Well, I think I've found where __asadmin is being added to the hosts
list. I modified the code here as I did in GlassFishGrizzlyListener.
Where the latter change had no effect, though, this change prevented the
Console and REST interfaces (and possibly ASAdmin itself) from working
at all. I'm afraid I'm a bit out of my depth in these APIs. Any hints
you can offer would be much appreciated. :)
On 04/05/2013 10:02 AM, Tom Mueller wrote:
> On 4/5/13 9:23 AM, Jason Lee wrote:
>> I've attached a diff of what I've done so far. In a nutshell, what
>> I'm attempting to do is determine if 'hosts' has been set for the
>> virtual server. If so, I add those to the mapper, using the first
>> host as the default host name, and any others as the alias (this
>> needs some work, I think, to make sure it doesn't fail if only one
>> host is defined, but that'll come once I get things working. :)
>>
>> Over in ContainerMapper.service(), I compare the request's server
>> name with those configured for the VS. If one is found, the request
>> is serviced. If not, 404 is set on the response. For those most
>> part, this seems to work. Requests to test1:4848 work, and those to
>> test2:4848 fails, as expected. However, requests to localhost:4848
>> fail, as localhost doesn't seem to be added to the mapper, despite
>> watching it done in the debugger. As I loop through the hosts in
>> service(), I see 'test1', and '__asadmin', rather than 'test1' and
>> 'localhost', but I can't find where __asadmin is added to the hosts
>> list.
> The name of the virtual server is being used as a hostname. At
> ContainerMapper.java line 137:
>
> mapper.addHost(defaultHostName, new String[]{}, null);
>
> Here, defaultHostName is actually the name of a virtual server
> ("__asadmin") not a host name.
>
> Tom
>
>>
>> Any hints on where to look?
>>
>> On 04/04/2013 01:23 PM, Tom Mueller wrote:
>>> Thanks for working on this.
>>>
>>> I'd like to see this solution apply for everything accessed through
>>> the __asasdmin virtual server, i.e., console, ReST interface and
>>> CLI. So hopefully this can be done at the ContainerMapper level
>>> rather than the AdminConsoleAdapter level.
>>>
>>> Tom
>>>
>>> On 4/4/13 1:20 PM, Jason Lee wrote:
>>>> It looks like ContainerMapper and GlassFishNetworkListener are both
>>>> involved, but I'm not entirely sure what's going. In
>>>> ContainerMapper.service(), the system gets a MappingData object
>>>> from...somewhere. That seems to hold the AdminConsoleAdapter
>>>> reference, which it then calls. It might be possible to restrict
>>>> access here based on the host name, but, to be honest, I don't know
>>>> these classes well enough. If I can get a list of the configured
>>>> hosts, if any, in the console Adapter, I think I can easily do the
>>>> right thing, but I'm still not sure how to get that information. I
>>>> don't often work at this level with the APIs, so it's slow going,
>>>> but I'll get there.
>>>>
>>>> On 04/04/2013 09:29 AM, Tom Mueller wrote:
>>>>> On 4/3/13 5:10 PM, Jason Lee wrote:
>>>>>> If I understand things correctly, I need to get the hosts property of
>>>>>> the __asadmin virtual-server. If it is set, then compare that to the
>>>>>> host on the Request object. If they don't match, reject the request with
>>>>>> a 404. Does that sound right?
>>>>> Yes. However, I don't know how much of this Grizzly does vs. how
>>>>> much the adapter code has to do. It may be enough to somehow
>>>>> configure the grizzly connection with the host names. It would be
>>>>> helpful to know what the web container does here.
>>>>>
>>>>> The ContainerMapper class uses a grizzly Mapper object, and line
>>>>> 137 does:
>>>>>
>>>>> mapper.addHost(defaultHostName, new String[]{}, null);*
>>>>> *
>>>>> This might have something to do with the host mapping.
>>>>>
>>>>> The ContainerMapper.setDefaultHost method is where the
>>>>> defaultHostName value is set. This is called by
>>>>> GlassFishNetworkListener.configureHttpProtocol, which passes it
>>>>> the value from Http.getDefaultVirtualServer, which for the
>>>>> admin-listener protocol is going to be "__asadmin", which is very
>>>>> strange to use as a host name. Some debugging is needed here to
>>>>> see what is really going on.
>>>>>> If so, I'm having trouble figuring out how to get to that information.
>>>>>> I've tried walking down from the domain, but I don't see the method
>>>>>> calls I think I need (asadmin set
>>>>>> server.http-service.virtual-server.__asadmin.hosts=myhost).
>>>>> If the Mapper object is really the way to do this via
>>>>> ContainerMapper and GlassFishNetworkListener, then
>>>>> GlassFishNetworkListener.configureHttpProtocol has a loop that
>>>>> looks for the right VirtualServer. It can call
>>>>> VirtualServer.getHosts and then do the needful.
>>>>>
>>>>> I'm not 100% sure that GlassFishNetworkListener is really used
>>>>> with the admin adapters, so the first step is to verify that this
>>>>> is how the admin adapter is really configured and that this Mapper
>>>>> is really be used.
>>>>>
>>>>> Tom
>>>>>
>>>>>> I can't use
>>>>>> CommandRunner, as I don't have a Principal to pass to it, so I would
>>>>>> think it would fail if the server has been secured. Where should I start?
>>>>>>
>>>>>> On 04/03/2013 04:26 PM, Michael Chen wrote:
>>>>>>> Jason,
>>>>>>>
>>>>>>> Thank you very much. I will assign the bug to you.
>>>>>>>
>>>>>>> Michael
>>>>>>>
>>>>>>>
>>>>>>> On Apr 3, 2013, at 2:24 PM, Jason Lee wrote:
>>>>>>>
>>>>>>>> Yes, I can take a look.
>>>>>>>>
>>>>>>>> On 04/03/2013 04:13 PM, Michael Chen wrote:
>>>>>>>>> Jason,
>>>>>>>>>
>>>>>>>>> I am not sure if you are busy with CloudLogic. Do you have some time to work on this bug?
>>>>>>>>>
>>>>>>>>> thanks,
>>>>>>>>> Michael
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Apr 1, 2013, at 7:42 AM, Tom Mueller wrote:
>>>>>>>>>
>>>>>>>>>> I agree with Amy about what we need to focus on.
>>>>>>>>>>
>>>>>>>>>> There is an AdminEndpointDecider class (in core/kernel) that is used by AdminConsoleAdapter, ConsoleAdapter, and RestAdapter (except I don't see how it is actually used in the latter). The AdminEndpointDecider has methods getGuiHosts and getAsadminHosts, but these methods just return the name of a virtual server. Other classes involved with this are GrizzlyService, ContainerMapper, Endpoint, and Adapter. There is also a GlassfishNetworkListener class, but I don't know if it is involved here.
>>>>>>>>>>
>>>>>>>>>> My guess is that the admin infrastructure for routing requests to the console just doesn't support the "hosts" feature for a virtual server. But I haven't looked through the code enough to state that with certainty.
>>>>>>>>>>
>>>>>>>>>> If that is true, then the bottom line is that GlassFish just doesn't support what the user is trying to do, and this is actually an RFE rather than a bug. On other other hand, since the admin infrastructure is using virtual servers, it is reasonable to expect that the virtual server behavior should be consistent, i.e., what works in the web container should work with the console too. So in that sense this could be considered a bug.
>>>>>>>>>>
>>>>>>>>>> Michael, we'll need to figure out who should work on this. This code was mainly written by a person who has left the project (Jerome) so we don't have clear ownership at this point.
>>>>>>>>>>
>>>>>>>>>> Tom
>>>>>>>>>>
>>>>>>>>>> On 3/30/13 1:57 PM, Amy Roh wrote:
>>>>>>>>>>> Hi Tom and Anissa,
>>>>>>>>>>>
>>>>>>>>>>> IMO, we should focus on the original issue, why --hosts for ___asadmin is not working as expected rather than focusing on why the user's invalid workaround isn't working.
>>>>>>>>>>>
>>>>>>>>>>> Since --hosts for __asadmin isn't working for the user, he is trying to set admin-listener's default virtual server to be "server", different from the default "__asadmin" and this is not a valid workaround. __asadmin and admin-listener are special virtual server and listener and they are handled differently.
>>>>>>>>>>>
>>>>>>>>>>> As I stated in my last comment, web container lets AdminConsoleAdapter handle any requests for the __asadmin virtual server. I am not too familiar with AdminConsoleAdapter code but modifying AdminConsoleAdapter to check __asadmin --hosts before granting admin console access should fix the issue.
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Amy
>>>>>>>>>>>
>>>>>>>>>>> On 3/30/13 9:36 AM, Anissa Lam wrote:
>>>>>>>>>>>> Hi Tom,
>>>>>>>>>>>>
>>>>>>>>>>>> This bug has been going around between admin-gui, admin and web container. Amy just send this back to me.
>>>>>>>>>>>> I am not sure if this is really GUI issue or if so, how to proceed. I need help with this.
>>>>>>>>>>>> According to the latest comment from the submitter, he is using CLI to set all the related attributes, and he is seeing problem with the stop-domain, and maybe other CLI commands.
>>>>>>>>>>>> Without console in the picture, it seems there is issue with admin when changing attributes related to virtual server.
>>>>>>>>>>>> I hope to see that CLI works fine with his configuration and only console is causing issue, before i spend time on this. I don't think i will be able to get to this before Tues HCF. The latest change relating to "system-all" object type in resources wasn't planned and takes up some of my time that i have originally planned to wrap up 2 other bugs.
>>>>>>>>>>>> Do you have some cycle to get to the bottom of the issue ? and if you have suggestion on what exactly the console need to do, please advice.
>>>>>>>>>>>>
>>>>>>>>>>>> thanks
>>>>>>>>>>>> Anissa.
>>>>>>>>>>>>
>>>>>>>> --
>>>>>>>> Jason Lee
>>>>>>>> Principal Member of Technical Staff
>>>>>>>> GlassFish Team
>>>>>>>>
>>>>>>>> Oracle Corporation
>>>>>>>> Phone +1 405-216-3193
>>>>>>>> Blog http://blogs.steeplesoft.com
>>>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Jason Lee
>>>> Principal Member of Technical Staff
>>>> GlassFish Team
>>>>
>>>> Oracle Corporation
>>>> Phone +1 405-216-3193
>>>> Blog http://blogs.steeplesoft.com
>>>
>>
>>
>> --
>> Jason Lee
>> Principal Member of Technical Staff
>> GlassFish Team
>>
>> Oracle Corporation
>> Phone +1 405-216-3193
>> Blog http://blogs.steeplesoft.com
>
--
Jason Lee
Principal Member of Technical Staff
GlassFish Team
Oracle Corporation
Phone +1 405-216-3193
Blog http://blogs.steeplesoft.com