james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (Jira)" <server-...@james.apache.org>
Subject [jira] [Commented] (JAMES-3400) Develope new James CLI based on WebAdmin API
Date Thu, 08 Oct 2020 00:33:00 GMT

    [ https://issues.apache.org/jira/browse/JAMES-3400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17209944#comment-17209944

ASF GitHub Bot commented on JAMES-3400:

chibenwa commented on a change in pull request #251:
URL: https://github.com/apache/james-project/pull/251#discussion_r501384630

File path: src/adr/0042-james-cli-based-on-webadmin.md
@@ -0,0 +1,75 @@
+# 42. James CLI based on webadmin API
+Date: 2020-10-05
+## Status
+Accepted (lazy consensus).
+ ## Context
+James servers offer a command-line interface in order to interact with the server. However,
it relies on the JMX protocol, which is known to be insecure. The JMX server embedded in Apache
James, also used by the command line client is exposed to a java de-serialization issue according
to [NVD-CVE-2017-12628 Detail](https://nvd.nist.gov/vuln/detail/CVE-2017-12628), and thus
can be used to execute arbitrary commands. 
+Besides, the current CLI interface is also not optimal for users. It places actions in front
of entities with contiguous syntax, making it harder for the user to remember the command
(for example, which entity the GET action command can interact with). If we design to place
the entity first and the outgoing actions can interact with that entity afterward, the user
will easily imagine what he/she can do with each entity. This creates an intuitive interface
that is easier to remember.
+Webadmin APIs use HTTP protocol, which is more secure than JMX protocol to interact with
James servers.
+Webadmin command-line interface is an upcoming replacement for the outdated, security-vulnerable
JMX command-line interface. 
+## Decision
+We decided to write a new CLI client, running on top of the JVM, communicating with James
via the webadmin protocol, using http.
+* What libraries will we use? 
+  * http client: ***Feign library***. We used it as an http client in other parts of James
so we continue to use it.
+  * CLI: ***Picocli library***. Picocli is a one-file command line parsing framework writed
by Java that allows we to create command line applications with almost no code. It allows
mixing Options with positional Parameters (Eg: don't have to follow order Options then Parameters),
[automatic type conversion](https://picocli.info/#_strongly_typed_everything) of command line
arguments to the type of the annotated field, provide Automatic Help and better Subcommand
Support, easily handle Exceptions.
+* How will we limit breaking changes this new CLI will cause?
+  * Work on a wrapper to adapt the old CLI API.
+* Where will we locate this cli code?
+  * server/protocols/webadmin-cli

Review comment:
       It is related to webadmin, having it close to webadmin feels natural to me.
   Putting something that is not (yet) the official cli in an official cli place might be
confusing. I would defer that choice.

This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:

> Develope new James CLI based on WebAdmin API
> --------------------------------------------
>                 Key: JAMES-3400
>                 URL: https://issues.apache.org/jira/browse/JAMES-3400
>             Project: James Server
>          Issue Type: Improvement
>          Components: CLI
>            Reporter: Tran Hong Quan
>            Priority: Major
> Webadmin command-line interface is an upcoming replacement for the outdated, security-vulnerable
JMX command-line interface. It also aims at providing a more modern and intuitive interface.
> For now, objective for the new CLI is interact with Domains, Users.

This message was sent by Atlassian Jira

To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

View raw message