users@glassfish.java.net

Re: Programmatically create users from web service in glassfish

From: <glassfish_at_javadesktop.org>
Date: Tue, 28 Aug 2007 11:52:36 PDT

Turns out that anything the Admin console can do, you can do also because the admin console does all its work through MBeans.

You can explore the MBeans available within a running server using the jconsole command.

Look for something like this in your GF log:

ADM1504: Here is the JMXServiceURL for the Standard JMXConnectorServer: [service:jmx:rmi:///jndi/rmi://yourhost.com:8686/jmxrmi]. This is where the remote administrative clients should connect using the standard JMX connectors

Plug the "service:..." url in to the "Advanced" tab of the jconcole, then click on MBeans. You can file all sorts of things in there.

The one we're specifically interested in is under "com.sun.appserv" -> "auth-realm" -> "file" -> "server-config" -> "config".

There we find the File Ream MBean.

Note the Classname matches the name of the realm in the Admin console.

Next, click on Operations, and you can see the kinds of things that this MBean can do.

Note, however that while we have an "addUser" operation, it's dimmed out.

It's not obvious why that is dimmed out, but if you look closely at the third parameter, it's "String;". Note the semi-colon. Most of the others are simply "String". "String;" means "String[]" (and represents it badly, frankly).

Anyway, the simple jconsole UI can't handle String arrays, so it dims out the entire operation. Just like it dims out the "setProperty" operation, because it takes an "Attribute" vs a String.

But rest assured that even though it's dimmed out here, you can access it in your code.

How do you do that?

Well, you need to know a bit of JMX to understand that, and feel free to hunt down the details.

But here's the sample code to get it done:
[code]
// Find the MBean server
javax.management.MBeanServer mbs = (javax.management.MBeanServer) javax.management.MBeanServerFactory.findMBeanServer(null).iterator().next();
// Locate the MBean we are interested in
javax.management.ObjectName on = new javax.management.ObjectName("com.sun.appserv:type=auth-realm,name=file,config=server-config,category=config");
// Execute the "add User" method. It takes 3 parameters: String userName, String password, String[] groups
Object o = mbs.invoke(on, "addUser", new Object[]{"username", "password", new String[]{"group1", "group2"}},
    new String[]{"java.lang.String","java.lang.String", "[Ljava.lang.String;"});
// Execute getUserNames to see if our user was added
String users[] = (String[]) mbs.invoke(on, "getUserNames", new Object[0], new String[0]);
for(String s : users) {
    System.out.println(s);
}
[/code]

The "com.sun.appserv:type=auth-realm,name=file,config=server-config,category=config" is the "name" of the MBean. You can see that in the jconsole on the Info tab.

I'll let the other operations be an exercise for the reader.

Finally, in theory you could just use the FileAuthRealm directly (you can find it in the GF source code), but the problem is that the server caches an internal instance of that class. If you used the FileAuthRealm on the same key file, the server wouldn't necessarily see the new users, and thus would't validate it.

With the MBean, it's plugged in to the server notification framework, so when you make a change the realm, all of the caches and what not are reloaded appropriately.
[Message sent by forum member 'whartung' (whartung)]

http://forums.java.net/jive/thread.jspa?messageID=232961