TomEE and its SSH connector


TomEE is a simple but great container.

Recently was added a SSH connector to be able to get container information easily.

The proposed module uses JAAS for the authentication.

This article proposes you to install the ssh connector and to see what it can do to ease your work.

Note: this article is done with the snapshot of TomEE

Configure JAAS

First let’s configure JAAS.

We need to create a file in <tomee>/conf/login.config.

Then add to your tomee opts (CATALINA_OPTS) the system property:

-Djava.security.auth.login.config=$CATALINA_BASE/conf/login.config

Note:the used path should be an absolute path

Now we need to configure TomEE/Tomcat to use JAAS Realm. It can be done in the server.xml of TomEE (conf folder):

<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.tomee.catalina.ServerListener" />
  <Listener className="org.apache.catalina.security.SecurityListener" />

  <Service name="Catalina">
    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    <Engine name="Catalina" defaultHost="localhost">
      <!-- here is the magic -->
      <Realm className="org.apache.catalina.realm.JAASRealm" appName="PropertiesLoginModule"
          userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
          roleClassNames="org.apache.openejb.core.security.AbstractSecurityService$Group">
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true" />
    </Engine>
  </Service>
</Server>

Now simply configure this module (properties login module) in loging.config:

PropertiesLoginModule {
    org.apache.openejb.core.security.jaas.PropertiesLoginModule required
    Debug=false
    UsersFile="users.properties"
    GroupsFile="groups.properties";
};

This login module simply takes the the users in the file <tomee>/conf/users.properties and the groups in <tomee>/conf/groups.properties.
The user file contains the list of users as keys and their password as values. The group file container the list of group names as key and the list of users in this group as values.

Sample users.properties:

rmannibucau=secret
romain=password

Sample groups.properties:

admin=rmannibucau
writers=rmannibucau,romain

Add SSH connector

To add SSH features extract openejb-ssh.zip in tomee libs. It can be done manually downloading openejb-ssh zip in apache repository (openejb-ssh) or automatically adding a file <tomee>/conf/provisioning.properties containing the line:

zip=http://.../
destination=lib

For instance:

zip=https://repository.apache.org/content/repositories/snapshots/org/apache/openejb/openejb-ssh/4.0.0-beta-3-SNAPSHOT/openejb-ssh-4.0.0-beta-3-20120509.112538-134.zip
destination=lib

Note: the link can change depending on version, nexus updates.

Once TomEE started/restarted you should normally be able to connect to the container on port 4222 by default (see <tomee>/conf/conf.d/ssh.properties to customize it).

ssh <user>@localhost -p 4222

Providing your password you should access the command line prompt:

To get available commands simply type “help”:

So now you can deploy/undeploy applications from ssh, call some mbean, list jar/paths in classloaders, invoke ejb/cdi bean using scripting (by default only javascript is registered since it is in the vm but adding groovy-all jar or any implementation of the JSR 223 supporting the multithreading  you can use some other language).

Here some screenshots:

Another blog post about commands will come soon.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s