Secure your Java EE projects by using JOnAS Java EE server audit & diagnostic tools

Diagnostic & Audit system for Java EEapplicationsFlorent Benoit, BULL/OW2 [ @florentbenoit ]Secure your Java EE project with the performance diagnostic toolprovided by OW2 JOnAS OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. #1

Summary● Context● Environment : OW2 Java EE JOnAS Application server● Diagnostic tool ● Presentation ● Demo● Audit tool ● Presentation ● Demo● Conclusion OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. #2

ContextOW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. #3

Why these tools ?● Java EE specification: ● Ensure portability of applications ● Nothing about performance● Application performance / Reliability ? ● Applications can be Java EE compliant without being reliable● Finding performance problems ? ● Not so easy to find the problem with all components that are linked together.● Traceability ● Get a log for each executed operation● «Cost» of services ● For example, to know the memory used for a request OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. #4

Environment : OW2 Java EE JOnAS Application server OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. #5

JOnAS: Java EE Application server● Java EE 5 certified● Java EE services: ● Web Container: Tomcat (6 & 7) / Jetty ● EJB3 persistence / JPA 1 & 2: EasyBeans (EclipseLink, Hibernate, OpenJPA) ● Transactions: JOTM ● Clustering: CMI ● Web Services: CXF/Axis2 ● Asynchronous Messages: JORAM ● OSGi: Felix et IPOJO● Administration: web console, commands, API, JASMINe (Advanced management tool) OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. #6

JOnAS : Open Source Server ● Developed as an open source server (LGPL) within OW2: http://jonas.ow2.org ● OW2: independent industry consortium dedicated to developing open source code middleware ● Major contributors for JOnAS :Bull, France Telecom, Peking University, INRIA, UJF, UNIFOR, SERLI ● Linked OW2 projects : EasyBeans, JASMINe, JORAM, JOTM, CMI OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. #7

OSGi native Architecture● Dynamically adaptable platform● OSGi based services● Modularity / Extensibility● Profiles● Enhanced application server life cycle● On-Demand services● Dynamic configuration● Adaptable OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. #8

Diagnostic toolOW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. #9

Diagnostic toolJDBC Connection leak detector OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 10

« Pool » of JDBC connections● Limit the number of physical connections to the database● Optimize the time to provide a JDBC connection to the application datasource.getConnection(); connection.createStatement(); .... .... connection.close(); DataSource Pool OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 11

Forgot to call connection.close() ? Busy connections (used by applications) or not yet closed DataSource Pool Empty Pool● Problem : No more available connections for new clients ● → Connections never closed – → dont go back in the pool ● → Other clients are waiting – No free connections in the pool ! OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 12

Handling the connection leak ?● Avoid these connection leaks in production ? ● Automatic close of JDBC Connections by JOnAS – At the end of a method call (EJB stateless / HTTP request), remove() on stateful EJB beans. ● Life-time of JDBC connections – If no calls are done on a JDBC connection for a given amount of time, this connection is released and go back in the pool● These solutions are only patches ● Goal: Fix the problem in the applications code – Help provided by the JOnAS web console ● Track the root of the problem OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 13

Servlet using JDBC connections55 protected void doGet(....) {56 response.setContentType("text/html");57 PrintWriter out = response.getWriter();58 out.println("<html><body>");5960 DataSource ds = null;61 try {62 ds = (DataSource) new InitialContext().lookup("jdbc_1");63 ds.getConnection();64 } catch (NamingException e) {65 e.printStackTrace();66 } catch (SQLException e) {67 e.printStackTrace();68 } finally {69 out.println("</body></html>");70 out.close();71 }7273 } OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 14

Screenshot of JOnAS Admin console Line to analyze OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 15

Servlet with the JDBC error55 protected void doGet(....) {56 response.setContentType("text/html");57 PrintWriter out = response.getWriter();58 out.println("<html><body>");5960 DataSource ds = null;61 try {62 ds = (DataSource) new InitialContext().lookup("jdbc_1");63 ds.getConnection();64 } catch (NamingException e) {65 e.printStackTrace();66 } catch (SQLException e) {67 e.printStackTrace();68 } finally {69 out.println("</body></html>");70 out.close();71 }7273 } OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 16

DemoTracking JDBC connection leaks OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 17

Diagnostic toolMonitoring/displaying JVM Threads OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 18

Information about JVM threads OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 19

DemoThreads monitoring OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 20

Audit toolsOW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 21

Goals of the audit system [1/2]● Development ● Discovery of the software architecture of applications and calls between the Java EE modules → Difficult to track (complex/distributed applications ) ● Tracking the performance problems: → Enhance the performance → Identify the component that is causing the problem● Qualifying ● Statistics on features/services that are used (top 10, ...) ● Adapt applications to their usage ● Trends on applications/services – Response time, ... OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 22

Goals of the audit system [2/2]● Production ● Audit ● Traceability ● Log of services that have been used ● Billing (You pay what youre using) – (Google App Engine) OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 23

Commercial Tools● Commercial tools ● CA Wily Introscope® ● dynaTrace ● BMC AppSight ● Compuware Vantage Analyzer OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 24

Solution based on interceptors● Different level of interceptors ● Enabling/disabling on demand● EJB 3 ● Invocation (Business service calls) ● Lifecycle (Start/Stop)● HTTP requests ● Servlet filter● JNDI access ● Each call on the context returned by the command new InitialContext() »: lookup, bind, etc. OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 25

Architecture of the Audit System EasyBeansTomcat JOnAS Admin (Audit module) JNDI JMX Audit log Notifications Audit System JASMINe Jconsole / JMX Client OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 26

Collected data [1/2]● EJB3 ● Invocation – Beans name – Identity (name + roles) – Called method ● @Local ● @Remote ● OnMessage – Size of method parameters – Result – Elapsed time in the method – Exceptions OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 27

Collected data [2/2]● HTTP ● URL ● Encoding ● Client (protocol,host, port) ● SessionId ● Query ● Status HTTP● JNDI ● Method that is called on the InitialContext – bind, lookup, ... – Parameters (if any) ● Elapsed time OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 28

Traceability / Logger● Client of Audit MBeans ● Collecting data ● Storage in a log file ● Human readable format [10/03/04 22:05:35] class org.ow2.util.auditreport.impl.InvocationAuditReport requestStart = 1267736735591573000 requestStop = 1267736735591630000 requestDuration = 0.057 Elapsed time businessMethod = getCalculator@Local BeanName = Calculator Called method target = /easybeans/audit-sample.ear/audit-sample-ejb.jar/SessionFacade/getCalculator@Local paramSize = 5 returnSize = 0 freeMemoryBefore = 25623392 totalMemoryBefore = 64126976 freeMemoryAfter = 25617704 totalMemoryAfter = 64126976 sweepMarkTime = 873 scavengeTime = 5170 user = ANONYMOUS Identity roles = [JOnAS] requestTimeStamp = 1267736735580 methodStackTrace = [java.lang.Thread.getStackTrace(Thread.java:1409) - ..... ] methodParameters = null Parameters OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 29

Screenshot of the tool OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 30

Screenshot of a methods graph OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 31

Advanced mode● Tracking a request on several servers● Tracking asynchronous calls ● Sending to JMS queue / Receiving from a JMS queue ID JMS EJB ID ID Servlet Server 2 Server 1 MDB ID EJB Server 3 Collecting Events Server 4 OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 32

DemonstrationOW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 33

Demo● Goal of the demonstration ● Enhancing the performances of an application – Discovering problems – Solving problems – Checking this with the audit console ● Traceability of calls in an application OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 34

ConclusionOW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 35

Conclusion [1/2]● Preventing performance problems → Secure a project● Tools can be used in designing/integrating/production ● In production, an other Java EE server may be used● Tool bundled with JOnAS ● Key feature comparing to other Java EE servers ● Ready to use ● Open Source / LGPL ● Integrated in JOnAS 5.2 OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 36

Conclusion: whats next ? [2/2]● Supervising OSGi service ● Available OSGi services ● Links between components/services ● …● Supervising JPA ● Life cycle of “Entities”● Other metrics ● SQL request – Number of requests – Elapsed time of requests● ... OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 37

Q&AFlorent Benoit, BULL/OW2 [ @florentbenoit ] OW2 Annual Conference 2010, November 24-25, La Cantine, Paris. www.ow2.org. # 38

Secure your Java EE projects by using JOnAS Java EE server audit & diagnostic tools

by Florent BENOIT on Nov 26, 2010

Accessibility

Categories

Tags

Upload Details

Usage Rights

Statistics

Secure your Java EE projects by using JOnAS Java EE server audit & diagnostic tools — Presentation Transcript