Now that you’ve downloaded JBoss and have run the server for the first time, the next thing you will want to know is how the installation is laid out and what goes where. At first glance there seems to be a lot of stuff in there, and it’s not obvious what you need to look at and what you can safely ignore for the time being. To remedy that, we’ll explore the server directory structure, locations of the key configuration files, log files, deployment and so on. It’s worth familiarizing yourself with the layout at this stage as it will help you understand the JBoss service architecture so that you’ll be able to find your way around when it comes to deploying your own applications.
The binary distribution unpacks into a top-level jboss-4.0.4 directory. There are four sub-directories immediately below this:
bin: contains startup and shutdown and other system-specific scripts. We’ve already seen the run script which starts JBoss.
client: stores configuration and JAR files which may be needed by a Java client application or an external web container. You can select archives as required or use jbossall-client.jar.
docs: contains the XML DTDs used in JBoss for reference (these are also a useful source of documentation on JBoss configuration specifics). There are also example JCA (Java Connector Architecture) configuration files for setting up datasources for different databases (such as MySQL, Oracle, Postgres).
lib: JAR files which are needed to run the JBoss microkernel. You should never add any of your own JAR files here.
server: each of the subdirectories in here is a different server configuration. The configuration is selected by passing -c <config-name> to the run script. We’ll look at the standard server configurations next.
Fundamentally, the JBoss architecture consists of the JMX MBean server, the microkernel, and a set of pluggable component services, the MBeans. This makes it easy to assemble different configurations and gives you the flexibility to tailor them to meet your requirements. You don’t have to run a large, monolithic server all the time; you can remove the components you don’t need (which can also reduce the server startup time considerably) and you can also integrate additional services into JBoss by writing your own MBeans. You certainly don’t need to do this to be able to run standard J2EE applications though. Everything you need is already there. You don’t need a detailed understanding of JMX to use JBoss, but it’s worth keeping a picture of this basic architecture in mind as it is central to the way JBoss works.
Within the server directory, you will find one or more configuration directories depending on which installer packages you choose when installing. If you ran the installer, you will only have a default configuration (This is because you choose a specific configuration in the installer for a setup like EJB3, EJB3 Clustered or J2EE 1.4 Full) and so the default configuration has all the services for the specific configuration you choose. If you downloaded a binary or source version you will see that there are three server configurations: all, default and minimal, each of which provides a different set of services. Not surprisingly, the default configuration is the one used if you don’t specify another one when starting up the server, so that’s the one we were running in the previous chapter. The configurations are explained below.
minimal: The minimal configuration contains the bare minimum services required to start JBoss. It starts the logging service, a JNDI server and a URL deployment scanner to find new deployments. This is what you would use if you want to use JMX/JBoss to start your own services without any other J2EE technologies. This is just the bare server. There is no web container, no EJB or JMS support.
default: The default configuration consists of the standard services needed by most J2EE applications. It does not include the JAXR service, the IIOP service, or any of the clustering services.
all: The all configuration starts all the available services. This includes the RMI/IIOP and clustering services, which aren’t loaded in the default configuration.
You can add your own configurations too. The best way to do this is to copy an existing one that is closest to your needs and modify the contents. For example, if you weren’t interested in using messaging, you could copy the default directory, renaming it as myconfig, remove the jms subdirectory and then start JBoss with the new configuration.
run -c myconfig
The directory server configuration you’re using, is effectively the server root while JBoss is running. It contains all the code and configuration information for the services provided by the particular configuration. It’s where the log output goes, and it’s where you deploy your applications. Let’s take a look at the contents of the default server configuration directory. If you haven’t tried running the server yet, then do so now, as a few of the sub-directories are only created when JBoss starts for the first time.
conf: This directory contains the jboss-service.xml file which specifies the core services. Also used for additional configuration files for these services.
data: This directory holds persistent data for services intended to survive a server restart. Serveral JBoss services, such as the embedded Hypersonic database instance, store data there.
deploy: The deploy directory contains the hot-deployable services (those which can be added to or removed from the running server) and applications for the current server configuration. You deploy your application code by placing application packages (JAR, WAR and EAR files) in the deploy directory. The directory is constantly scanned for updates, and any modified components will be re-deployed automatically. We’ll look at deployment in more detail later.
lib: This directory contains JAR files needed by this server configuration. You can add required library files here for JDBC drivers etc.
log: This is where the log files are written. JBoss uses the Jakarta log4j package for logging and you can also use it directly in your own applications from within the server.
tmp: The tmp directory is used for temporary storage by JBoss services. The deployer, for example, expands application archives in this directory.
work: This directory is used by Tomcat for compilation of JSPs.
The data, log, tmp and work directories are created by JBoss and won’t exist until you’ve run the server at least once.
We’ve touched briefly on the issue of hot-deployment of services in JBoss so let’s have a look at a practical example of this before we go on to look at server configuration issues in more detail. Start JBoss if it isn’t already running and take a look in the deploy directory again (make sure you’re looking at the one in the default configuration directory). Remove the mail-service.xml file and watch the output from the server:
13:10:05,235 INFO [MailService] Mail service 'java:/Mail' removed from JNDI
Then replace the file and watch the JBoss re-install the service:
13:58:54,331 INFO [MailService] Mail Service bound to java:/Mail
It's hot-deployment in action.
Now that we’ve examined the layout of the JBoss server, we’ll take a look at some of the main configuration files and what they’re used for. All paths are relative to the server configuration directory (server/default, for example).
The core services specified in the conf/jboss-service.xml file are started first when the server starts up. If you have a look at this file in an editor you'll see MBeans for various services including logging, security, JNDI (and the JNDIView service that we saw earlier). Try commenting out the entry for the JNDIView service. Please note that because the mbeans definition had nested comments, we had to comment out the mbean in in two sections, leaving the original comment as it was.
<!-- Section 1 commented out <mbean code="org.jboss.naming.JNDIView" name="jboss:service=JNDIView" xmbean-dd="resource:xmdesc/JNDIView-xmbean.xml"> --> <!-- The HANamingService service name --> <!-- Section two commented out <attribute name="HANamingService">jboss:service=HAJNDI</attribute> </mbean> -->
If you then restart JBoss, you’ll see that the JNDIView service no longer appears in the JMX Management Console (JMX Console) listing. In practice, you should rarely, if ever, need to modify this file, though there is nothing to stop you adding extra MBean entries in here if you want to. The alternative is to use a separate file in the deploy directory, which allows your service to be hot deployable.
We mentioned already that log4j is used for logging. If you're not familiar with the log4j package and would like to use it in your applications, you can read more about it at the Jakarta web site. (http://jakarta.apache.org/log4j/) Logging is controlled from a central conf/log4j.xmlfile. This file defines a set of appenders, specifying the log files, what categories of messages should go there, the message format and the level of filtering. By default, JBoss produces output to both the console and a log file (server.log in the log directory).
There are 5 basic log levels used: DEBUG, INFO, WARN, ERROR and FATAL. The logging threshold on the console is INFO, which means that you will see informational messages, warning messages and error messages on the console but not general debug messages. In contrast, there is no threshold set for the server.log file, so all generated logging messages will be logged there. If things are going wrong and there doesn’t seem to be any useful information in the console, always check the log file to see if there are any debug messages which might help you track down the problem. However, be aware that just because the logging threshold allows debug messages to be displayed, that doesn't mean that all of JBoss will produce detailed debug information for the log file. You will also have to boost the logging limits set for individual categories. Take the following category for example.
<!-- Limit JBoss categories to INFO -->
<category name="org.jboss">
<priority value="INFO"/>
</category>
This limits the level of logging to INFO for all JBoss classes, apart from those which have more specific overrides provided. If you were to change this to DEBUG, it would produce much more detailed logging output.
As another example, let’s say you wanted to set the output from the container-managed persistence engine to DEBUG level and to redirect it to a separate file, cmp.log, in order to analyze the generated SQL commands. You would add the following code to the log4j.xml file:
<appender name="CMP" class="org.jboss.logging.appender.RollingFileAppender"> <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> <param name="File" value="${jboss.server.home.dir}/log/cmp.log"/> <param name="Append" value="false"/> <param name="MaxFileSize" value="500KB"/> <param name="MaxBackupIndex" value="1"/> <layout class="org.apache.log4j.PatternLayout"> <param name="ConversionPattern" value="%d %-5p [%c] %m%n"/> </layout> </appender> <category name="org.jboss.ejb.plugins.cmp"> <priority value="DEBUG" /> <appender-ref ref="CMP"/> </category>
This creates a new file appender and specifies that it should be used by the logger (or category) for the package org.jboss.ejb.plugins.cmp. This will be useful when we come to look at CMP (Chapter 7, Container-Managed Persistence).
The file appender is set up to produce a new log file every day rather than producing a new one every time you restart the server or writing to a single file indefinitely. The current log file is cmp.log. Older files have the date they were written added to the name. You will notice that the log directory also contains HTTP request logs which are produced by the web container.
The security domain information is stored in the file login-config.xml as a list of named security domains, each of which specifies a number of JAAS [3] login modules which are used for authentication purposes in that domain. When you want to use security in an application, you specify the name of the domain you want to use in the application’s JBoss-specific deployment descriptors, jboss.xml and/or jboss-web.xml. We'll quickly look at how to do this to secure the JMX Console application that ship with JBoss.
We saw the JMX Console briefly in Section 1.3, “The JMX Console”. Almost every aspect of the JBoss server can be controlled through the JMX Console, so it is important to make sure that, at the very least, the application is password protected. Otherwise, any remote user could completely control your server. To protect it, we will add a security domain to cover the application. [4] This can be done in the jboss-web.xml file for the JMX Console, which can be found in deploy/jmx-console.war/WEB-INF/ directory. Uncomment the security-domain in that file, as shown below.
<jboss-web> <security-domain>java:/jaas/jmx-console</security-domain> </jboss-web>
This links the security domain to the web application, but it doesn't tell the web application what security policy to enforce. What URLs are we trying to protect, and who is allowed to access them? To configure this, go to the web.xml file in the same directory and uncomment the security-constraint that is already there. This security constraint will require a valid user name and password for a user in the JBossAdmin group.
<!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console. --> <security-constraint> <web-resource-collection> <web-resource-name>HtmlAdaptor</web-resource-name> <description> An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application </description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>JBossAdmin</role-name> </auth-constraint> </security-constraint>
That's great, but where do the user names and passwords come from? They come from the jmx-console security domain we linked the application to. We've provided the configuration for this in the conf/login-config.xml.
<application-policy name="jmx-console"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties"> props/jmx-console-users.properties </module-option> <module-option name="rolesProperties"> props/jmx-console-roles.properties </module-option> </login-module> </authentication> </application-policy>
This configuration uses a simple file based security policy. The configuration files are found in the conf/props directory of your server configuration. The usernames and passwords are stored in jmx-console-users.properties in the directory and take the form "username=password". To assign a user to the JBossAdmin group add "username=JBossAdmin" to the jmx-console-roles.properties file. The existing file creates an admin user with the password admin. You'll want to remove that user or change the password to something stronger.
JBoss will re-deploy the JMX Console whenever you update its web.xml. You can check the server console to verify that JBoss has seen your changes. If you've configured everything correctly and re-deployed the application, the next time you try to access the JMX Console, JBoss will ask you for a name and password. [5]
The JMX Console isn't the only web based management interface to JBoss. There is also the Web Console. Although it's a Java applet, the corresponding web application can be secured in the same way as the JMX Console. The Web Console is in deploy/management/web-console.war. The only difference is that the Web Console is provided as a simple WAR file instead of using the exploded directory structure that the JMX Console did. The only real difference between the two is that editing the files inside the WAR file is a bit more cumbersome.
The non-core, hot-deployable services are added to the deploy directory. They can be either XML descriptor files, *-service.xml, or JBoss Service Archive (SAR) files. SARs contain both the XML descriptor and additional resources the service requires (e.g. classes, library JAR files or other archives), all packaged up a single archive.
Detailed information on all these services can be found in the JBoss 4 Application Server Guide, which also provides comprehensive information on server internals and the implementation of services such as JTA and the J2EE Connector Architecture (JCA).
JBoss now comes with Tomcat 5.5 as the default web container. The embedded Tomcat service is the expanded SAR jbossweb-tomcat55.sar in the deploy directory. All the necessary jar files needed by Tomcat can be found in there, as well as a web.xml file which provides a default configuration set for web applications. If you are already familiar with configuring Tomcat, have a look at the server.xml, which contains a subset of the standard Tomcat format configuration information. As it stands, this includes setting up the HTTP connector on the default port 8080, an AJP connector on port 8009 (can be used if you want to connect via a web server such as Apache) and an example of how to configure an SSL connector (commented out by default).
You shouldn’t need to modify any of this other than for advanced use. If you’ve used Tomcat before as a stand-alone server you should be aware that things are a bit different when using the embedded service. JBoss is in charge and you shouldn’t need to access the Tomcat directory at all. Web applications are deployed by putting them in the JBoss deploy directory and logging output from Tomcat can be found in the JBoss log directory.
[3] The Java Authentication and Authorization Service. JBoss uses JAAS to provide pluggable authentication modules. You can use the ones that are provided or write your own if have more specific requirements.
[4] If you had installed JBoss using Web Start and set the JMX Security up, then you will not have to uncomment the sections, because they are already uncommented. Additionally, the admin password will be set up to whatever you had specified.
[5] Since the username and password are session variables in the web browser you may need to shut down your browser and come back in to see the login dialog come back up.