[wildfly-dev] access to mgmt api/services

Bill Burke bburke at redhat.com
Mon Jan 27 18:15:26 EST 2014 


On 1/27/2014 6:02 PM, Jason Greene wrote:
>
> On Jan 27, 2014, at 4:40 PM, John Mazzitelli <mazz at redhat.com> wrote:
>
>>> Is there an example somewhere of getting access to the mgmt api from a
>>> deployed servlet app? I'd like to be able to manage subsystem
>>> configuration and store it (within standalone.xml or whatever).
>>
>> You can take a look at RHQ's DMR client library. It was written to be a generic DMR client to access the mgmt API.
>>
>> https://git.fedorahosted.org/cgit/rhq/rhq.git/tree/modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller
>>
>> Obtain a ModelControllerClient "somehow" (see MCCHelper, for example) and pass it to the constructor for the different types of clients (DatasourceJBossASClient, CoreJBossASClient, SecurityDomainJBossASClient, etc, etc)
>>
>> Then there is my blog from 2012 that talks about getting a co-located ModelControllerClient that may be of help:
>>
>> http://management-platform.blogspot.com/2012/07/co-located-management-client-for.html
>>
>> Anyway, the code in those places can serve as examples that you are asking for. We do use these from within servlets and EJBs running in EAP 6.
>
> There are some caveats to this though:
>
> 1. You can’t make a management call during the call patch of deployment (servlet initializers etc), since deployment itself is part of a management call, and thus you will deadlock trying to start a parallel modification (until the op triggering the deployment times out). A runtime thread is fine though.
>
> 2. You won’t get responses on things which impact your deployment or the servlet container (e.g. redeploying yourself or downing the container)
>
> 3. Role based access control is defeated, all management ops will appear to come from the container itself.
>
> 4. Due to 3 if someone is running WildFly under a security manager you will need permissions
>

This is for bootstrap purposes for getting a Wildfly instance to join a 
Keycloak federation.  I want the Keycloak server to be able to send 
realm configuration information to a Wildfly instance (over HTTP(S)) 
that is joining the federation and have that instance store this 
information within a subsystem.  So, it is a one off service that 
happens after boot and may even be disabled afterwards.


-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the wildfly-dev mailing list