You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by bu...@apache.org on 2016/04/05 11:53:42 UTC
svn commit: r984787 - in /websites/staging/sling/trunk/content: ./ documentation/the-sling-engine/the-sling-launchpad.html

Author: buildbot
Date: Tue Apr  5 09:53:41 2016
New Revision: 984787

Log:
Staging update by buildbot for sling

Modified:
    websites/staging/sling/trunk/content/   (props changed)
    websites/staging/sling/trunk/content/documentation/the-sling-engine/the-sling-launchpad.html

Propchange: websites/staging/sling/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Apr  5 09:53:41 2016
@@ -1 +1 @@
-1737673
+1737813

Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/the-sling-launchpad.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/the-sling-launchpad.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/the-sling-launchpad.html Tue Apr  5 09:53:41 2016
@@ -235,16 +235,41 @@ h2:hover > .headerlink, h3:hover > .head
 <li>If none of the above resolves to a non-null value, the default value of <code>sling</code> is assumed</li>
 </ol>
 <h3 id="control-port">Control Port<a class="headerlink" href="#control-port" title="Permanent link">&para;</a></h3>
-<p>When starting the Sling Standalone Application with the <code>start</code> command line option, a TCP port is opened. The interface and port is configurable with the <code>-j</code> command line option. The address of the interface and the actual port used are written to the <code>$\{sling.home}/conf/controlport</code> file. So technically the <code>-j</code> option is not required for the <code>status</code> and <code>stop</code> operations because the port information is just read from this file.</p>
+<p>When starting the Sling Standalone Application with the <code>start</code> command line option, a TCP port is opened. The interface and port is configurable with the <code>-j</code> command line option. The actual address and port used are written to the <code>$\{sling.home}/conf/controlport</code> file. So technically the <code>-j</code> option is not required for the <code>status</code> and <code>stop</code> operations because the port information can be read from that file.</p>
 <p>Note that using a control connection for the Sling Standalone Application presents a potential security issue. For this reason the following defaults apply:</p>
 <ul>
-<li>The server side socket for a running Sling Standalone Application is only created if the application is started with the <code>start</code> command line option. If this option is omitted -- the default -- the server side socket is not created and the Sling Standalone Application instance cannot be remotely controlled.</li>
-<li>The default host name for the socket is localhost/127.0.0.1 meaning that the socket is only accessible from the same system as the Sling Standalone Application is running on.</li>
-<li>In addition to the IP address and port on which the control port is listening a nonce is written to the <code>controlport</code> file. Any interaction with the server on the control port must include this none.</li>
+<li>The server side socket for a running Sling Standalone Application is not created by default, but only if the application is started with the <code>start</code> command line option.</li>
+<li>The default control port configuration is <code>localhost/127.0.0.1</code> meaning that the socket is only accessible from the same system as the Sling Standalone Application is running on.</li>
+<li>A nonce, followed by a space character, must be used as a prefix for every command sent to the control port. This nonce is generated by Sling at startup and also written to the <code>controlport</code> file mentioned above.</li>
 </ul>
-<p>Suggestions:
-<em> Do not allow the control port to be opened on an externally visible interface. Using the localhost/127.0.0.1 is just sufficient.
-</em> Make sure only legitimate users have access to the installation folder of Sling (<code>${sling.home}</code>).</p>
+<p>For additional security, do not allow the control port to be opened on an externally visible network interface and strictly restrict access to the Sling installation folder (<code>${sling.home}</code>).</p>
+<p>Here's an example session where a Sling Standalone Application is started with the control port active:</p>
+<div class="codehilite"><pre>$ <span class="n">java</span> <span class="o">-</span><span class="n">jar</span> <span class="n">target</span><span class="o">/</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">sling</span><span class="p">.</span><span class="n">launchpad</span><span class="o">-</span>9<span class="o">-</span><span class="n">SNAPSHOT</span><span class="p">.</span><span class="n">jar</span> <span class="n">start</span>
+05<span class="p">.</span>04<span class="p">.</span>2016 11<span class="p">:</span>50<span class="p">:</span>45<span class="p">.</span>003 <span class="o">*</span><span class="n">INFO</span> <span class="o">*</span> <span class="p">[</span><span class="n">main</span><span class="p">]</span> <span class="n">Setting</span> <span class="n">sling</span><span class="p">.</span><span class="n">home</span><span class="p">=</span><span class="n">sling</span> <span class="p">(</span><span class="n">default</span><span class="p">)</span>
+05<span class="p">.</span>04<span class="p">.</span>2016 11<span class="p">:</span>50<span class="p">:</span>45<span class="p">.</span>006 <span class="o">*</span><span class="n">INFO</span> <span class="o">*</span> <span class="p">[</span><span class="n">main</span><span class="p">]</span> <span class="n">Starting</span> <span class="n">Apache</span> <span class="n">Sling</span> <span class="n">in</span> <span class="o">/</span><span class="n">foo</span><span class="o">/</span><span class="n">sling</span><span class="o">/</span><span class="n">launchpad</span><span class="o">/</span><span class="n">builder</span><span class="o">/</span><span class="n">sling</span>
+<span class="p">...</span>
+05<span class="p">.</span>04<span class="p">.</span>2016 11<span class="p">:</span>50<span class="p">:</span>45<span class="p">.</span>012 <span class="o">*</span><span class="n">INFO</span> <span class="o">*</span> <span class="p">[</span><span class="n">Apache</span> <span class="n">Sling</span> <span class="n">Control</span> <span class="n">Listener</span><span class="p">@</span><span class="o">/</span>127<span class="p">.</span>0<span class="p">.</span>0<span class="p">.</span>1<span class="p">:</span>59239<span class="p">]</span> <span class="n">Apache</span> <span class="n">Sling</span> <span class="n">Control</span> <span class="n">Listener</span> <span class="n">started</span>
+<span class="p">...</span>
+</pre></div>
+
+
+<p>And stopped using its control port, from another terminal:</p>
+<div class="codehilite"><pre>$ <span class="nb">cat</span> <span class="n">sling</span><span class="o">/</span><span class="n">conf</span><span class="o">/</span><span class="n">controlport</span> 
+127<span class="p">.</span>0<span class="p">.</span>0<span class="p">.</span>1<span class="p">:</span>59239
+<span class="n">mdsryh1k5fpcgvm7suqnckxkr7fvluzv</span>
+
+$ <span class="n">telnet</span> 127<span class="p">.</span>0<span class="p">.</span>0<span class="p">.</span>1 59239
+<span class="n">Trying</span> 127<span class="p">.</span>0<span class="p">.</span>0<span class="p">.</span>1<span class="p">...</span>
+<span class="n">Connected</span> <span class="n">to</span> <span class="n">localhost</span><span class="p">.</span>
+<span class="n">Escape</span> <span class="n">character</span> <span class="n">is</span> <span class="s">&#39;^]&#39;</span><span class="p">.</span>
+
+<span class="n">mdsryh1k5fpcgvm7suqnckxkr7fvluzv</span> <span class="n">stop</span>
+
+<span class="n">OK</span>
+<span class="n">Connection</span> <span class="n">closed</span> <span class="n">by</span> <span class="n">foreign</span> <span class="n">host</span><span class="p">.</span>
+</pre></div>
+
+
 <h3 id="shutdown-hook">Shutdown Hook<a class="headerlink" href="#shutdown-hook" title="Permanent link">&para;</a></h3>
 <p>By default the Sling Launchpad standalone application installs a Shutdown Hook with the Java Runtime to make sure the framework is properly
 terminated in case of a Java termination. In some situations or setups you want to control shutdown of Sling yourselves, so Sling supports a command
@@ -345,7 +370,7 @@ handed to the <code>Main</code> construc
 </ul>
 <p>That's it. The resulting artifact may be directly used to launch the Standalone Java Application or may directly be deployed into any Servlet API 3.0 (or later) compliant servlet container.</p>
       <div class="timestamp" style="margin-top: 30px; font-size: 80%; text-align: right;">
-        Rev. 1709009 by rombert on Fri, 16 Oct 2015 14:17:43 +0000
+        Rev. 1737813 by bdelacretaz on Tue, 5 Apr 2016 09:53:25 +0000
       </div>
       <div class="trademarkFooter"> 
         Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project