[wildfly-dev] access to mgmt api/services

Brian Stansberry brian.stansberry at redhat.com
Mon Jan 27 19:59:47 EST 2014 

On 1/27/14, 5:15 PM, Bill Burke wrote:
>
>
> On 1/27/2014 6:02 PM, Jason Greene wrote:
>>
>> On Jan 27, 2014, at 4:40 PM, John Mazzitelli <mazz at redhat.com> wrote:
>>
>>>> Is there an example somewhere of getting access to the mgmt api from a
>>>> deployed servlet app? I'd like to be able to manage subsystem
>>>> configuration and store it (within standalone.xml or whatever).
>>>
>>> You can take a look at RHQ's DMR client library. It was written to be a generic DMR client to access the mgmt API.
>>>
>>> https://git.fedorahosted.org/cgit/rhq/rhq.git/tree/modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller
>>>
>>> Obtain a ModelControllerClient "somehow" (see MCCHelper, for example) and pass it to the constructor for the different types of clients (DatasourceJBossASClient, CoreJBossASClient, SecurityDomainJBossASClient, etc, etc)
>>>
>>> Then there is my blog from 2012 that talks about getting a co-located ModelControllerClient that may be of help:
>>>
>>> http://management-platform.blogspot.com/2012/07/co-located-management-client-for.html
>>>
>>> Anyway, the code in those places can serve as examples that you are asking for. We do use these from within servlets and EJBs running in EAP 6.
>>
>> There are some caveats to this though:
>>
>> 1. You can’t make a management call during the call patch of deployment (servlet initializers etc), since deployment itself is part of a management call, and thus you will deadlock trying to start a parallel modification (until the op triggering the deployment times out). A runtime thread is fine though.
>>
>> 2. You won’t get responses on things which impact your deployment or the servlet container (e.g. redeploying yourself or downing the container)
>>
>> 3. Role based access control is defeated, all management ops will appear to come from the container itself.
>>
>> 4. Due to 3 if someone is running WildFly under a security manager you will need permissions
>>
>
> This is for bootstrap purposes for getting a Wildfly instance to join a
> Keycloak federation.  I want the Keycloak server to be able to send
> realm configuration information to a Wildfly instance (over HTTP(S))
> that is joining the federation and have that instance store this
> information within a subsystem.  So, it is a one off service that
> happens after boot and may even be disabled afterwards.
>
>

This can't be done using the HTTP management interface?

-- 
Brian Stansberry
Senior Principal Software Engineer
JBoss by Red Hat

More information about the wildfly-dev mailing list