of time a bean can go unused before the cache should passivate it (regardless of whether maxSize beans are cached.)removalTimeoutSeconds
specifies the max period of time a bean can go unused before the cache should remove it altogether.replicationIsPassivation
specifies whether the cache should consider a replication as being equivalent to a passivation, and invoke any @PrePassivate and @PostActivate callbacks on the bean. By default true, since replication involves serializing the bean, and preparing for and recovering from serialization is a common reason for implementing the callback methods.
@Stateful @Clustered @CacheConfig(maxSize=5000, removalTimeoutSeconds=18000) public class MyBean implements MySessionInt { private int state = 0; public void increment() { System.out.println("counter: " + (state++)); } }
<jboss> <enterprise-beans> <session> <ejb-name>NonAnnotationStateful</ejb-name> <clustered>true</clustered> <cache-config> <cache-max-size>5000</cache-max-size> <remove-timeout-seconds>18000</remove-timeout-seconds> </cache-config> </session> </enterprise-beans> </jboss>
23.2.2. Optimize state replication
public interface Optimized { boolean isModified(); }
Optimized
interface. If this is the case, the container calls the isModified()
method and will only replicate the bean when the method returns true
. If the bean has not been modified (or not enough to require replication, depending on your own preferences), you can return false
and the replication would not occur.
23.2.3. CacheManager service configuration
CacheManager
service, described in Section 21.2.1, “The JBoss Enterprise Application Platform CacheManager Service” is both a factory and registry of JBoss Cache instances. By default, stateful session beans use the sfsb-cache
configuration from the CacheManager
, defined as follows:
<bean name="StandardSFSBCacheConfig" class="org.jboss.cache.config.Configuration"> <!-- No transaction manager lookup --> <!-- Name of cluster. Needs to be the same for all members --> <property name="clusterName">${jboss.partition.name:DefaultPartition}-SFSBCache</property> <!-- Use a UDP (multicast) based stack. Need JGroups flow control (FC) because we are using asynchronous replication. --> <property name="multiplexerStack">${jboss.default.jgroups.stack:udp}</property> <property name="fetchInMemoryState">true</property> <property name="nodeLockingScheme">PESSIMISTIC</property> <property name="isolationLevel">REPEATABLE_READ</property> <property name="useLockStriping">false</property> <property name="cacheMode">REPL_ASYNC</property> <!-- Number of milliseconds to wait until all responses for a synchronous call have been received. Make this longer than lockAcquisitionTimeout. --> <property name="syncReplTimeout">17500</property> <!-- Max number of milliseconds to wait for a lock acquisition --> <property name="lockAcquisitionTimeout">15000</property> <!-- The max amount of time (in milliseconds) we wait until the state (ie. the contents of the cache) are retrieved from existing members at startup. --> <property name="stateRetrievalTimeout">60000</property> <!-- SFSBs use region-based marshalling to provide for partial state transfer during deployment/undeployment. --> <property name="useRegionBasedMarshalling">false</property> <!-- Must match the value of "useRegionBasedMarshalling" --> <property name="inactiveOnStartup">false</property> <!-- Disable asynchronous RPC marshalling/sending --> <property name="serializationExecutorPoolSize">0</property> <!-- We have no asynchronous notification listeners --> <property name="listenerAsyncPoolSize">0</property> <property name="exposeManagementStatistics">true</property> <property name="buddyReplicationConfig"> <bean class="org.jboss.cache.config.BuddyReplicationConfig"> <!-- Just set to true to turn on buddy replication --> <property name="enabled">false</property> <!-- A way to specify a preferred replication group. We try and pick a buddy who shares the same pool name (falling back to other buddies if not available). --> <property name="buddyPoolName">default</property> <property name="buddyCommunicationTimeout">17500</property> <!-- Do not change these --> <property name="autoDataGravitation">false</property> <property name="dataGravitationRemoveOnFind">true</property> <property name="dataGravitationSearchBackupTrees">true</property> <property name="buddyLocatorConfig"> <bean class="org.jboss.cache.buddyreplication.NextMemberBuddyLocatorConfig"> <!-- The number of backup nodes we maintain --> <property name="numBuddies">1</property> <!-- Means that each node will *try* to select a buddy on a different physical host. If not able to do so though, it will fall back to colocated nodes. --> <property name="ignoreColocatedBuddies">true</property> </bean> </property> </bean> </property> <property name="cacheLoaderConfig"> <bean class="org.jboss.cache.config.CacheLoaderConfig"> <!-- Do not change these --> <property name="passivation">true</property> <property name="shared">false</property> <property name="individualCacheLoaderConfigs"> <list> <bean class="org.jboss.cache.loader.FileCacheLoaderConfig"> <!-- Where passivated sessions are stored --> <property name="location">${jboss.server.data.dir}${/}sfsb</property> <!-- Do not change these --> <property name="async">false</property> <property name="fetchPersistentState">true</property> <property name="purgeOnStartup">true</property> <property name="ignoreModifications">false</property> <property name="checkCharacterPortability">false</property> </bean> </list> </property> </bean> </property> <!-- EJBs use JBoss Cache eviction --> <property name="evictionConfig"> <bean class="org.jboss.cache.config.EvictionConfig"> <property name="wakeupInterval">5000</property> <!-- Overall default --> <property name="defaultEvictionRegionConfig"> <bean class="org.jboss.cache.config.EvictionRegionConfig"> <property name="regionName">/</property> <property name="evictionAlgorithmConfig"> <bean class="org.jboss.cache.eviction.NullEvictionAlgorithmConfig"/> </property> </bean> </property> <!-- EJB3 integration code will programatically create other regions as beans are deployed --> </bean> </property> </bean>
The default SFSB cache is configured to support eviction. The EJB3 SFSB container uses the JBoss Cache eviction mechanism to manage SFSB passivation. When beans are deployed, the EJB container will programatically add eviction regions to the cache, one region per bean type.
A JBoss Cache CacheLoader is also configured; again to support SFSB passivation. When beans are evicted from the cache, the cache loader passivates them to a persistent store; in this case to the file system in the <JBOSS_HOME>/server/production/data/sfsb
directory. JBoss Cache supports a variety of different CacheLoader implementations that know how to store data to different persistent store types; see the JBoss Cache documentation for details. However, if you change the CacheLoaderConfiguration, be sure that you do not use a shared store, e.g. a single schema in a shared database. Each node in the cluster must have its own persistent store, otherwise as nodes independently passivate and activate clustered beans, they will corrupt each other's data.
Using buddy replication, state is replicated to a configurable number of backup servers in the cluster (a.k.a. buddies), rather than to all servers in the cluster. To enable buddy replication, adjust the following properties in the buddyReplicationConfig
property bean:
- Set
enabled
totrue
. - Use the
buddyPoolName
to form logical subgroups of nodes within the cluster. If possible, buddies will be chosen from nodes in the same buddy pool. - Adjust the
buddyLocatorConfig.numBuddies
property to reflect the number of backup nodes to which each node should replicate its state.
23.3. Stateless Session Bean in EJB 2.x
jboss.xml
descriptor to contain a <clustered>
tag.
<jboss> <enterprise-beans> <session> <ejb-name>nextgen.StatelessSession</ejb-name> <jndi-name>nextgen.StatelessSession</jndi-name> <clustered>true</clustered> <cluster-config> <partition-name>DefaultPartition</partition-name> <home-load-balance-policy>org.jboss.ha.framework.interfaces.RoundRobin</home-load-balance-policy> <bean-load-balance-policy>org.jboss.ha.framework.interfaces.RoundRobin</bean-load-balance-policy> </cluster-config> </session> </enterprise-beans> </jboss>
- partition-name specifies the name of the cluster the bean participates in. The default value is
DefaultPartition
. The default partition name can also be set system-wide using thejboss.partition.name
system property. - home-load-balance-policy indicates the class to be used by the home stub to balance calls made on the nodes of the cluster. By default, the proxy will load-balance calls in a
RoundRobin
fashion. - bean-load-balance-policy Indicates the class to be used by the bean stub to balance calls made on the nodes of the cluster. By default, the proxy will load-balance calls in a
RoundRobin
fashion.
23.4. Stateful Session Bean in EJB 2.x
HASessionStateService
bean to manage distributed session states for clustered EJB 2.x stateful session beans. In this section, we cover both the session bean configuration and the HASessionStateService
bean configuration.
23.4.1. The EJB application configuration
jboss.xml
descriptor file for each stateful session bean and add the <clustered>
tag.
<jboss> <enterprise-beans> <session> <ejb-name>nextgen.StatefulSession</ejb-name> <jndi-name>nextgen.StatefulSession</jndi-name> <clustered>True</clustered> <cluster-config> <partition-name>DefaultPartition</partition-name> <home-load-balance-policy>org.jboss.ha.framework.interfaces.RoundRobin</home-load-balance-policy> <bean-load-balance-policy>org.jboss.ha.framework.interfaces.FirstAvailable</bean-load-balance-policy> <session-state-manager-jndi-name>/HASessionState/Default</session-state-manager-jndi-name> </cluster-config> </session> </enterprise-beans> </jboss>
<clustered>
tag is mandatory to indicate that the bean works in a cluster. The <cluster-config>
element is optional and its default attribute values are indicated in the sample configuration above.
<session-state-manager-jndi-name>
tag is used to give the JNDI name of the HASessionStateService
to be used by this bean.
23.4.2. Optimize state replication
public boolean isModified();
isModified()
method and it only replicates the bean when the method returns true
. If the bean has not been modified (or not enough to require replication, depending on your own preferences), you can return false
and the replication would not occur.
23.4.3. The HASessionStateService configuration
HASessionStateService
bean is defined in the <JBOSS_HOME>/server/<PROFILE>/deploy/cluster/ha-legacy-jboss-beans.xml
file.
<bean name="HASessionStateService" class="org.jboss.ha.hasessionstate.server.HASessionStateService"> <annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX (name="jboss:service=HASessionState", exposedInterface=org.jboss.ha.hasessionstate.server. HASessionStateServiceMBean.class, registerDirectly=true)</annotation> <!-- Partition used for group RPCs --> <property name="HAPartition"><inject bean="HAPartition"/></property> <!-- JNDI name under which the service is bound --> <property name="jndiName">/HASessionState/Default</property> <!-- Max delay before cleaning unreclaimed state. Defaults to 30*60*1000 => 30 minutes --> <property name="beanCleaningDelay">0</property> </bean>
HASessionStateService
bean are listed below.
- HAPartition is a required attribute to inject the HAPartition service that HA-JNDI uses for intra-cluster communication.
- jndiName is an optional attribute to specify the JNDI name under which this
HASessionStateService
bean is bound. The default value is/HAPartition/Default
. - beanCleaningDelay is an optional attribute to specify the number of milliseconds after which the
HASessionStateService
can clean a state that has not been modified. If a node, owning a bean, crashes, its brother node will take ownership of this bean. Nevertheless, the container cache of the brother node will not know about it (because it has never seen it before) and will never delete according to the cleaning settings of the bean. That is why theHASessionStateService
needs to do this cleanup sometimes. The default value is30*60*1000
milliseconds (i.e., 30 minutes).
23.4.4. Handling Cluster Restart
<jboss> <session> <ejb-name>nextgen_RetryInterceptorStatelessSession</ejb-name> <invoker-bindings> <invoker> <invoker-proxy-binding-name>clustered-retry-stateless-rmi-invoker</invoker-proxy-binding-name> <jndi-name>nextgen_RetryInterceptorStatelessSession</jndi-name> </invoker> </invoker-bindings> <clustered>true</clustered> </session> <invoker-proxy-binding> <name>clustered-retry-stateless-rmi-invoker</name> <invoker-mbean>jboss:service=invoker,type=jrmpha</invoker-mbean> <proxy-factory>org.jboss.proxy.ejb.ProxyFactoryHA</proxy-factory> <proxy-factory-config> <client-interceptors> <home> <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor> <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor> <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor> <interceptor>org.jboss.proxy.ejb.RetryInterceptor</interceptor> <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor> </home> <bean> <interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor> <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor> <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor> <interceptor>org.jboss.proxy.ejb.RetryInterceptor</interceptor> <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor> </bean> </client-interceptors> </proxy-factory-config> </invoker-proxy-binding> </jboss>
23.4.5. JNDI Lookup Process
- It will check its own static retryEnv field. This field can be set by client code via a call to RetryInterceptor.setRetryEnv(Properties). This approach to configuration has two downsides: first, it reduces portability by introducing JBoss-specific calls to the client code; and second, since a static field is used only a single configuration per VM is possible.
- If the retryEnv field is null, it will check for any environment properties bound to a ThreadLocal by the org.jboss.naming.NamingContextFactory class. To use this class as your naming context factory, in your jndi.properties set property java.naming.factory.initial=org.jboss.naming.NamingContextFactory. The advantage of this approach is use of org.jboss.naming.NamingContextFactory is simply a configuration option in your jndi.properties file, and thus your java code is unaffected. The downside is the naming properties are stored in a ThreadLocal and thus are only visible to the thread that originally created an InitialContext.
- If neither of the above approaches yield a set of naming environment properties, a default InitialContext is used. If the attempt to contact a naming server is unsuccessful, by default the InitialContext will attempt to fall back on multicast discovery to find an HA-JNDI naming server. See Chapter 22, Clustered JNDI Services for more on multicast discovery of HA-JNDI.
23.4.6. SingleRetryInterceptor
Chapter 24. Clustered Entity EJBs
24.1. Entity Bean in EJB 3.0
24.1.1. Configure the distributed cache
- If you persist a cache-enabled entity bean instance to the database via the entity manager, the entity will be inserted into the cache.
- If you update an entity bean instance, and save the changes to the database via the entity manager, the entity will be updated in the cache.
- If you remove an entity bean instance from the database via the entity manager, the entity will be removed from the cache.
- If loading a cached entity from the database via the entity manager, and that entity does not exist in the database, it will be inserted into the cache.
persistence.xml
, like so:
<?xml version="1.0" encoding="UTF-8"?> <persistence xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/persistence" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd"> <persistence-unit name="tempdb" transaction-type="JTA"> <jta-data-source>java:/DefaultDS</jta-data-source> <properties> <property name="hibernate.cache.use_second_level_cache" value="true"/> <property name="hibernate.cache.use_query_cache" value="true"/> <property name="hibernate.cache.region.factory_class" value="org.hibernate.cache.jbc2.JndiMultiplexedJBossCacheRegionFactory"/> <!-- region factory specific properties --> <property name="hibernate.cache.region.jbc2.cachefactory" value="java:CacheManager"/> <property name="hibernate.cache.region.jbc2.cfg.entity" value="mvcc-entity"/> <property name="hibernate.cache.region.jbc2.cfg.collection" value="mvcc-entity"/> </properties> </persistence-unit> </persistence>
- hibernate.cache.use_second_level_cache
- Enables second-level caching of entities and collections.
- hibernate.cache.use_query_cache
- Enables second-level caching of queries.
- hibernate.cache.region.factory_class
- Defines the
RegionFactory
implementation that dictates region-specific caching behavior. Hibernate ships with 2 types of JBoss Cache-based second-level caches: shared and multiplexed.A shared region factory uses the same Cache for all cache regions - much like the legacy CacheProvider implementation in older Hibernate versions.Hibernate ships with 2 shared region factory implementations:- org.hibernate.cache.jbc2.SharedJBossCacheRegionFactory
- Uses a single JBoss Cache configuration, from a newly instantiated CacheManager, for all cache regions.
Table 24.1. Additional properties for SharedJBossCacheRegionFactory
Property Default Description hibernate.cache.region.jbc2.cfg.shared treecache.xml The classpath or file system resource containing the JBoss Cache configuration settings. hibernate.cache.region.jbc2.cfg.jgroups.stacks org/hibernate/cache/jbc2/builder/jgroups-stacks.xml The classpath or file system resource containing the JGroups protocol stack configurations. - org.hibernate.cache.jbc2.JndiSharedJBossCacheRegionFactory
- Uses a single JBoss Cache configuration, from an existing CacheManager bound to JNDI, for all cache regions.
Table 24.2. Additional properties for JndiSharedJBossCacheRegionFactory
Property Default Description hibernate.cache.region.jbc2.cfg.shared Required JNDI name to which the shared Cache
instance is bound.
A multiplexed region factory uses separate Cache instances, using optimized configurations for each cache region.Table 24.3. Common properties for multiplexed region factory implementations
Property Default Description hibernate.cache.region.jbc2.cfg.entity optimistic-entity The JBoss Cache configuration used for the entity cache region. Alternative configurations: mvcc-entity, pessimistic-entity, mvcc-entity-repeatable, optimistic-entity-repeatable, pessimistic-entity-repeatable hibernate.cache.region.jbc2.cfg.collection optimistic-entity The JBoss Cache configuration used for the collection cache region. The collection cache region typically uses the same configuration as the entity cache region. hibernate.cache.region.jbc2.cfg.query local-query The JBoss Cache configuration used for the query cache region. By default, cached query results are not replicated. Alternative configurations: replicated-query hibernate.cache.region.jbc2.cfg.ts timestamps-cache The JBoss Cache configuration used for the timestamp cache region. If query caching is used, the corresponding timestamp cache must be replicating, even if the query cache is non-replicating. The timestamp cache region must never share the same cache as the query cache. Hibernate ships with 2 shared region factory implementations:- org.hibernate.cache.jbc2.MultiplexedJBossCacheRegionFactory
- Uses separate JBoss Cache configurations, from a newly instantiated CacheManager, per cache region.
Table 24.4. Additional properties for MultiplexedJBossCacheRegionFactory
Property Default Description hibernate.cache.region.jbc2.configs org/hibernate/cache/jbc2/builder/jbc2-configs.xml The classpath or file system resource containing the JBoss Cache configuration settings. hibernate.cache.region.jbc2.cfg.jgroups.stacks org/hibernate/cache/jbc2/builder/jgroups-stacks.xml The classpath or file system resource containing the JGroups protocol stack configurations. - org.hibernate.cache.jbc2.JndiMultiplexedJBossCacheRegionFactory
- Uses separate JBoss Cache configurations, from a JNDI-bound CacheManager, see Section 21.2.1, “The JBoss Enterprise Application Platform CacheManager Service”, per cache region.
Table 24.5. Additional properties for JndiMultiplexedJBossCacheRegionFactory
Property Default Description hibernate.cache.region.jbc2.cachefactory Required JNDI name to which the CacheManager
instance is bound.
24.1.2. Configure the entity beans for cache
@org.hibernate.annotations.Cache
annotation to tag entity beans that needs to be cached.
@Entity @Cache(usage = CacheConcurrencyStrategy.TRANSACTIONAL) public class Account implements Serializable { // ... ... }
jboss-cache-manager-jboss-beans.xml
. For instance, you can specify the size of the cache. If there are too many objects in the cache, the cache can evict the oldest or least used objects, depending on configuration, to make room for new objects. Assuming the region_prefix specified in persistence.xml
was myprefix
, the default name of the cache region for the com.mycompany.entities.Account
entity bean would be /myprefix/com/mycompany/entities/Account
.
<bean name="..." class="org.jboss.cache.config.Configuration"> ... ... <property name="evictionConfig"> <bean class="org.jboss.cache.config.EvictionConfig"> <property name="wakeupInterval">5000</property> <!-- Overall default --> <property name="defaultEvictionRegionConfig"> <bean class="org.jboss.cache.config.EvictionRegionConfig"> <property name="regionName">/</property> <property name="evictionAlgorithmConfig"> <bean class="org.jboss.cache.eviction.LRUAlgorithmConfig"> <!-- Evict LRU node once we have more than this number of nodes --> <property name="maxNodes">10000</property> <!-- And, evict any node that has not been accessed in this many seconds --> <property name="timeToLiveSeconds">1000</property> <!-- Do not evict a node that's been accessed within this many seconds. Set this to a value greater than your max expected transaction length. --> <property name="minTimeToLiveSeconds">120</property> </bean> </property> </bean> </property> <property name="evictionRegionConfigs"> <list> <bean class="org.jboss.cache.config.EvictionRegionConfig"> <property name="regionName">/myprefix/com/mycompany/entities/Account</property> <property name="evictionAlgorithmConfig"> <bean class="org.jboss.cache.eviction.LRUAlgorithmConfig"> <property name="maxNodes">10000</property> <property name="timeToLiveSeconds">5000</property> <property name="minTimeToLiveSeconds">120</property> </bean> </property> </bean> ... ... </list> </property> </bean> </property> </bean>
defaultEvictionRegionConfig
as defined above. The @Cache annotation exposes an optional attribute "region" that lets you specify the cache region where an entity is to be stored, rather than having it be automatically created from the fully-qualified class name of the entity class.
@Entity @Cache(usage = CacheConcurrencyStrategy.TRANSACTIONAL, region = "Account") public class Account implements Serializable { // ... ... }
<bean name="..." class="org.jboss.cache.config.Configuration"> ... ... <property name="evictionConfig"> <bean class="org.jboss.cache.config.EvictionConfig"> <property name="wakeupInterval">5000</property> <!-- Overall default --> <property name="defaultEvictionRegionConfig"> <bean class="org.jboss.cache.config.EvictionRegionConfig"> <property name="regionName">/</property> <property name="evictionAlgorithmConfig"> <bean class="org.jboss.cache.eviction.LRUAlgorithmConfig"> <property name="maxNodes">5000</property> <property name="timeToLiveSeconds">1000</property> <property name="minTimeToLiveSeconds">120</property> </bean> </property> </bean> </property> <property name="evictionRegionConfigs"> <list> <bean class="org.jboss.cache.config.EvictionRegionConfig"> <property name="regionName">/myprefix/Account</property> <property name="evictionAlgorithmConfig"> <bean class="org.jboss.cache.eviction.LRUAlgorithmConfig"> <property name="maxNodes">10000</property> <property name="timeToLiveSeconds">5000</property> <property name="minTimeToLiveSeconds">120</property> </bean> </property> </bean> ... ... </list> </property> </bean> </property> </bean>
24.1.3. Query result caching
<property name="hibernate.cache.use_query_cache" value="true"/>
@Entity @Cache(usage = CacheConcurrencyStrategy.TRANSACTIONAL, region = "Account") @NamedQueries( { @NamedQuery( name = "account.bybranch", query = "select acct from Account as acct where acct.branch = ?1", hints = { @QueryHint(name = "org.hibernate.cacheable", value = "true") } ) }) public class Account implements Serializable { // ... ... }
persistence.xml
, you could, for example, create this sort of eviction handling:
<bean name="..." class="org.jboss.cache.config.Configuration"> ... ... <property name="evictionConfig"> <bean class="org.jboss.cache.config.EvictionConfig"> <property name="wakeupInterval">5000</property> <!-- Overall default --> <property name="defaultEvictionRegionConfig"> <bean class="org.jboss.cache.config.EvictionRegionConfig"> <property name="regionName">/</property> <property name="evictionAlgorithmConfig"> <bean class="org.jboss.cache.eviction.LRUAlgorithmConfig"> <property name="maxNodes">5000</property> <property name="timeToLiveSeconds">1000</property> <property name="minTimeToLiveSeconds">120</property> </bean> </property> </bean> </property> <property name="evictionRegionConfigs"> <list> <bean class="org.jboss.cache.config.EvictionRegionConfig"> <property name="regionName">/myprefix/Account</property> <property name="evictionAlgorithmConfig"> <bean class="org.jboss.cache.eviction.LRUAlgorithmConfig"> <property name="maxNodes">10000</property> <property name="timeToLiveSeconds">5000</property> <property name="minTimeToLiveSeconds">120</property> </bean> </property> </bean> <bean class="org.jboss.cache.config.EvictionRegionConfig"> <property name="regionName">/myprefix/org/hibernate/cache/StandardQueryCache</property> <property name="evictionAlgorithmConfig"> <bean class="org.jboss.cache.eviction.LRUAlgorithmConfig"> <property name="maxNodes">100</property> <property name="timeToLiveSeconds">600</property> <property name="minTimeToLiveSeconds">120</property> </bean> </property> </bean> </list> </property> </bean> </property> </bean>
@Entity @Cache(usage = CacheConcurrencyStrategy.TRANSACTIONAL, region = "Account") @NamedQueries( { @NamedQuery( name = "account.bybranch", query = "select acct from Account as acct where acct.branch = ?1", hints = { @QueryHint(name = "org.hibernate.cacheable", value = "true"), @QueryHint(name = "org.hibernate.cacheRegion", value = "Queries") } ) }) public class Account implements Serializable { // ... ... }
<bean name="..." class="org.jboss.cache.config.Configuration"> ... ... <property name="evictionConfig"> <bean class="org.jboss.cache.config.EvictionConfig"> <property name="wakeupInterval">5000</property> <!-- Overall default --> <property name="defaultEvictionRegionConfig"> <bean class="org.jboss.cache.config.EvictionRegionConfig"> <property name="regionName">/</property> <property name="evictionAlgorithmConfig"> <bean class="org.jboss.cache.eviction.LRUAlgorithmConfig"> <property name="maxNodes">5000</property> <property name="timeToLiveSeconds">1000</property> <property name="minTimeToLiveSeconds">120</property> </bean> </property> </bean> </property> <property name="evictionRegionConfigs"> <list> <bean class="org.jboss.cache.config.EvictionRegionConfig"> <property name="regionName">/myprefix/Account</property> <property name="evictionAlgorithmConfig"> <bean class="org.jboss.cache.eviction.LRUAlgorithmConfig"> <property name="maxNodes">10000</property> <property name="timeToLiveSeconds">5000</property> <property name="minTimeToLiveSeconds">120</property> </bean> </property> </bean> <bean class="org.jboss.cache.config.EvictionRegionConfig"> <property name="regionName">/myprefix/Queries</property> <property name="evictionAlgorithmConfig"> <bean class="org.jboss.cache.eviction.LRUAlgorithmConfig"> <property name="maxNodes">100</property> <property name="timeToLiveSeconds">600</property> <property name="minTimeToLiveSeconds">120</property> </bean> </property> </bean> ... ... </list> </property> </bean> </property> </bean>
24.2. Entity Beans in EJB 2.x
Important
<clustered>
element to the application's jboss.xml
descriptor file. Below is a typical jboss.xml
file.
<jboss> <enterprise-beans> <entity> <ejb-name>nextgen.EnterpriseEntity</ejb-name> <jndi-name>nextgen.EnterpriseEntity</jndi-name> <clustered>True</clustered> <cluster-config> <partition-name>DefaultPartition</partition-name> <home-load-balance-policy>org.jboss.ha.framework.interfaces.RoundRobin</home-load-balance-policy> <bean-load-balance-policy>org.jboss.ha.framework.interfaces.FirstAvailable</bean-load-balance-policy> </cluster-config> </entity> </enterprise-beans> </jboss>
<row-lock>
in the CMP specification) or by setting the Transaction Isolation Level of your JDBC driver to be TRANSACTION_SERIALIZABLE
. Because there is no supported distributed locking mechanism or distributed cache Entity Beans use Commit Option "B" by default (see standardjboss.xml
and the container configurations Clustered CMP 2.x EntityBean, Clustered CMP EntityBean, or Clustered BMP EntityBean). It is not recommended that you use Commit Option "A" unless your Entity Bean is read-only.
Note
Chapter 25. HTTP Services
Chapter 26. JBoss Messaging Clustering Notes
Chapter 27. Clustered Deployment Options
27.1. Clustered Singleton Services

Figure 27.1. Topology before the Master Node fails

Figure 27.2. Topology after the Master Node fails
27.1.1. HASingleton Deployment Options
HAPartition
to provide notifications when different nodes in the cluster start and stop; based on those notifications each node in the cluster can independently (but consistently) determine if it is now the master node and needs to begin providing a service.
27.1.1.1. HASingletonDeployer service
<JBOSS_HOME>/server/<PROFILE>/deploy-hasingleton
directory instead of in deploy
. The deploy-hasingleton
directory does not lie under deploy
nor farm
directories, so its contents are not automatically deployed when an Enterprise Application Platform instance starts. Instead, deploying the contents of this directory is the responsibility of a special service, the HASingletonDeployer
bean (which itself is deployed via the deploy/deploy-hasingleton-jboss-beans.xml
file). The HASingletonDeployer service is itself an HA Singleton, one whose provided service, when it becomes master, is to deploy the contents of deploy-hasingleton; and whose service, when it stops being the master (typically at server shutdown), is to undeploy the contents of deploy-hasingleton
.
deploy-hasingleton
you know that they will be deployed only on the master node in the cluster. If the master node cleanly shuts down, they will be cleanly undeployed as part of shutdown. If the master node fails or is shut down, they will be deployed on whatever node takes over as master.
- There is no hot-deployment feature for services in
deploy-hasingleton
. Redeploying a service that has been deployed todeploy-hasingleton
requires a server restart. - If the master node fails and another node takes over as master, your singleton service needs to go through the entire deployment process before it will be providing services. Depending on the complexity of your service's deployment, and the extent of start up activity in which it engages, this could take a while, during which time the service is not being provided.
27.1.1.2. POJO deployments using HASingletonController
public interface HASingletonExampleMBean { boolean isMasterNode(); }
public class HASingletonExample implements HASingletonExampleMBean { private boolean isMasterNode = false; public boolean isMasterNode() { return isMasterNode; } public void startSingleton() { isMasterNode = true; } public void stopSingleton() { isMasterNode = false; } }
startSingleton
and stopSingleton
in the above example, but you could name the methods anything.
META-INF/jboss-beans.xml
:
<deployment xmlns="urn:jboss:bean-deployer:2.0"> <!-- This bean is an example of a clustered singleton --> <bean name="HASingletonExample" class="org.jboss.ha.examples.HASingletonExample"> <annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX (name="jboss:service=HASingletonExample", exposedInterface=org.jboss.ha.examples.HASingletonExampleMBean.class)</annotation></bean> <bean name="ExampleHASingletonController" class="org.jboss.ha.singleton.HASingletonController"> <annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX(name="jboss:service=ExampleHASingletonController", exposedInterface=org.jboss.ha.singleton.HASingletonControllerMBean.class, registerDirectly=true)</annotation> <property name="HAPartition"><inject bean="HAPartition"/></property> <property name="target"><inject bean="HASingletonExample"/></property> <property name="targetStartMethod">startSingleton</property> <property name="targetStopMethod">stopSingleton</property> </bean> </deployment>
While the <annotation> line in the code sample above has been broken across multiple lines for formatting, ensure it is on a single line if you copy it into a configuration file. The configuration will not work if this line is broken.
|
deploy
or farm
and thus can be hot deployed and farmed deployed. Also, if our example service had complex, time-consuming start up requirements, those could potentially be implemented in create() or start() methods. JBoss will invoke create() and start() as soon as the service is deployed; it does not wait until the node becomes the master node. So, the service could be primed and ready to go, just waiting for the controller to implement startSingleton() at which point it can immediately provide service.
HASingletonController
can support an optional argument for either or both of the target start and stop methods. These are specified using the targetStartMethodArgument
and TargetStopMethodArgument
properties, respectively. Currently, only string values are supported.
27.1.1.3. HASingleton deployments using a Barrier
<depends>jboss.ha:service=HASingletonDeployer,type=Barrier</depends>
Note
BarrierController
is itself destroyed/undeployed. Thus using the Barrier
to control services that need to be "destroyed" as part of their normal “undeploy” operation (like, for example, an EJBContainer
) will not have the desired effect.
27.1.2. Determining the master node
jboss:service=DefaultPartition
mbean. Every member of the cluster will have the same view, with the members in the same order.
HASingletonController
) named Foo that's deployed around the cluster, except, for whatever reason, on B. The HAPartition
service maintains across the cluster a registry of what services are deployed where, in view order. So, on every node in the cluster, the HAPartition
service knows that the view with respect to the Foo service is {A, C, D} (no B).
HAPartition
service invokes a callback on Foo notifying it of the new topology. So, for example, when Foo started on D, the Foo service running on A, C and D all got callbacks telling them the new view for Foo was {A, C, D}. That callback gives each node enough information to independently decide if it is now the master. The Foo service on each node uses the HAPartition
's HASingletonElectionPolicy
to determine if they are the master, as explained in the Section 27.1.2.1, “HA singleton election policy”.
27.1.2.1. HA singleton election policy
HASingletonElectionPolicy
object is responsible for electing a master node from a list of available nodes, on behalf of an HA singleton, following a change in cluster topology.
public interface HASingletonElectionPolicy { ClusterNode elect(List<ClusterNode> nodes); }
-
HASingletonElectionPolicySimple
- This policy selects a master node based relative age. The desired age is configured via the
position
property, which corresponds to the index in the list of available nodes.position = 0
, the default, refers to the oldest node;position = 1
, refers to the 2nd oldest; etc.position
can also be negative to indicate youngness; imagine the list of available nodes as a circular linked list.position = -1
, refers to the youngest node;position = -2
, refers to the 2nd youngest node; etc.<bean class="org.jboss.ha.singleton.HASingletonElectionPolicySimple"> <property name="position">-1</property> </bean>
-
PreferredMasterElectionPolicy
- This policy extends
HASingletonElectionPolicySimple
, allowing the configuration of a preferred node. ThepreferredMaster
property, specified as host:port or address:port, identifies a specific node that should become master, if available. If the preferred node is not available, the election policy will behave as described above.<bean class="org.jboss.ha.singleton.PreferredMasterElectionPolicy"> <property name="preferredMaster">server1:12345</property> </bean>
27.2. Farming Deployment
all/farm/
directory of any cluster member and the application will be automatically duplicate across all nodes in the same cluster. If a node joins the cluster later, it will pull in all farm deployed applications in the cluster and deploy them locally at start-up time. If you delete the application from a running clustered server node's farm/
directory, the application will be undeployed locally and then removed from all other clustered server nodes' farm/
directories (triggering undeployment).
all
configuration in JBoss Enterprise Application Platform and thus requires no manual setup. The required farm-deployment-jboss-beans.xml
and timestamps-jboss-beans.xml
configuration files are located in the deploy/cluster
directory. If you want to enable farming in a custom configuration, simply copy these files to the corresponding JBoss deploy directory <JBOSS_HOME>/server/<PROFILE>/deploy/cluster
. Make sure that your custom configuration has clustering enabled.
FarmProfileRepositoryClusteringHandler
bean, whose properties and default values are listed below:
<bean name="FarmProfileRepositoryClusteringHandler" class="org.jboss.profileservice.cluster.repository. DefaultRepositoryClusteringHandler"> <property name="partition"><inject bean="HAPartition"/></property> <property name="profileDomain">default</property> <property name="profileServer">default</property> <property name="profileName">farm</property> <property name="immutable">false</property> <property name="lockTimeout">60000</property><!-- 1 minute --> <property name="methodCallTimeout">60000</property><!-- 1 minute --> <property name="synchronizationPolicy"><inject bean="FarmProfileSynchronizationPolicy"/></property> </bean>
- partition is a required attribute to inject the HAPartition service that the farm service uses for intra-cluster communication.
- profile[Domain|Server|Name] are all used to identify the server profile for which this handler is intended.
- immutable indicates whether or not this handler allows a node to push content changes to the cluster. A value of
true
is equivalent to settingsynchronizationPolicy
toorg.jboss.system.server.profileservice.repository.clustered.sync.
ImmutableSynchronizationPolicy
. - lockTimeout defines the number of milliseconds to wait for cluster-wide lock acquisition.
- methodCallTimeout defines the number of milliseconds to wait for invocations on remote cluster nodes.
- synchronizationPolicy decides how to handle content additions, reincarnations, updates, or removals from nodes attempting to join the cluster or from cluster merges. The policy is consulted on the "authoritative" node, i.e. the master node for the service on the cluster. Reincarnation refers to the phenomenon where a newly started node may contain an application in its
farm/
directory that was previously removed by the farming service but might still exist on the starting node if it was not running when the removal took place. The default synchronization policy is defined as follows:<bean name="FarmProfileSynchronizationPolicy" class="org.jboss.profileservice.cluster.repository. DefaultSynchronizationPolicy"> <property name="allowJoinAdditions"><null/></property> <property name="allowJoinReincarnations"><null/></property> <property name="allowJoinUpdates"><null/></property> <property name="allowJoinRemovals"><null/></property> <property name="allowMergeAdditions"><null/></property> <property name="allowMergeReincarnations"><null/></property> <property name="allowMergeUpdates"><null/></property> <property name="allowMergeRemovals"><null/></property> <property name="developerMode">false</property> <property name="removalTrackingTime">2592000000</property><!-- 30 days --> <property name="timestampService"><inject bean="TimestampDiscrepancyService"/></property> </bean>
- allow[Join|Merge][Additions|Reincarnations|Updates|Removals] define fixed responses to requests to allow additions, reincarnations, updates, or removals from joined or merged nodes.
- developerMode enables a lenient synchronization policy that allows all changes. Enabling developer mode is equivalent to setting each of the above properties to
true
and is intended for development environments. - removalTrackingTime defines the number of milliseconds for which this policy should remembered removed items, for use in detecting reincarnations.
- timestampService estimates and tracks discrepancies in system clocks for current and past members of the cluster. Default implementation is defined in
timestamps-jboss-beans.xml
.
Chapter 28. JGroups Services
- The JGroups project documentation at http://jgroups.org/ug.html
- The JGroups wiki pages at jboss.org, rooted at https://www.jboss.org/community/wiki/JGroups
28.1. Configuring a JGroups Channel's Protocol Stack

Figure 28.1. Protocol stack in JGroups
<JBOSS_HOME>/server/<PROFILE>/deploy/cluster/jgroups-channelfactory.sar/META-INF/jgroups-channelfactory-stacks.xml
file. This file is parsed by the ChannelFactory
service, which uses the contents to provide correctly configured channels to the clustered services that require them. See Section 21.1.1, “The Channel Factory Service” for more on the ChannelFactory
service.
jgroups-channelfactory-stacks.xml
:
<stack name="udp-async" description="Same as the default 'udp' stack above, except message bundling is enabled in the transport protocol (enable_bundling=true). Useful for services that make high-volume asynchronous RPCs (e.g. high volume JBoss Cache instances configured for REPL_ASYNC) where message bundling may improve performance."> <config> <UDP singleton_name="udp-async" mcast_port="${jboss.jgroups.udp_async.mcast_port:45689}" mcast_addr="${jboss.partition.udpGroup:228.11.11.11}" tos="8" ucast_recv_buf_size="20000000" ucast_send_buf_size="640000" mcast_recv_buf_size="25000000" mcast_send_buf_size="640000" loopback="true" discard_incompatible_packets="true" enable_bundling="true" max_bundle_size="64000" max_bundle_timeout="30" ip_ttl="${jgroups.udp.ip_ttl:2}" thread_naming_pattern="cl" timer.num_threads="12" enable_diagnostics="${jboss.jgroups.enable_diagnostics:true}" diagnostics_addr="${jboss.jgroups.diagnostics_addr:224.0.0.75}" diagnostics_port="${jboss.jgroups.diagnostics_port:7500}" thread_pool.enabled="true" thread_pool.min_threads="8" thread_pool.max_threads="200" thread_pool.keep_alive_time="5000" thread_pool.queue_enabled="true" thread_pool.queue_max_size="1000" thread_pool.rejection_policy="discard" oob_thread_pool.enabled="true" oob_thread_pool.min_threads="8" oob_thread_pool.max_threads="200" oob_thread_pool.keep_alive_time="1000" oob_thread_pool.queue_enabled="false" oob_thread_pool.rejection_policy="discard"/> <PING timeout="2000" num_initial_members="3"/> <MERGE2 max_interval="100000" min_interval="20000"/> <FD_SOCK/> <FD timeout="6000" max_tries="5" shun="true"/> <VERIFY_SUSPECT timeout="1500"/> <BARRIER/> <pbcast.NAKACK use_mcast_xmit="true" gc_lag="0" retransmit_timeout="300,600,1200,2400,4800" discard_delivered_msgs="true"/> <UNICAST timeout="300,600,1200,2400,3600"/> <pbcast.STABLE stability_delay="1000" desired_avg_gossip="50000" max_bytes="400000"/> <VIEW_SYNC avg_send_interval="10000"/> <pbcast.GMS print_local_addr="true" join_timeout="3000" shun="true" view_bundling="true" view_ack_collection_timeout="5000" resume_task_timeout="7500"/> <FC max_credits="2000000" min_threshold="0.10" ignore_synchronous_response="true"/> <FRAG2 frag_size="60000"/> <!-- pbcast.STREAMING_STATE_TRANSFER/ --> <pbcast.STATE_TRANSFER/> <pbcast.FLUSH timeout="0" start_flush_timeout="10000"/> </config> </stack>
<config>
element contains all the configuration data for JGroups. This information is used to configure a JGroups channel, which is conceptually similar to a socket, and manages communication between peers in a cluster. Each element within the <config>
element defines a particular JGroups protocol. Each protocol performs one function. The combination of these functions defines the characteristics of the channel as a whole. The next few sections describe common protocols and explain the options available to each.
28.1.1. Common Configuration Properties
stats
- indicates whether the protocol should gather runtime statistics on its operations. These statistics can be exposed via tools like the JMX Console or the JGroups Probe utility. What, if any, statistics are gathered depends on the protocol. Default istrue
.
Note
down_thread
and up_thread
attributes. The JGroups version included in JBoss Enterprise Application Platform 5 and later no longer uses those attributes, and a WARN
message will be written to the server log if they are configured for any protocol.
28.1.2. Transport Protocols
UDP
, TCP
and TUNNEL
as transport protocols.
Note
UDP
, TCP
, and TUNNEL
protocols are mutually exclusive. You can only have one transport protocol in each JGroups Config
element
28.1.2.1. UDP configuration
UDP
sub-element in the JGroups config
element. Here is an example.
<UDP singleton_name="udp-async" mcast_port="${jboss.jgroups.udp_async.mcast_port:45689}" mcast_addr="${jboss.partition.udpGroup:228.11.11.11}" tos="8" ucast_recv_buf_size="20000000" ucast_send_buf_size="640000" mcast_recv_buf_size="25000000" mcast_send_buf_size="640000" loopback="true" discard_incompatible_packets="true" enable_bundling="true" max_bundle_size="64000" max_bundle_timeout="30" ip_ttl="${jgroups.udp.ip_ttl:2}" thread_naming_pattern="cl" timer.num_threads="12" enable_diagnostics="${jboss.jgroups.enable_diagnostics:true}" diagnostics_addr="${jboss.jgroups.diagnostics_addr:224.0.0.75}" diagnostics_port="${jboss.jgroups.diagnostics_port:7500}" thread_pool.enabled="true" thread_pool.min_threads="8" thread_pool.max_threads="200" thread_pool.keep_alive_time="5000" thread_pool.queue_enabled="true" thread_pool.queue_max_size="1000" thread_pool.rejection_policy="discard" oob_thread_pool.enabled="true" oob_thread_pool.min_threads="8" oob_thread_pool.max_threads="200" oob_thread_pool.keep_alive_time="1000" oob_thread_pool.queue_enabled="false" oob_thread_pool.rejection_policy="discard"/>
UDP
protocol, followed by the attributes that are also used by the TCP
and TUNNEL
transport protocols.
UDP
protocol are:
- ip_mcast specifies whether or not to use IP multicasting. The default is
true
. If set tofalse
, multiple unicast packets will be sent instead of one multicast packet. Any packet sent viaUDP
protocol are UDP datagrams. - mcast_addr specifies the multicast address (class D) for communicating with the group (i.e., the cluster). The standard protocol stack configurations in JBoss Enterprise Application Platform use the value of system property
jboss.partition.udpGroup
, if set, as the value for this attribute. Using the-u
command line switch when starting JBoss Enterprise Application Platform sets that value. See Section 28.6.2, “Isolating JGroups Channels” for information about using this configuration attribute to ensure that JGroups channels are properly isolated from one another. If this attribute is omitted, the default value is228.11.11.11
. - mcast_port specifies the port to use for multicast communication with the group. See Section 28.6.2, “Isolating JGroups Channels” for how to use this configuration attribute to ensure JGroups channels are properly isolated from one another. If this attribute is omitted, the default is
45688
. mcast_send_buf_size
,mcast_recv_buf_size
,ucast_send_buf_size
anducast_recv_buf_size
define the socket send and receive buffer sizes that JGroups will request from the operating system. A large buffer size helps to ensure that packets are not dropped due to buffer overflow. However, socket buffer sizes are limited at the operating system level, so obtaining the desired buffer may require configuration at the operating system level. See Section 28.6.2.3, “Improving UDP Performance by Configuring OS UDP Buffer Limits” for further details.- bind_port specifies the port to which the unicast receive socket should be bound. The default is
0
; i.e. use an ephemeral port. - port_range specifies the number of ports to try if the port identified by
bind_port
is not available. The default is1
, which specifies that onlybind_port
will be tried. - ip_ttl specifies time-to-live (TTL) for IP Multicast packets. TTL is the commonly used term in multicast networking, but is actually something of a misnomer, since the value here refers to how many network hops a packet will be allowed to travel before networking equipment will drop it.
- tos specifies the traffic class for sending unicast and multicast datagrams.
TCP
or TUNNEL
, are:
- singleton_name provides a unique name for this transport protocol configuration. Used by the application server's
ChannelFactory
to support sharing of a transport protocol instance by different channels that use the same transport protocol configuration. See Section 21.1.2, “The JGroups Shared Transport”. - bind_addr specifies the interface on which to receive and send messages. By default, JGroups uses the value of system property
jgroups.bind_addr
. This can also be set with the-b
command line switch. See Section 28.6, “Other Configuration Issues” for more on binding JGroups sockets. - receive_on_all_interfaces specifies whether this node should listen on all interfaces for multicasts. The default is
false
. It overrides thebind_addr
property for receiving multicasts. However,bind_addr
(if set) is still used to send multicasts. - send_on_all_interfaces specifies whether this node sends UDP packets via all available network interface controllers, if your machine has multiple network interface controllers available. This means that the same multicast message is sent N times, so use with care.
- receive_interfaces specifies a list of interfaces on which to receive multicasts. The multicast receive socket will listen on all of these interfaces. This is a comma-separated list of IP addresses or interface names, for example,
192.168.5.1,eth1,127.0.0.1
. - send_interfaces specifies a list of interfaces via which to send multicasts. The multicast sender socket will send on all of these interfaces. This is a comma-separated list of IP addresses or interface names, for example,
192.168.5.1,eth1,127.0.0.1
.This means that the same multicast message is sent N times, so use with care.