JMinor Application Framework

As simple as possible but not simpler

User Tools

Site Tools


documentation:technical:server

Introduction

  • Firewall friendly; uses one way communications without callbacks and can be configured to serve on a single fixed port
  • Client/server communications SSL encrypted by default 1) 2)
  • Integrated web server for serving Web Start applications and files, based on Jetty
  • All user authentication left to the database
  • Comprehensive administration and monitoring facilities
  • Moderate memory and CPU usage

Configuration

Requirements

For a quick introduction to Java RMI see: Java remote method invocation.

A JMinor server requires access to at most four configurable ports, one is required for the RMI Registry (1099 by default), one is required for serving clients and one for the server administration interface (a single port can be shared for this purpose), and finally the server needs to have access to the DBMS.

SSL setup

By default the communication channel between client and server is secured using the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocols. On how to set up the required SSL keystores and truststores see Java.net/The New RMI.

Firewall setup

Example iptables entries

#rmi registry
-A INPUT -p tcp --dport 1099 -j ACCEPT
#jminor server port
-A INPUT -p tcp --dport 2222 -j ACCEPT
#jminor server admin port
-A INPUT -p tcp --dport 2223 -j ACCEPT

Demo configuration files

File: resources/server/config/h2_embedded.config -

# Database configuration
jminor.db.type=h2
jminor.db.host=h2db
jminor.db.embeddedInMemory=true
jminor.db.useOptimisticLocking=true
jminor.db.initScript=
    ../config/empdept/create_schema.sql,\
    ../config/chinook/create_schema.sql,\
    ../config/petstore/create_schema.sql,\
    ../config/world/create_schema.sql
 
# The admin user credentials, used by the server monitor application
jminor.server.admin.user=scott:tiger
 
# Client logging enabled by default
jminor.server.clientLoggingEnabled=true
 
# A domain model class for each application
jminor.server.domain.classes=
    org.jminor.framework.demos.empdept.domain.EmpDept,\
    org.jminor.framework.demos.petstore.domain.Petstore,\
    org.jminor.framework.demos.chinook.domain.impl.ChinookImpl,\
    org.jminor.framework.demos.world.domain.World
 
# Any LoginProxy implementations
jminor.server.loginProxyClasses=
    org.jminor.framework.demos.empdept.server.EmpDeptLoginProxy
 
# A connection pool based on this user is created on startup
jminor.server.pooling.startupPoolUsers=scott:tiger
 
# The port used by clients
jminor.server.port=2222
 
# The port for the admin interface, used by the server monitor
jminor.server.admin.port=4444
 
# RMI Registry port
jminor.server.registryPort=1099
 
# Any auxiliary servers to run along this server
jminor.server.auxiliaryServerClassNames=
    org.jminor.framework.servlet.EntityServletServer
 
# A directory from which to server files
jminor.server.http.documentRoot=./web
 
# The http port
jminor.server.http.port=8080
 
# Specifies whether or not to use https
jminor.server.http.secure=false
 
# The serialization whitelist to use for RMI deserialization
jminor.server.serializationFilterWhitelist=
    ../config/serialization-whitelist.txt
 
# RMI configuration
java.rmi.server.hostname=localhost
java.rmi.server.randomIDs=true
java.rmi.server.useCodebaseOnly=true
 
# SSL configuration
javax.net.ssl.keyStore=../config/jminor_keystore.jks
javax.net.ssl.keyStorePassword=crappypass
 
# Used to connect to the server to shut it down
javax.net.ssl.trustStore=../config/jminor_truststore.jks
javax.net.ssl.trustStorePassword=crappypass

Unable to display file "resources/server/config/mysql.config": It may not exist, or permission may be denied.

Unable to display file "resources/server/config/oracle.config": It may not exist, or permission may be denied.

Server MySQL example

Configuration arguments for running a ssl secured JMinor RMI server on port 2222 to serve clients data from a MySQL database:

  • java.rmi.server.hostname=server.domain.org, the name of the host on which the server is running
  • java.security.policy=jminor_server.policy, the security policy file, see below
  • jminor.server.connection.sslEnabled=true 3), enables the SSL client connection encryption.
  • javax.net.ssl.keyStore=JMinorServerKeystore, the server keystore file for securing client connections
  • javax.net.ssl.keyStorePassword=jminor, the keystore password
  • jminor.server.clientLoggingEnabled=true 4), if enabled the server keeps a circular log of the most recent client method calls
  • jminor.server.port=2222 5), the port used for the client connections
  • jminor.server.registryPort=1099 7), the port for the RMI registry
  • jminor.db.type=mysql 8), the database type
  • jminor.db.host=database.domain.org 9), the database host name
  • jminor.db.port=3306 10), the port on which the database is accepting connections
  • jminor.db.sid=mysql 11), the database system identifier
  • jminor.server.pooling.initial=scott:tiger 12), a comma separated list of username:password combinations for which connection pools should be established on server startup
  • jminor.server.domain.classes=org.jminor.framework.demos.empdept.domain.EmpDept 13), a comma separated list of domain model classes that should be loaded on server startup

Security policy

For general information on the Java security model see: Java security

File: resources/server/security/jminor_server.policy -

grant {
  permission java.io.FilePermission "${user.dir}/logs", "read";
  permission java.io.FilePermission "${user.dir}/logs/-", "read,write,delete";
  permission java.io.FilePermission "${user.dir}/-", "read,write,delete";
  permission java.io.FilePermission "./-", "read,write,delete";
  //Web Start Server document root
  //permission java.io.FilePermission "/home/webstart/-", "read";
 
  //Web Start server port
  permission java.net.SocketPermission "*:8080", "listen";
  permission java.net.SocketPermission "*:8080-", "connect,listen,resolve";
  //Database port
  permission java.net.SocketPermission "*:3306", "connect";
  //Client service port
  permission java.net.SocketPermission "*:2222", "connect,listen";
  //Server admin port
  permission java.net.SocketPermission "*:4444", "connect,listen";
  //RMI Registry
  permission java.net.SocketPermission "*:1099", "connect,listen";
 
  permission java.net.SocketPermission "*", "accept";
  permission java.util.PropertyPermission "*", "read, write";
 
  permission java.lang.RuntimePermission "shutdownHooks";
  //for shutting down ExecutorService instances
  permission java.lang.RuntimePermission "modifyThread";
  //for JasperReports report generation and domain class loading
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.lang.RuntimePermission "getProtectionDomain";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
  //for logback
  permission java.lang.RuntimePermission "accessClassInPackage.sun.rmi.transport.proxy";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.rmi.registry";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.rmi.server";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.rmi.transport.tcp";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.protocol.http";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http";
 
  //for jetty, --incomplete, use all_permissions.policy when using the rest server plugin--
  permission java.util.PropertyPermission "*", "read,write";
  permission java.io.FilePermission "${user.dir}${/}-", "read";
  permission java.io.FilePermission "${user.dir}${/}logs${/}*", "read,write,delete";
  permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete";
  permission java.security.SecurityPermission "putProviderProperty.SunJSSE";
  permission java.security.SecurityPermission "insertProvider.SunJSSE";
  permission java.lang.RuntimePermission "setSecurityManager";
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.lang.RuntimePermission "setContextClassLoader";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.tools.*";
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.tools.*";
  permission java.security.SecurityPermission "getPolicy";
  permission java.lang.RuntimePermission "setIO";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};

Monitoring

documentation/technical/server.txt · Last modified: 2019/08/21 20:27 by darri