TomEE and its SSH connector

TomEE is a simple but great container.

Recently was added a SSH connector to be able to get container information easily.

The proposed module uses JAAS for the authentication.

This article proposes you to install the ssh connector and to see what it can do to ease your work.

Note: this article is done with the snapshot of TomEE

Configure JAAS

First let’s configure JAAS.

We need to create a file in <tomee>/conf/login.config.

Then add to your tomee opts (CATALINA_OPTS) the system property:$CATALINA_BASE/conf/login.config

Note:the used path should be an absolute path

Now we need to configure TomEE/Tomcat to use JAAS Realm. It can be done in the server.xml of TomEE (conf folder):

<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.tomee.catalina.ServerListener" />
  <Listener className="" />

  <Service name="Catalina">
    <Connector port="8080" protocol="HTTP/1.1"
               redirectPort="8443" />
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    <Engine name="Catalina" defaultHost="localhost">
      <!-- here is the magic -->
      <Realm className="org.apache.catalina.realm.JAASRealm" appName="PropertiesLoginModule"

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true" />

Now simply configure this module (properties login module) in loging.config:

PropertiesLoginModule { required

This login module simply takes the the users in the file <tomee>/conf/ and the groups in <tomee>/conf/
The user file contains the list of users as keys and their password as values. The group file container the list of group names as key and the list of users in this group as values.





Add SSH connector

To add SSH features extract in tomee libs. It can be done manually downloading openejb-ssh zip in apache repository (openejb-ssh) or automatically adding a file <tomee>/conf/ containing the line:


For instance:


Note: the link can change depending on version, nexus updates.

Once TomEE started/restarted you should normally be able to connect to the container on port 4222 by default (see <tomee>/conf/conf.d/ to customize it).

ssh <user>@localhost -p 4222

Providing your password you should access the command line prompt:

To get available commands simply type “help”:

So now you can deploy/undeploy applications from ssh, call some mbean, list jar/paths in classloaders, invoke ejb/cdi bean using scripting (by default only javascript is registered since it is in the vm but adding groovy-all jar or any implementation of the JSR 223 supporting the multithreading  you can use some other language).

Here some screenshots:

Another blog post about commands will come soon.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s