Proposal : HTTP view for managed endpoints

[Sergey Beryozkin <sb...@progress.com>]

Hi

Now that both JAXWS and JAXRS operations can be monitored over JMX (hope Cyrille will confirm it later on), I reckon it would be cool to let users issue _manage queries against individual endpoints and get an HTML view, rather than having to launch a JConsole, ex :

GET http://myjaxwsservice?_manage
GET http://myjaxrsservice?_manage

A custom QueryHandler implementation, registered as part of the management feature, will convert the information from the JMX mbeans into an HTML page. For a start, it can just do some plain HTML in code. At the next stage, we can think about produceing nicer pages and adding some polling JavaScript code, etc.

Any comments ? I think it would be a very nice feature which would make the CXF management feature very visible to users. If someone could take upon this task then it would be appreciated a lot. Perhaps I might also look into it later on.

cheers, Sergey

RE: Proposal : HTTP view for managed endpoints

[Sergey Beryozkin <sb...@progress.com>]

Hi Cyrille

Thanks, this is very helpful and insightful...

See some comments inline with S.B


   Dear all,

   It's a very appealing feature, I would like to have it not only as
html but also as rss and in a shell client scripts friendly format.

> S.B sounds good, perhaps we can do Atom, similarly to the way the Atom
Logging feature converts log events into feeds/entries ?

   Here are my humble insights about web services monitoring and
management :

* Exposing management and monitoring features on web pages can be a
security breach (try to Google the management URI of your favorite
open source Java EE server, it's frightening :-) ).

* Nobody is perfect, I may expose a bunch of management jsp pages but
I protect them Spring Security URI based authentication and
authorization.

S.B : agreed about the need to protect, perhaps, if we have some
read-only statistics only then in the first version we can avoid it ? +1
to introducing some proper security checks though. It is something we'd
need to
address as well once we start letting users to register callback URIs
for Atom push log events or subscribe to pull feeds.
I'd also prefer not to introduce JSP but rely on something that is
already shipped with JDK, namely XSLT stylesheets for generating more
advanced pages, I'll be happy to contribute...Though if you reckon it
would be easier/more realistic to use JSP then we can discuss it
further...

* Monitoring counters are often difficult to render on a simple web
page because they most of the time are trends-up measures (1) and
rendering them requires correlation to create "Per Minute" indicators
(invocations per minute, etc).

S.B - good to know

* Web based monitoring would a nice and appealing feature but I feel
most production scenarios will prefer JMX oriented monitoring tools
for security, graphing and recording. I am personally very happy with
the Hyperic HQ Open Source edition to monitor CXF and JBoss Jopr (also
Open Source) seems to be as efficient.

S.B - indeed, but it'd still be nice to have web-based only monitoring
tool :-) In fact, as far as I know, there's even a Java-neutral JMX spec
for exposing the management details over WS, I was even involved briefly
in it without doing much work :-) - I'm not proposing to implement it
though

* a REST based API would even be more powerful than raw html ! It
would be great for non JMX enabled monitoring tools (Nagios, etc) to
have shell script friendly format (). We would expose basic html for
web browsers, RSS for widgets and dashboards, raw text for non JMX
enabled monitoring tools (Nagios, etc).

S.B +1. In fact, I'm only proposing a plain HTML for a start, to have a
project going :-), and then we can have some advanced pages with
embedded scripts invoking on some CXF JAXRS endpoint which exposed the
details of managed beans. This endpoint also can easily take care of
producing various formats too. Having shell scripts seems like a good
idea too :-) 

* Such a web based monitoring solution could be very generic and not
only apply to CXF metrics ; the forthcoming Spring 3 @ManagedMetric
annotation could help.

* For security reasons, I would feel more comfortable with a dedicated
base URI to ease URL based protection (with Spring Security, web.xml,
etc). Using the @RolesAllowed standard annotation would be key to ease
method level authorization.

* By the way, would it make sense to look at the @RolesAllowed
standard annotation to protect the existing web services list (ie call
to "/services/") ?

> S.B. I agree about the need to have a good security support, we can
figure out later on the best approach :-)

   I hope I was not too long :-)

> S.B - it was perfect :-) Lets continue the discussion. At some later
stage we can create a master JIRA and start think how to tackle it

Thanks, Sergey

   Cyrille
--
Cyrille Le Clerc
cleclerc@xebia.fr

(1) Hyperic HQ doc : "trendsup: Values will always increase. Because
of that, the rate of change becomes more important, so HQ
automatically creates a secondary metric: a per-minute rate
measurement...". See
http://support.hyperic.com/display/DOC/Metric+Parameters


On Fri, Dec 11, 2009 at 2:33 PM, Sergey Beryozkin
<sb...@progress.com> wrote:
>
> Hi
>
> Now that both JAXWS and JAXRS operations can be monitored over JMX
(hope Cyrille will confirm it later on), I reckon it would be cool to
let users issue _manage queries against individual endpoints and get an
HTML view, rather than having to launch a JConsole, ex :
>
> GET http://myjaxwsservice?_manage
> GET http://myjaxrsservice?_manage
>
> A custom QueryHandler implementation, registered as part of the
management feature, will convert the information from the JMX mbeans
into an HTML page. For a start, it can just do some plain HTML in code.
At the next stage, we can think about produceing nicer pages and adding
some polling JavaScript code, etc.
>
> Any comments ? I think it would be a very nice feature which would
make the CXF management feature very visible to users. If someone could
take upon this task then it would be appreciated a lot. Perhaps I might
also look into it later on.
>
> cheers, Sergey
>

Re: Proposal : HTTP view for managed endpoints

[Cyrille Le Clerc <cy...@cyrilleleclerc.com>]

   Dear all,

   It's a very appealing feature, I would like to have it not only as
html but also as rss and in a shell client scripts friendly format.

   Here are my humble insights about web services monitoring and management :

* Exposing management and monitoring features on web pages can be a
security breach (try to Google the management URI of your favorite
open source Java EE server, it's frightening :-) ).

* Nobody is perfect, I may expose a bunch of management jsp pages but
I protect them Spring Security URI based authentication and
authorization.

* Monitoring counters are often difficult to render on a simple web
page because they most of the time are trends-up measures (1) and
rendering them requires correlation to create "Per Minute" indicators
(invocations per minute, etc).

* Web based monitoring would a nice and appealing feature but I feel
most production scenarios will prefer JMX oriented monitoring tools
for security, graphing and recording. I am personally very happy with
the Hyperic HQ Open Source edition to monitor CXF and JBoss Jopr (also
Open Source) seems to be as efficient.

* a REST based API would even be more powerful than raw html ! It
would be great for non JMX enabled monitoring tools (Nagios, etc) to
have shell script friendly format (). We would expose basic html for
web browsers, RSS for widgets and dashboards, raw text for non JMX
enabled monitoring tools (Nagios, etc).

* Such a web based monitoring solution could be very generic and not
only apply to CXF metrics ; the forthcoming Spring 3 @ManagedMetric
annotation could help.

* For security reasons, I would feel more comfortable with a dedicated
base URI to ease URL based protection (with Spring Security, web.xml,
etc). Using the @RolesAllowed standard annotation would be key to ease
method level authorization.

* By the way, would it make sense to look at the @RolesAllowed
standard annotation to protect the existing web services list (ie call
to "/services/") ?

   I hope I was not too long :-)

   Cyrille
--
Cyrille Le Clerc
cleclerc@xebia.fr

(1) Hyperic HQ doc : "trendsup: Values will always increase. Because
of that, the rate of change becomes more important, so HQ
automatically creates a secondary metric: a per-minute rate
measurement...". See
http://support.hyperic.com/display/DOC/Metric+Parameters


On Fri, Dec 11, 2009 at 2:33 PM, Sergey Beryozkin <sb...@progress.com> wrote:
>
> Hi
>
> Now that both JAXWS and JAXRS operations can be monitored over JMX (hope Cyrille will confirm it later on), I reckon it would be cool to let users issue _manage queries against individual endpoints and get an HTML view, rather than having to launch a JConsole, ex :
>
> GET http://myjaxwsservice?_manage
> GET http://myjaxrsservice?_manage
>
> A custom QueryHandler implementation, registered as part of the management feature, will convert the information from the JMX mbeans into an HTML page. For a start, it can just do some plain HTML in code. At the next stage, we can think about produceing nicer pages and adding some polling JavaScript code, etc.
>
> Any comments ? I think it would be a very nice feature which would make the CXF management feature very visible to users. If someone could take upon this task then it would be appreciated a lot. Perhaps I might also look into it later on.
>
> cheers, Sergey
>

Re: Proposal : HTTP view for managed endpoints

[Cyrille Le Clerc <cy...@cyrilleleclerc.com>]

   Dear all,

   It's a very appealing feature, I would like to have it not only as
html but also as rss and in a shell client scripts friendly format.

   Here are my humble insights about web services monitoring and management :

* Exposing management and monitoring features on web pages can be a
security breach (try to Google the management URI of your favorite
open source Java EE server, it's frightening :-) ).

* Nobody is perfect, I may expose a bunch of management jsp pages but
I protect them Spring Security URI based authentication and
authorization.

* Monitoring counters are often difficult to render on a simple web
page because they most of the time are trends-up measures (1) and
rendering them requires correlation to create "Per Minute" indicators
(invocations per minute, etc).

* Web based monitoring would a nice and appealing feature but I feel
most production scenarios will prefer JMX oriented monitoring tools
for security, graphing and recording. I am personally very happy with
the Hyperic HQ Open Source edition to monitor CXF and JBoss Jopr (also
Open Source) seems to be as efficient.

* a REST based API would even be more powerful than raw html ! It
would be great for non JMX enabled monitoring tools (Nagios, etc) to
have shell script friendly format (). We would expose basic html for
web browsers, RSS for widgets and dashboards, raw text for non JMX
enabled monitoring tools (Nagios, etc).

* Such a web based monitoring solution could be very generic and not
only apply to CXF metrics ; the forthcoming Spring 3 @ManagedMetric
annotation could help.

* For security reasons, I would feel more comfortable with a dedicated
base URI to ease URL based protection (with Spring Security, web.xml,
etc). Using the @RolesAllowed standard annotation would be key to ease
method level authorization.

* By the way, would it make sense to look at the @RolesAllowed
standard annotation to protect the existing web services list (ie call
to "/services/") ?

   I hope I was not too long :-)

   Cyrille
--
Cyrille Le Clerc
cleclerc@xebia.fr

(1) Hyperic HQ doc : "trendsup: Values will always increase. Because
of that, the rate of change becomes more important, so HQ
automatically creates a secondary metric: a per-minute rate
measurement...". See
http://support.hyperic.com/display/DOC/Metric+Parameters


On Fri, Dec 11, 2009 at 2:33 PM, Sergey Beryozkin <sb...@progress.com> wrote:
>
> Hi
>
> Now that both JAXWS and JAXRS operations can be monitored over JMX (hope Cyrille will confirm it later on), I reckon it would be cool to let users issue _manage queries against individual endpoints and get an HTML view, rather than having to launch a JConsole, ex :
>
> GET http://myjaxwsservice?_manage
> GET http://myjaxrsservice?_manage
>
> A custom QueryHandler implementation, registered as part of the management feature, will convert the information from the JMX mbeans into an HTML page. For a start, it can just do some plain HTML in code. At the next stage, we can think about produceing nicer pages and adding some polling JavaScript code, etc.
>
> Any comments ? I think it would be a very nice feature which would make the CXF management feature very visible to users. If someone could take upon this task then it would be appreciated a lot. Perhaps I might also look into it later on.
>
> cheers, Sergey
>