Jboss Admin Tutorial: Web Application Administration

7. Web Application Administration

7.1. Web Technologies

../../static/bookshelf/common/images/web_application_technologies.png

CGI - Common Gateway Interface

  • CGI scripts executed in a separate process by the web server (e.g. Apache HTTPD)
  • Used since the early days because of its simplicity (minimal requirements). Still popular.
  • Language independent, but mostly used in conjunction with Perl and Python
  • Inefficient, as interpreters had to be reloaded and scripts re-parsed on every single request

Cold Fusion - ColdFusion Markup Language (CFML)

  • Developed and controlled by Macromedia
  • Easy to learn and powerful
  • Still widely used, although many shops are switching to other technologies

PHP - PHP Hypertext Preprocessor

  • Scripting language that runs within PHP-enabled web servers, like Apache
  • Very popular for developing smaller-scale web applications, especially in the open-source community
  • Easy to learn and powerful

ASP - Active Server Pages

  • Developed and controlled by Microsoft
  • Runs on Microsoft IIS web server
  • Dynamic content written in VBScript, JavaScript, VisualBasic, or C# (part of ASP.NET)

Servlet / JSP - JavaServer Pages

  • Developed through the Java Community Process (part of Java EE)
  • Based on Java: OO, rich library, powerful environment, platform independent, efficient (run in-memory), scalable
  • Easy to separate presentation from logic

7.2. CGI vs. Servlets/JSPs

../common/images/cgi_vs_servlet.png

Servlets/JSPs are executed in the same Java Virtual Machine process in separate threads. This leads to very optimized and efficient system utilization.

CGI scripts on the other hand also utilize the system, but very inefficiently. Many CPU cycles are spent on starting/scheduling new processes, re-loading the interpreter, and re-parsing the scripts. Sharing of data is achieved through some external system, like RDBMS, file system, or another process.

7.3. Tomcat Web Container

  • Apache Tomcat (6.x) is a free and open source Servlet (2.5) and JSP (2.1) Container
  • Embedded in JBoss AS as deploy/jbossweb.sar
  • JBoss AS configuration for Tomcat integration in each application are located in META-INF/jboss-web.xml

    • Default JAAS Security Domain
    • Class Loading and Sharing
    • Session Management and Caching
    • Clustering and Load Balancing (in all config)
<jboss-web>
  <security-domain>java:/jaas/simple-security-domain</security-domain>
</jboss-web>

7.4. Tomcat’s server.xml

  • Tomcat’s own configuration file: deploy/jbossweb.sar/server.xml
  • Configures

    • Connectors (HTTP, HTTPS, AJP)
    • Security Realms (Inherits from JBoss)
    • Logging (Tomcat Service)
    • Valves (Request/Response interceptors)
    • Virtual Hosts (Name-based)
    • Web application contexts (Per-app configuration)
<Server>
   <!-- Optional listener which ensures correct init and shutdown of APR,
        and provides information if it is not installed -->
   <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
   <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
   <Listener className="org.apache.catalina.core.JasperListener" />

   <Service name="jboss.web">
    <!-- A HTTP/1.1 Connector on port 8080 -->
    <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}"
      connectionTimeout="20000" redirectPort="8443" />
    ...
    <!-- A AJP 1.3 Connector on port 8009 -->
    <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"
      redirectPort="8443" />
    ...
    <Engine name="jboss.web" defaultHost="localhost">
      ...
      <Realm className="org.jboss.web.tomcat.security.JBossWebRealm"
        certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
        allRolesMode="authOnly"
      />
      ...
      <Host name="localhost">
        ...
        <Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"
          cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
          transactionManagerObjectName="jboss:service=TransactionManager" />
      </Host>
    </Engine>
  </Service>
</Server>

7.5. Tomcat’s web.xml

  • Default web descriptor for all web apps deployers/jbossweb.deployer/web.xml
  • Configures
  • Common Filters
  • Servlets for handling static content (DefaultServlet), JSPs, SSI, CGI scripts, invokers, etc.
  • Default session timeout
  • MIME Type mappings
  • Welcome file list: index.html, index.jsp, etc.
[Note]Note

While most of the settings in this file can be left as default, the JSP servlet has a number of options (http://tomcat.apache.org/tomcat-6.0-doc/jasper-howto.html) that we may wish to change before putting JBoss in production. These include: development, modificationTestInterval, checkInterval, classdebuginfo, suppressSmap, mappedfile, trimSpaces, and genStrAsCharArray.

[Note]Note

While the deployment descriptors are usually the responsibility of developers and application assemblers, this web.xml file is global to the entire web container and as such it is owned by the administrators.

7.6. Defining and Mapping Servlets

  • In WEB-INF/web.xml file:

    • Define a servlet with <servlet> where <servlet-name> points to a fully qualified <servlet-class>

      • Optionally initialize with <init-param>-s
      • Optionally <load-on-startup>
    • Map a defined servlet with <servlet-mapping> where <url-pattern> points to previously specified <servlet-name>

      • Map under multiple <url-pattern>-s if needed

        <servlet>
         <servlet-name>IPLoggerServlet</servlet-name>
         <servlet-class>example.servlet.IPLoggerServlet</servlet-class>
          <init-param>
           <param-name>file</param-name>
           <param-value>/WEB-INF/ip.log</param-value>
          </init-param>
          <load-on-startup>2</load-on-startup>
        </servlet>
        
        <servlet-mapping>
         <servlet-name>IPLoggerServlet</servlet-name>
         <url-pattern>/ip</url-pattern>
        </servlet-mapping>
        
        <servlet-mapping>
         <servlet-name>IPLoggerServlet</servlet-name>
         <url-pattern>/logmyip</url-pattern>
        </servlet-mapping>
[Note]Note

While web.xml files are now defined with schemas, prior to J2EE 1.4 they were defined with DTDs. These are often easier to read by humans:

<!ELEMENT servlet (icon?, servlet-name, display-name?, description?,(servlet-class|jsp-file), init-param*, load-on-startup?, run-as?, security-role-ref*)>
<!ELEMENT servlet-mapping (servlet-name, url-pattern)>

7.7. Defining and Mapping Filters

  • In WEB-INF/web.xml file:

    • Define a filter with <filter> where <filter-name> points to a fully qualified <filter-class>

      • Optionally initialize with <init-param>-s
    • Map a defined filter with <filter-mapping> where <url-pattern> points to previously specified <filter-name>

      • Map under multiple <url-pattern>-s if needed
      • Map with /* to apply to all requests

        <!ELEMENT filter (icon?, filter-name, display-name?, description?, filter-class, init-param*)>
        <filter>
          <filter-name>Logger</filter-name>
          <filter-class>example.servlet.AccessLogFilter</filter-class>
        </filter>
        
        <!ELEMENT filter-mapping (filter-name, (url-pattern | servlet-name))>
        <filter-mapping>
          <filter-name>Logger</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>

7.8. Session Configuration

  • Configure <session-timeout> in the <session-config> element
  • The value (in minutes) indicates how long the servlet container will maintain an idle session (in memory or on disk) before timing out
  • Value ⇐ 0 indicates that sessions never expire - unless destroyed explicitly (through users logouts)
  • Significant impact on server memory usage and end users dissatisfaction with time outs

    <session-config>
      <session-timeout>30</session-timeout>
    </session-config>

7.9. Welcome File List

  • Configured through <welcome-file-list> in WEB-INF/web.xml file
  • Defines the files to be served when an end-user makes a request for a directory on the server (e.g. http://host.com/dir/)
  • Defined globally, but can be overridden in individual applications (replaces global)
  • The first matched file is served
  • If no match is made, directory listing is returned, or (if disabled) an HTTP 404

    <!ELEMENT welcome-file-list (welcome-file+)>
    <welcome-file-list>
      <welcome-file>index.html</welcome-file>
      <welcome-file>index.htm</welcome-file>
      <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

7.10. Error Documents

  • Configured through web.xml's <error-page> elements
  • Define mapping between an <error-code> (or <exception-type>) and a <location> of the error document to be served on those errors
  • Exception-type is somewhat unreliable as Java EE app servers wrap exceptions

    <!ELEMENT error-page ((error-code | exception-type), location)>
    <error-page>
      <error-code>404</error-code>
      <location>/FileNotFoundError.html</location>
    </error-page>
    
    <error-page>
      <exception-type>
        java.lang.IllegalArgumentException
      </exception-type>
      <location>/IllegalInputError.html</location>
    </error-page>
    [Note]Note

    The <location> is relative to the root of the application and it must start with a slash (/) character.

[Note]Note

Browsers such as Microsoft’s Internet Explorer and Google’s Chrome do not show server error pages (instead they show friendly error pages) unless those pages are either styled (e.g. contain references to style sheets, images, etc.) or exceed 512 bytes

7.11. Serving Static Content

  • Tomcat serves static content via its DefaultServlet (configured in Tomcat’s web.xml file)

    • Any file under an application’s structure (but outside WEB-INF and META-INF directories) is considered static content
  • Application deploy/ROOT.war/ is considered special - it has no context path

    • Serves all content not served by any other application
  • Returns a HTTP 404 response if the requested static content does not exist
  • ROOT.war also provides support for http://localhost:8080/status servlet (see its WEB-INF/web.xml)
[Note]Note

For example, to share images across multiple applications, create a directory deploy/ROOT.war/images/ and place your images there. A request for http://localhost:8080/images/cool.png would be served from ROOT.war/images/cool.png

7.12. Virtual Hosting with Tomcat

  • Add hosts and aliases to server.xml:

    <Host name="myhost.com">
      <Alias>www.myhost.com</Alias>
    </Host>
  • Register applications for virtual hosts in their WEB-INF/jboss-web.xml files:

    <jboss-web>
      <context-root>/myapp</context-root>
      <virtual-host>myhost.com</virtual-host>
    </jboss-web>
  • Applications default to host specified by <Engine>'s defaultHost attribute

    server.xml

    <Server>
      <Service>
        <Connector .../>
        <Engine>
         <Host name="myhost.com">
           <Alias>www.myhost.com</Alias>
         </Host>
         <Host name="anotherhost.com"/>
        </Engine>
      </Service>
    </Server>

    myapp.war/WEB-INF/jboss-web.xml: 

    <jboss-web>
      <context-root>/myapp</context-root>
      <virtual-host>myhost.com</virtual-host>
    </jboss-web>

    ROOT-another.war/WEB-INF/jboss-web.xml: 

    <jboss-web>
      <context-root>/</context-root>
      <virtual-host>anotherhost.com</virtual-host>
    </jboss-web>

7.13. Web Access Logging

  • In server.xml define a <Valve> in

    • <Engine> - global for the entire server
    • <Host> - per virtual host
    • <Context> - per application

      • Store as WEB-INF/context.xml
  • Automatic rotation of logs (daily/hourly)
  • Supports customizable and standard patterns
  • Conditional logging

    <Valve className="org.apache.catalina.valves.AccessLogValve"
      prefix="localhost_access_log." suffix=".log"
      pattern="common" directory="${jboss.server.home.url}/log"
      resolveHosts="false" />

In addition to common and combined, pattern can also be set to a mix of:

  • %a - Remote IP address
  • %A - Local IP address
  • %b - Bytes sent, excluding HTTP headers, or - if zero
  • %B - Bytes sent, excluding HTTP headers
  • %h - Remote host name (or IP address if resolveHosts is false)
  • %H - Request protocol
  • %l - Remote logical username from identd (always returns -)
  • %m - Request method (GET, POST, etc.)
  • %p - Local port on which this request was received
  • %q - Query string (prepended with a ? if it exists)
  • %r - First line of the request (method and request URI)
  • %s - HTTP status code of the response
  • %S - User session ID
  • %t - Date and time, in Common Log Format
  • %u - Remote user that was authenticated (if any), else -
  • %U - Requested URL path
  • %v - Local server name
  • %D - Time taken to process the request, in millis
  • %T - Time taken to process the request, in seconds

See http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html

7.14. Lab: Tomcat

  • Define a HTTP 404 error handler for the ROOT.war web application and test it (You can find help here)

    • A simple 404.html error document could look like:

      <html>
        <head><title>File Not Found</title></head>
        <body>
          <h2>The file you requested has not been found</h2>
          <p><a href="http://google.com">Search for it?</a></p>
        </body>
      </html>
      [Note]Note

      Internet Explorer will not show the error document (it will use its own error page) if the content is smaller than 512 bytes. Either add more content to your error page or use a different browser, like Firefox.

  • Configure two virtual hosts

    • Use localhost and the name of your machine or
    • Invent new hostnames and add them to hosts file

      • The location of this file is dependent on the operating system:

        • /etc/hosts (on most UNIX-type operating systems)
        • C:\Windows\System32\drivers\etc\hosts (on Windows)
      • Alternatively, use vhost1.marakana.com and vhost2.marakana.com which simply point back to 127.0.0.1. In fact, www.vhost1.marakana.com and www.vhost2.marakana.com also point to the same loop-back address.
  • Deploy some static content and test that you get retrieve it through your browser
  • Set up web access logging

    • Separate for each host
    • Use a different pattern on each

Table of Contents

1. Overview of Java Enterprise Edition
1.1. What is Java EE?
1.2. Open and Standard-based
1.3. Multi-tier
1.4. Web-Enabled
1.5. Server Centric
1.6. Component-Based Distributed Architecture
1.7. Enterprise Applications
1.8. Java EE Contents
1.9. Java EE Services
2. Overview of JBoss Application Server
2.1. JBoss Organization
2.2. JBoss AS Background
2.3. Highlights of JBoss AS
2.4. What is new in JBoss AS 5?
2.5. JBoss AS Architecture
2.6. JBoss Microcontainer Layer
2.7. Services Layer
2.8. Aspect Layer
2.9. Application Layer
2.10. JBoss AS Services
2.11. JBoss AS Requirements
3. Installing JBoss AS
3.1. Getting and Installing Java
3.2. Configuring Java
3.3. Getting JBoss AS
3.4. Installing JBoss AS 5
4. JBoss Directory Structure
4.1. JBoss AS Directory Structure
4.2. The bin Directory
4.3. The client Directory
4.4. The common directory
4.5. The docs Directory
4.6. The lib Directory
4.7. The server Directory
4.8. The server Configuration Sets
4.9. The default/conf Directory
4.10. The default/data Directory
4.11. The default/deploy Directory
4.12. The default/deployers Directory
4.13. The default/lib Directory
4.14. The default/log Directory
4.15. The default/tmp Directory
4.16. The default/work Directory
5. Controlling the Life-Cycle of JBoss AS
5.1. Starting JBoss AS
5.2. Verifying JBoss AS Startup
5.3. Stopping JBoss AS
5.4. Starting From a Remote Server
6. Deployments on JBoss
6.1. Java EE Deployment Lifecycle
6.2. Deployment Descriptors
6.3. Deployment on JBoss AS
6.4. Deployers on JBoss AS
6.5. Deployment Dependencies
6.6. Hot vs. Cold Deployment
6.7. Bootstrapping JBoss
6.8. Lab: Deployment
7. Web Application Administration
7.1. Web Technologies
7.2. CGI vs. Servlets/JSPs
7.3. Tomcat Web Container
7.4. Tomcat’s server.xml
7.5. Tomcat’s web.xml
7.6. Defining and Mapping Servlets
7.7. Defining and Mapping Filters
7.8. Session Configuration
7.9. Welcome File List
7.10. Error Documents
7.11. Serving Static Content
7.12. Virtual Hosting with Tomcat
7.13. Web Access Logging
7.14. Lab: Tomcat
8. JNDI Administration
8.1. Java Naming and Directory Interface
8.2. JNDI in Java EE
8.3. JNDI on JBoss
8.4. Lab: JNDI View
9. Javamail Administration
9.1. What is JavaMail?
9.2. Configuring JavaMail Service
9.3. Lab: Mail
10. JMS Administration
10.1. JMS Overview
10.2. JMS in Java EE
10.3. When is JMS Used
10.4. JMS Architecture
10.5. JMS Messaging Domains
10.6. JMS Message Consumption
10.7. JMS on JBoss Configuration
10.8. Configure JMS connection factories
10.9. Configure JMS destinations
10.10. Advanded JBoss Messaging
10.11. JBoss Messaging bridge
10.12. Persistence service configuration
10.13. Lab: JMS
11. Enterprise Java Beans Administration
11.1. Introduction to EJB 3.0
11.2. EJB 3.0 Components
11.3. EJB Container
11.4. Benefits of EJB Technology
11.5. Drawbacks of EJBs
11.6. Session Beans
11.7. Interceptors
11.8. Entity Beans
11.9. Message-Driven Bean
11.10. Session Beans Client Interfaces
11.11. Stateless Session Beans Life Cycle
11.12. Stateful Session Beans Life Cycle
11.13. Message-Driven Beans Life Cycle
11.14. Configuring the EJB container
11.15. Stateful Session Bean Configuration
11.16. Lab: Stateless Session Bean
12. Web Services and JBoss
12.1. Web Services Overview
12.2. Service Oriented Architecture
12.3. Web Services With JAX-WS
12.4. Web Services on JBoss
12.5. JBoss Web Services Tools
12.6. Lab: Web Services
13. JMX Administration
13.1. What is JMX?
13.2. Why JMX?
13.3. JMX Architecture
13.4. JMX on JBoss AS
13.5. JMX Console
13.6. Web Console
13.7. Twiddle Tool
13.8. JBoss AS Administration Console
13.9. Lab: JMX Print Service
13.10. JBoss Monitoring
13.11. Snapshot and Web Console
13.12. Monitoring with JConsole
13.13. Scheduling on JBoss
13.14. Lab: Monitoring
14. Class Loading on JBoss
14.1. Class Namespace Isolation
14.2. Java Class Runtime Identity
14.3. Class Loading in Java EE
14.4. Class Loading On JBoss
14.5. The Class Loader
14.6. Default Class Search Order
14.7. Scoping Classes
14.8. Scoped Class Search Order
14.9. App-specific Log4J Config
14.10. Problems With Class Loading
14.11. Lab: Class Loading
15. Database Integration on JBoss
15.1. Steps Involved
15.2. Resource Requirement
15.3. Install JDBC Drivers
15.4. Define a RDBMS DBCP Resource
15.5. Map our Resource
15.6. Using our DataSource (RDBMS DBCP)
15.7. Hypersonic Database
15.8. Detecting Connection Leaks
15.9. Lab: Database Connectivity
16. Security on JBoss
16.1. Securing Applications
16.2. Filtering Clients by Source
16.3. Authentication & Authorization
16.4. Requiring A&A
16.5. Plain-Text Login Module
16.6. Database Login Module
16.7. FORM-based Login
16.8. Configuring JBoss AS for SSL
16.9. Creating SSL Certificates
16.10. Configure SSL Connector
16.11. Testing SSL Configuration
16.12. Requiring SSL in Apps
16.13. Lab: Application Security
16.14. Securing JMS destinations
16.15. Securing JBoss AS
16.16. JBoss AS System User
16.17. File System Security
16.18. Securing JMX Invoker
16.19. Securing JBoss Applications
16.20. Securing Hypersonic DB
16.21. Java Security Manager
16.22. Running Behind a Firewall
16.23. Lab: JBoss Security
17. Tuning JBoss
17.1. JVM Tuning
17.2. Tomcat Tuning
17.3. RMI Tuning
17.4. Log4J Tuning
17.5. Tuning Other Services
17.6. JMS Tuning
17.7. Slimming JBoss
18. High Availability and Scalability on JBoss
18.1. Requirements
18.2. Clustering: General understanding
18.3. Clustering and JBoss
18.4. Simple Web Architecture
18.5. External Load Balancer Architecture
18.6. Smart Proxy Architecture
18.7. General configuration for the following examples
18.8. Fronting with a Web Server
18.9. Fronting with Apache HTTPD
18.10. Installing mod_jk
18.11. Configuring mod_jk
18.12. Simple Load Balancing
18.13. Enabling Sticky Sessions
18.14. Clustered Session Replication
18.15. Clustering Single Sign-On
18.16. Clustering with HA-JNDI
18.17. HA-JNDI Client Configuration
18.18. Clustering with HA-JMS
18.19. Clustering with Stateless Session Beans
18.20. Clustering with Stateful Session Beans
18.21. Lab: Clustering