Administrator's introduction to JRun

JRun administrators must understand the following JRun and J2EE fundamentals:

File and directory locations The names, locations, and purposes of important JRun files and directories. For more information, see "Important JRun files and directories".
Ports The names, ranges, and usage for the ports used by a JRun server. For more information, see "JRun ports".
Starting and stopping the server The platform-specific methods provided for starting and stopping a JRun server. For more information, see "Starting and stopping JRun".
J2EE resources How JRun interacts with J2EE resources, such as JDBC, JavaMail, and JMS. For more information, see "J2EE resources".
Creating a production environment How to configure JRun for a production environment. For more information, see "Creating a production environment".

Important JRun files and directories

To administer JRun effectively, you must know the usage and purpose of certain important files and locations. The following table describes the name, location, and purpose of files and directories typically used by an administrator:

File or directory

Description

jrun_root/bin/jrun.exe (Microsoft� Windows�)

jrun_root/bin/jrun (UNIX�)

Contains the executable file used to start a JRun server or the JRun launcher.

jrun_root/bin/jvm.config

Contains JVM configuration information, including Java home, JVM arguments, and classpath.

jrun_root/lib/jrun.jar

Contains all libraries required for JRun, including JRun libraries, J2EE libraries, and other utility libraries used by JRun.

SERVER-INF

Contains configuration files for a JRun server, including the files listed in the remainder of this table. This directory is located under the jrun_root/servers/jrun_server directory.

SERVER-INF/jrun.xml

Contains all service definitions and settings for a JRun server.

SERVER-INF/jrun-resources.xml

Contains definitions of J2EE resources, such as JMS destinations, JMS connection factories, JDBC data sources, and JavaMail sessions.

SERVER-INF/jrun-jms.xml

Contains configuration information for the built-in JRun JMS provider.

SERVER-INF/jrun-dtd-mappings.xml

Specifies a mapping between an XML DOCTYPE public ID and a physical DTD file. Normally, DTD files are resolved over a connection to a remote server; specifying a mapping allows the DTD file to be read locally. The DTD files are located in the META-INF directory of the jrun.jar file.

SERVER-INF/jrun-users.xml

Contains user and role definitions for the default JRun security mechanism.

SERVER-INF/jndi.properties

Specifies a JRun server's JNDI and ORB ports. The JNDI port is an important value that remote clients and servers use to initiate communications with a JRun server.

SERVER-INF/default-web.xml

Contains default values for each web application's web.xml file. This file includes definitions and mappings for global servlets, used internally by JRun.

SERVER-INF/auth.config

Specifies the login modules used for authentication and authorization.

jrun_root/lib

Contains JAR files used by JRun, including jrun.jar.

jrun_root/servers/lib

Contains JAR files used by all JRun servers. This is the recommended location for the JAR files for JDBC drivers.

SERVER-INF/classes

Contains compiled Java classes used by all applications on a JRun server.

SERVER-INF/lib

Contains JAR files used by all applications on a JRun server.

WEB-INF/classes

Contains servlet class files for a web application. If the web application's jrun-web.xml file sets the reload element to true, JRun automatically reloads servlets, servlet helper classes, JSP, and JSP helper classes when a modified file is saved.

WEB-INF/lib

Contains JAR files used by a web application. If the web application's jrun-web.xml file sets the reload element to true, JRun automatically reloads classes when a modified JAR file is saved.

jrun_root/docs/dochome.htm

Home page for online JRun documentation.

File or directory	Description
jrun_root/bin/jrun.exe (Microsoft� Windows�) jrun_root/bin/jrun (UNIX�)	Contains the executable file used to start a JRun server or the JRun launcher.
jrun_root/bin/jvm.config	Contains JVM configuration information, including Java home, JVM arguments, and classpath.
jrun_root/lib/jrun.jar	Contains all libraries required for JRun, including JRun libraries, J2EE libraries, and other utility libraries used by JRun.
SERVER-INF	Contains configuration files for a JRun server, including the files listed in the remainder of this table. This directory is located under the jrun_root/servers/jrun_server directory.
SERVER-INF/jrun.xml	Contains all service definitions and settings for a JRun server.
SERVER-INF/jrun-resources.xml	Contains definitions of J2EE resources, such as JMS destinations, JMS connection factories, JDBC data sources, and JavaMail sessions.
SERVER-INF/jrun-jms.xml	Contains configuration information for the built-in JRun JMS provider.
SERVER-INF/jrun-dtd-mappings.xml	Specifies a mapping between an XML DOCTYPE public ID and a physical DTD file. Normally, DTD files are resolved over a connection to a remote server; specifying a mapping allows the DTD file to be read locally. The DTD files are located in the META-INF directory of the jrun.jar file.
SERVER-INF/jrun-users.xml	Contains user and role definitions for the default JRun security mechanism.
SERVER-INF/jndi.properties	Specifies a JRun server's JNDI and ORB ports. The JNDI port is an important value that remote clients and servers use to initiate communications with a JRun server.
SERVER-INF/default-web.xml	Contains default values for each web application's web.xml file. This file includes definitions and mappings for global servlets, used internally by JRun.
SERVER-INF/auth.config	Specifies the login modules used for authentication and authorization.
jrun_root/lib	Contains JAR files used by JRun, including jrun.jar.
jrun_root/servers/lib	Contains JAR files used by all JRun servers. This is the recommended location for the JAR files for JDBC drivers.
SERVER-INF/classes	Contains compiled Java classes used by all applications on a JRun server.
SERVER-INF/lib	Contains JAR files used by all applications on a JRun server.
WEB-INF/classes	Contains servlet class files for a web application. If the web application's jrun-web.xml file sets the `reload` element to true, JRun automatically reloads servlets, servlet helper classes, JSP, and JSP helper classes when a modified file is saved.
WEB-INF/lib	Contains JAR files used by a web application. If the web application's jrun-web.xml file sets the `reload` element to true, JRun automatically reloads classes when a modified JAR file is saved.
jrun_root/docs/dochome.htm	Home page for online JRun documentation.

JRun ports

There are a number of ports used by JRun servers and you must be aware of their settings and uses when administering JRun. This is especially important when adding new JRun servers.

These ports must be unique for each JRun server, as follows:

JRun Web server (JWS) port JRun uses this port to listen for incoming HTTP requests. You specify this port in the JRun server's jrun.xml file.
RMI broker port JRun uses this port to handle remote communications (remote EJB, remote JDBC, remote services, remote user transactions, and so on). You specify this port in the JRun server's jrun.xml file. By default JRun servers use port 0, which causes JRun to choose a random port.
If necessary, individual EJBs can get their own RMI broker, for example, to use special socket factories (EJB over SSL), or to better distribute the remote invocation load. You configure individual RMI brokers in the jrun-ejb-jar.xml file. If an RMI broker is not specified in jrun-ejb-jar.xml, JRun uses the global shared RMI broker. All RMI brokers are clusterable.
SSL service port The JWS uses this port for SSL traffic.
Web server connector port The web server connector uses this port, also called the JRun control port (JCP), to pass incoming HTTP requests to JRun.
JMS port JRun uses this port when RMI is used as the transport mechanism for the default JMS provider. You specify this port in the JRun server's jrun-jms.xml file. By default JRun servers use port 0, which causes JRun to choose a random port.
JNDI naming server port JRun uses this port to pass a Context stub to the client. Remote clients name this port in the Context.PROVIDER_URL property, which is passed to the InitialContext constructor when initiating remote communications for EJB, JMS, JRun services, and so on. (Local clients can use an empty InitialContext constructor.) You define this port in the JRun server's jndi.properties file.
JNDI RMI port After the client acquires a Context stub through the JNDI naming server port, JRun uses the JNDI RMI port for all remote communications. You specify this port in the JRun server's jndi.properties file. By default JRun servers use port 0, which causes JRun to choose a random port.
JNDI ORB port JRun uses this port when you enable CORBA federations. This is the port on which the CORBA Naming Service (COSNaming) listens. You specify this port in the JRun server's jndi.properties file.

The following figure shows how clients interact with commonly used JRun ports:

shows how clients interact with commonly used JRun ports

When you add JRun servers, you should be aware of existing port settings and ensure that unused ports are assigned.

Starting and stopping JRun

You can start and stop JRun using the following techniques:

JRun server control panel
Command line

Note: You can also start and stop JRun using the JMC. However, that is not typically used in a production environment.

These techniques are explained in the following sections.

Using the launcher

The JRun server control panel, also called the launcher, is a Java Swing application that you can use to start, restart, and stop JRun servers. You execute the launcher by running the jrun.exe file (Windows) or the jrun executable (UNIX), both of which are in the jrun_root/bin directory. The launcher contains buttons to start, restart, and stop JRun servers.

The list of servers displayed in the launcher is controlled by the jrun_root/lib/servers.xml file. When you create a server in the JMC, JRun automatically adds the server to the servers.xml file. You can also edit this file in a text editor, if necessary, specifying the following attributes:

server Wraps the name and directory elements.
name Specifies the server name.
directory Specifies the JRun server's root directory.

The following code shows the default servers.xml file:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE servers PUBLIC "-//Macromedia, Inc.//DTD servers 4.0//EN"
"http://jrun.macromedia.com/dtds/servers.dtd">
<servers>
  <server>
    <name>default</name>
    <directory>{jrun.home}/servers/default</directory>
  </server>
  <server>
    <name>samples</name>
    <directory>{jrun.home}/servers/samples</directory>
  </server>
  <server>
    <name>admin</name>
    <directory>{jrun.home}/servers/admin</directory>
  </server>
</servers>

The JVM Settings panel of the JMC lets you make additional startup specifications for a JRun server, including classpath, JNI settings, and VM size.

Using the command line

You can start JRun using the jrun.exe and jrun shell script command-line utilities. Use the following syntax:

jrun {options} {server-name}

The following table describes the options:

Option

Description

-start

Starts JRun.

-stop

Stops JRun.

-restart

Restarts JRun.

-status

Displays status information for all JRun servers or for a specified JRun server.

-nohup (UNIX only)

Starts JRun in a separate process.

-version

Displays the JRun version number (primarily for OEM use).

-build

Displays the JRun build number (primarily for OEM use).

-info

Displays additional information (primarily for OEM use).

Option	Description
-start	Starts JRun.
-stop	Stops JRun.
-restart	Restarts JRun.
-status	Displays status information for all JRun servers or for a specified JRun server.
-nohup (UNIX only)	Starts JRun in a separate process.
-version	Displays the JRun version number (primarily for OEM use).
-build	Displays the JRun build number (primarily for OEM use).
-info	Displays additional information (primarily for OEM use).

J2EE resources

J2EE applications interact with a variety of external systems, called resources. Typical external resources include the following:

Databases Accessed using JDBC
Mail Accessed using JavaMail
Legacy systems Accessed using the J2EE Connector Architecture (JCA)
Messaging systems Accessed using JMS

For complete information on administering resources, see Chapter 5, "Resources".

Creating a production environment

In the application development and testing phases, security, performance and other production considerations are low priorities. However, as the JRun administrator, it is your responsibility that is the production environment and production servers must perform optimally and securely.

The following table describes steps that you can take when moving a JRun server to production:

Action

Description

Disable JWS

If your application uses the web server connector, disable the JRun web server (JWS). For more information, see "WebService".

Create servlet mappings

Disable the /servlet mapping in the SERVER-INF/default-web.xml file. Create servlets and servlet mappings in the web.xml file. For more information, see JRun Programmer's Guide.

Disable hot deploy

Macromedia strongly recommends that you disable hot deploy in a production environment. For more information, see "DeployerService".

Remove FileServlet mapping for /

If your application consists solely of servlets and JSPs, disable the FileServlet servlet mapping for / in the SERVER-INF/default-web.xml file.

Disable web services

If your application does not use web services, disable the AxisServlet mappings in the SERVER-INF/default-web.xml file.

Disable JSP translation

If you have precompiled all JSPs in the application, set the translationDisabled attribute to true in the SERVER-INF/default-web.xml file. For more information, see JRun Assembly and Deployment Guide.

Disable automatic compilation

Set the jrun-web.xml reload and compile elements to false. For more information, see JRun Assembly and Deployment Guide.

Control web server access

Ensure that the interface attribute of the ProxyService is set to the IP address of the production web server. For more information, see "Simple distributed installation".

Encrypt passwords

If your application is using the JRun default security implementation, ensure that passwords in the SERVER-INF/jrun-users.xml file are encrypted. For more information, see "Encryption".

Disable directory browsing

Disable web browser directory browsing by setting the browseDirs parameter to false for FileServlet in the SERVER-INF/default-web.xml file.

Remove samples server

Ensure that the samples JRun server is not deployed. This is not a security risk but it does eliminate the possibility of outside users wasting resources while accessing the samples applications.

Remove documentation

Remove the jrun_root/docs directory. This is not a security risk but it does eliminate the possibility of outside users wasting resources while accessing the documentation.

Action	Description
Disable JWS	If your application uses the web server connector, disable the JRun web server (JWS). For more information, see "WebService".
Create servlet mappings	Disable the /servlet mapping in the SERVER-INF/default-web.xml file. Create servlets and servlet mappings in the web.xml file. For more information, see JRun Programmer's Guide.
Disable hot deploy	Macromedia strongly recommends that you disable hot deploy in a production environment. For more information, see "DeployerService".
Remove FileServlet mapping for /	If your application consists solely of servlets and JSPs, disable the FileServlet servlet mapping for / in the SERVER-INF/default-web.xml file.
Disable web services	If your application does not use web services, disable the AxisServlet mappings in the SERVER-INF/default-web.xml file.
Disable JSP translation	If you have precompiled all JSPs in the application, set the translationDisabled attribute to true in the SERVER-INF/default-web.xml file. For more information, see JRun Assembly and Deployment Guide.
Disable automatic compilation	Set the jrun-web.xml reload and compile elements to false. For more information, see JRun Assembly and Deployment Guide.
Control web server access	Ensure that the interface attribute of the ProxyService is set to the IP address of the production web server. For more information, see "Simple distributed installation".
Encrypt passwords	If your application is using the JRun default security implementation, ensure that passwords in the SERVER-INF/jrun-users.xml file are encrypted. For more information, see "Encryption".
Disable directory browsing	Disable web browser directory browsing by setting the browseDirs parameter to false for FileServlet in the SERVER-INF/default-web.xml file.
Remove samples server	Ensure that the samples JRun server is not deployed. This is not a security risk but it does eliminate the possibility of outside users wasting resources while accessing the samples applications.
Remove documentation	Remove the jrun_root/docs directory. This is not a security risk but it does eliminate the possibility of outside users wasting resources while accessing the documentation.

Macromedia continually updates the best practices and recommendations for production deployment. For the latest information on JRun production deployment, see the JRun Support Center (http://www.macromedia.com/support/jrun/).

Comments

danger42 said on Jul 8, 2002 at 4:49 PM :

For information on installing JRun servers as NT Services (Windows only), see http://livedocs.macromedia.com/jrun4docs/Installing_JRun/install5.jsp#1133016

RSS feed | Send me an e-mail when comments are added to this page | Comment Report

Current page: http://livedocs.adobe.com/jrun/4/JRun_Administrators_Guide/adminrole3.htm

JRun Administrator's Guide
The Administrator's Role