Re: [wildfly-dev] access to mgmt api/services

On 1/27/2014 6:02 PM, Jason Greene wrote: > > On Jan 27, 2014, at 4:40 PM, John Mazzitelli <mazz(a)redhat.com&gt; wrote: > >>> Is there an example somewhere of getting access to the mgmt api from a >>> deployed servlet app? I'd like to be able to manage subsystem >>> configuration and store it (within standalone.xml or whatever). >> >> You can take a look at RHQ's DMR client library. It was written to be a generic DMR client to access the mgmt API. >> >> https://git.fedorahosted.org/cgit/rhq/rhq.git/tree/modules/common/jboss-a... >> >> Obtain a ModelControllerClient "somehow" (see MCCHelper, for example) and pass it to the constructor for the different types of clients (DatasourceJBossASClient, CoreJBossASClient, SecurityDomainJBossASClient, etc, etc) >> >> Then there is my blog from 2012 that talks about getting a co-located ModelControllerClient that may be of help: >> >> http://management-platform.blogspot.com/2012/07/co-located-management-cli... >> >> Anyway, the code in those places can serve as examples that you are asking for. We do use these from within servlets and EJBs running in EAP 6. > > There are some caveats to this though: > > 1. You can’t make a management call during the call patch of deployment (servlet initializers etc), since deployment itself is part of a management call, and thus you will deadlock trying to start a parallel modification (until the op triggering the deployment times out). A runtime thread is fine though. > > 2. You won’t get responses on things which impact your deployment or the servlet container (e.g. redeploying yourself or downing the container) > > 3. Role based access control is defeated, all management ops will appear to come from the container itself. > > 4. Due to 3 if someone is running WildFly under a security manager you will need permissions > This is for bootstrap purposes for getting a Wildfly instance to join a Keycloak federation. I want the Keycloak server to be able to send realm configuration information to a Wildfly instance (over HTTP(S)) that is joining the federation and have that instance store this information within a subsystem. So, it is a one off service that happens after boot and may even be disabled afterwards.