[wildfly-dev] access to mgmt api/services
Bill Burke
bburke at redhat.com
Mon Jan 27 21:48:01 EST 2014
On 1/27/2014 7:59 PM, Brian Stansberry wrote:
> On 1/27/14, 5:15 PM, Bill Burke wrote:
>>
>>
>> On 1/27/2014 6:02 PM, Jason Greene wrote:
>>>
>>> On Jan 27, 2014, at 4:40 PM, John Mazzitelli <mazz at redhat.com> wrote:
>>>
>>>>> Is there an example somewhere of getting access to the mgmt api from a
>>>>> deployed servlet app? I'd like to be able to manage subsystem
>>>>> configuration and store it (within standalone.xml or whatever).
>>>>
>>>> You can take a look at RHQ's DMR client library. It was written to be a generic DMR client to access the mgmt API.
>>>>
>>>> https://git.fedorahosted.org/cgit/rhq/rhq.git/tree/modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller
>>>>
>>>> Obtain a ModelControllerClient "somehow" (see MCCHelper, for example) and pass it to the constructor for the different types of clients (DatasourceJBossASClient, CoreJBossASClient, SecurityDomainJBossASClient, etc, etc)
>>>>
>>>> Then there is my blog from 2012 that talks about getting a co-located ModelControllerClient that may be of help:
>>>>
>>>> http://management-platform.blogspot.com/2012/07/co-located-management-client-for.html
>>>>
>>>> Anyway, the code in those places can serve as examples that you are asking for. We do use these from within servlets and EJBs running in EAP 6.
>>>
>>> There are some caveats to this though:
>>>
>>> 1. You can’t make a management call during the call patch of deployment (servlet initializers etc), since deployment itself is part of a management call, and thus you will deadlock trying to start a parallel modification (until the op triggering the deployment times out). A runtime thread is fine though.
>>>
>>> 2. You won’t get responses on things which impact your deployment or the servlet container (e.g. redeploying yourself or downing the container)
>>>
>>> 3. Role based access control is defeated, all management ops will appear to come from the container itself.
>>>
>>> 4. Due to 3 if someone is running WildFly under a security manager you will need permissions
>>>
>>
>> This is for bootstrap purposes for getting a Wildfly instance to join a
>> Keycloak federation. I want the Keycloak server to be able to send
>> realm configuration information to a Wildfly instance (over HTTP(S))
>> that is joining the federation and have that instance store this
>> information within a subsystem. So, it is a one off service that
>> happens after boot and may even be disabled afterwards.
>>
>>
>
> This can't be done using the HTTP management interface?
>
After thinking a bit, I guess it could just use the HTTP mgmt intf.
Thanks for your patience helping me work this out.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the wildfly-dev
mailing list