The HTML Adaptor that is currently provided with JBoss is a closed-source product from Sun ( com.sun.jdmk.comm.HtmlAdaptorServer ). The default settings of the JBoss distributions start the HTML Adaptor when the server starts.
I am currently working on an open source version of an HTML adaptor using Jetty and the Tapestry framework. Enhancements include custom security modules, and possible the introduction of roles based access to certain management methods. I am trying to gauge interest in such a thin at the moment. I have a fairly complete proof of concept, and would like to open it up soon.
Please post it, Jim. I would love to tinker with it, even if it is not entirely complete.
On the Roles implementation.
We will shortly be adding this to JBossMX as
optional config, so the security will work regardless of
how the MBean is accessed.
When this is done, I think all you will need to do
is provide a login for your tool. I wish I new
more about security, I could probably explain it
better then ;-)
I am curious as to how this would work. How do you identify yourself to the JMX server? I see no way to do this with the normal JMX API. Is it going to be bound with some JBoss security mechanism? If so, won't that limit the use of JBossMX to using JBoss?
Currently, my concept goes something like this. I have an MBean which starts up Jetty and loads a web application that handles the HTML adaptor. I plan on using Jetty's security mechanisms(configurable of course). I will in no way be tied to the JBoss security models, because I want this to run in other containers as well.
Wouldn't you use JAAS for this? A standard API to authenticate against JBoss security domains? JBoss already uses JAAS.
My initial thoughts were to use the built in mechanisms of Jetty to do the authentication. Jetty will itself be deployed as an MBean into the server. Once I have authenticated to the server, all interactions with other MBeans is done through the standard JMX API. I guess I would have to authenticate after that into the JAAS?
JBossMX will allow interceptors between the
MBeanServer the MBean. These are pluggable and optional.
One example is a SecurityInterceptor.
You implement whatever Security model in your own
For JBossServer, the Security Interceptor will use jbosssx and the thread local SecurityAssociation.
If you make an invalid access you will get a
SecurityException wrapped in a RuntimeMBeanException,
the invocation never gets to the MBean.
This will work regardless of where the MBean is invoked
from. It is the responsibility of whatever invokes
the MBeanServer to make sure the security has been
I believe JMX1.5 will standardise this across all
On an unrelated point, the term Adaptor has been
dropped. It is now called a Connector.
you think your html adaptor support ssl too, like the html adaptor in the mx4j package from Simone?
I dont want to stress, but what's meaning shorly? Some weeks or months? ;)
Thank you very much for your work!
The JBossMX HTML connector is probably some way off.
There are two projects I know that are producing
an HTML connector that runs in a Web Container.
SSL support is then trivial.
The JBossMX HTML connector will need to run without any
support from Jetty/Tomcat for embedded applications.
It will have less functionality than a connector
that can use JSP or servlets, but it will support
pluggable sockets one of which can be SSL.
Can you post which projects are producing HTML connectors? I don't want to necessarily duplicate efforts if mine won't offer more features.
I made significant porgress tonight with the JMX Connector. I now have full functionality for method invocation and attribute manipulation. I support the following data types: String, int, double, float, long, char, boolean, and Date(and their Object counterparts). I do simple date validation to accept the date.
I still need to perform better exception handling, and simple validation on the fields. Right now, I simply return you gracefully back to where you came. Once I take care of those things, I will make a release out to SourceForge.