[jboss-as7-dev] Remoting issues

Kabir Khan kabir.khan at jboss.com
Mon Sep 26 16:11:57 EDT 2011 

On 26 Sep 2011, at 19:19, David M. Lloyd wrote:

> Inline:
> 
> On 09/26/2011 09:38 AM, Kabir Khan wrote:
>> From chat discussions I am doing the following for servers, in the order below:
>> 
>> 1) Using 2 separate endpoints for our current configuration, i.e.
>> <management>
>>     <management-interfaces>
>>        <native-interface interface="management" port="9999" />
>>     </management-interfaces>
>> </management>
>> gives a 'management' endpoint. If there a remoting subsystem exists, that results in a 'subsystem' endpoint.
> 
> Endpoints should have names which are as unique as possible.  Perhaps 
> "${jboss.node.name}:management" for the management endpoint is a better 
> option, or make it configurable.
Yeah, that's what I am doing
> 
>> 2) Ability to choose the subsystem endpoint for management.
>> Something along the lines of this for a domain mode server which needs an endpoint to connect back to the HC:
>> <server-group>
>>     <subsystem-management-endpoint/>
>> </server-group>
>> This will cause it to use the remoting subsystem endpoint, absense of this will create the management endpoint.
> 
> This is a possible solution though like I said the endpoint name is 
Do you see there being more than two endpoints? At the moment, I'm working on the assumption that there are 2:
-'management' - Installed only if the existing config is used
-'subsystem' - Installed on creation of the remoting subsystem.
These names are created behind the scenes, I'm not sure I see any value in allowing more than 2 endpoints?

> significant.  Also one hopes that the user would be given the option to 
> register management with more than one endpoint?
Sure, I can do that.


> 
>> For a standalone server:
>> <management>
>>     <management-interfaces>
>>        <native-remoting connector="some-remoting-connector" />
>>     </management-interfaces>
>> </management>
>> This will not open the management endpoint but use the subsystem one instead. This needs a little bit more thinking to install the correct channel open listener into the connector
>> 
>> 3) Better configuration of connectors and channel open listeners in the remoting subsystem
>> 4) Meet with Darran later this week to understand the security stuff a bit better
> 
> Normally the services (channel open listeners) are configured by those 
> who register them,

At the moment this is kind of hardcoded into the remoting protocol but (I think) I get your idea. Remoting is only concerned with registering connectors, consumers such as managent, ejb, jndi etc. create the channel open listeners. From my POV that actually simplifies things a bit

> though ultimately if we (for example) want to add 
> some additional authorization checks at this level then it would make 
> more sense to do this globally.  Let's make sure that we're not 
> duplicating security or connector configuration between the management 
> endpoint and the subsystem one.
> 
> -- 
> - DML
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev

More information about the jboss-as7-dev mailing list