cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cyrille Le Clerc <cyri...@cyrilleleclerc.com>
Subject Re: Proposal : HTTP view for managed endpoints
Date Fri, 11 Dec 2009 17:32:25 GMT
   Dear all,

   It's a very appealing feature, I would like to have it not only as
html but also as rss and in a shell client scripts friendly format.

   Here are my humble insights about web services monitoring and management :

* Exposing management and monitoring features on web pages can be a
security breach (try to Google the management URI of your favorite
open source Java EE server, it's frightening :-) ).

* Nobody is perfect, I may expose a bunch of management jsp pages but
I protect them Spring Security URI based authentication and
authorization.

* Monitoring counters are often difficult to render on a simple web
page because they most of the time are trends-up measures (1) and
rendering them requires correlation to create "Per Minute" indicators
(invocations per minute, etc).

* Web based monitoring would a nice and appealing feature but I feel
most production scenarios will prefer JMX oriented monitoring tools
for security, graphing and recording. I am personally very happy with
the Hyperic HQ Open Source edition to monitor CXF and JBoss Jopr (also
Open Source) seems to be as efficient.

* a REST based API would even be more powerful than raw html ! It
would be great for non JMX enabled monitoring tools (Nagios, etc) to
have shell script friendly format (). We would expose basic html for
web browsers, RSS for widgets and dashboards, raw text for non JMX
enabled monitoring tools (Nagios, etc).

* Such a web based monitoring solution could be very generic and not
only apply to CXF metrics ; the forthcoming Spring 3 @ManagedMetric
annotation could help.

* For security reasons, I would feel more comfortable with a dedicated
base URI to ease URL based protection (with Spring Security, web.xml,
etc). Using the @RolesAllowed standard annotation would be key to ease
method level authorization.

* By the way, would it make sense to look at the @RolesAllowed
standard annotation to protect the existing web services list (ie call
to "/services/") ?

   I hope I was not too long :-)

   Cyrille
--
Cyrille Le Clerc
cleclerc@xebia.fr

(1) Hyperic HQ doc : "trendsup: Values will always increase. Because
of that, the rate of change becomes more important, so HQ
automatically creates a secondary metric: a per-minute rate
measurement...". See
http://support.hyperic.com/display/DOC/Metric+Parameters


On Fri, Dec 11, 2009 at 2:33 PM, Sergey Beryozkin <sberyozk@progress.com> wrote:
>
> Hi
>
> Now that both JAXWS and JAXRS operations can be monitored over JMX (hope Cyrille will
confirm it later on), I reckon it would be cool to let users issue _manage queries against
individual endpoints and get an HTML view, rather than having to launch a JConsole, ex :
>
> GET http://myjaxwsservice?_manage
> GET http://myjaxrsservice?_manage
>
> A custom QueryHandler implementation, registered as part of the management feature, will
convert the information from the JMX mbeans into an HTML page. For a start, it can just do
some plain HTML in code. At the next stage, we can think about produceing nicer pages and
adding some polling JavaScript code, etc.
>
> Any comments ? I think it would be a very nice feature which would make the CXF management
feature very visible to users. If someone could take upon this task then it would be appreciated
a lot. Perhaps I might also look into it later on.
>
> cheers, Sergey
>

Mime
View raw message