Chapter 2. The JBoss Server - A Quick Tour

2.1. Server Structure

Now that you’ve downloaded JBoss and have run the server for the first time, the next thing you will want to know is how the installation is laid out and what goes where. At first glance there seems to be a lot of stuff in there, and it’s not obvious what you need to look at and what you can safely ignore for the time being. To remedy that, we’ll explore the server directory structure, locations of the key configuration files, log files, deployment and so on. It’s worth familiarizing yourself with the layout at this stage as it will help you understand the JBoss service architecture so that you’ll be able to find your way around when it comes to deploying your own applications.

2.1.1. Main Directories

The binary distribution unpacks into a top-level jboss-4.0.2 directory. There are four sub-directories immediately below this:

  • bin: contains startup and shutdown and other system-specific scripts. We’ve already seen the run script which starts JBoss.

  • client: stores configuration and JAR files which may be needed by a Java client application or an external web container. You can select archives as required or use jbossall-client.jar.

  • docs: contains the XML DTDs used in JBoss for reference (these are also a useful source of documentation on JBoss configuration specifics). There are also example JCA (Java Connector Architecture) configuration files for setting up datasources for different databases (such as MySQL, Oracle, Postgres).

  • lib: JAR files which are needed to run the JBoss microkernel. You should never add any of your own JAR files here.

  • server: each of the subdirectories in here is a different server configuration. The configuration is selected by passing -c <config-name> to the run script. We’ll look at the standard server configurations next.

JBoss Directory Structure

Figure 2.1. JBoss Directory Structure

2.1.2. Server Configurations

Fundamentally, the JBoss architecture consists of the JMX MBean server, the microkernel, and a set of pluggable component services, the MBeans. This makes it easy to assemble different configurations and gives you the flexibility to tailor them to meet your requirements. You don’t have to run a large, monolithic server all the time; you can remove the components you don’t need (which can also reduce the server startup time considerably) and you can also integrate additional services into JBoss by writing your own MBeans. You certainly don’t need to do this to be able to run standard J2EE applications though. Everything you need is already there. You don’t need a detailed understanding of JMX to use JBoss, but it’s worth keeping a picture of this basic architecture in mind as it is central to the way JBoss works.

Within the server directory, there are three example server configurations: all, default and minimal, each of which provides a different set of services. Not surprisingly, the default configuration is the one used if you don’t specify another one when starting up the server, so that’s the one we were running in the previous chapter. The configurations are explained below.

  • minimal: The minimal configuration contains the bare minimum services required to start JBoss. It starts the logging service, a JNDI server and a URL deployment scanner to find new deployments. This is what you would use if you want to use JMX/JBoss to start your own services without any other J2EE technologies. This is just the bare server. There is no web container, no EJB or JMS support.

  • default: The default configuration consists of the standard services needed by most J2EE applications. It does not include the JAXR service, the IIOP service, or any of the clustering services.

  • all: The all configuration starts all the available services. This includes the RMI/IIOP and clustering services, which aren’t loaded in the default configuration.

You can add your own configurations too. The best way to do this is to copy an existing one that is closest to your needs and modify the contents. For example, if you weren’t interested in using messaging, you could copy the default directory, renaming it as myconfig, remove the jms subdirectory and then start JBoss with the new configuration.

run -c myconfig

The directory server configuration you’re using, is effectively the server root while JBoss is running. It contains all the code and configuration information for the services provided by the particular configuration. It’s where the log output goes, and it’s where you deploy your applications. Let’s take a look at the contents of the default server configuration directory. If you haven’t tried running the server yet, then do so now, as a few of the sub-directories are only created when JBoss starts for the first time.

  • conf: This directory contains the jboss-service.xml file which specifies the core services. Also used for additional configuration files for these services.

  • data: This directory holds persistent data for services intended to survive a server restart. Serveral JBoss services, such as the embedded Hypersonic database instance, store data there.

  • deploy: The deploy directory contains the hot-deployable services (those which can be added to or removed from the running server) and applications for the current server configuration. You deploy your application code by placing application packages (JAR, WAR and EAR files) in the deploy directory. The directory is constantly scanned for updates, and any modified components will be re-deployed automatically. We’ll look at deployment in more detail later.

  • lib: This directory contains JAR files needed by this server configuration. You can add required library files here for JDBC drivers etc.

  • log: This is where the log files are written. JBoss uses the Jakarta log4j package for logging and you can also use it directly in your own applications from within the server.

  • tmp: The tmp directory is used for temporary storage by JBoss services. The deployer, for example, expands application archives in this directory.

  • work: This directory is used by Tomcat for compilation of JSPs.

The data, log, tmp and work directories are created by JBoss and won’t exist until you’ve run the server at least once.

We’ve touched briefly on the issue of hot-deployment of services in JBoss so let’s have a look at a practical example of this before we go on to look at server configuration issues in more detail. Start JBoss if it isn’t already running and take a look in the deploy directory again (make sure you’re looking at the one in the default configuration directory). Remove the mail-service.xml file and watch the output from the server:

13:10:05,235 INFO  [MailService] Mail service 'java:/Mail' removed from JNDI

Then replace the file and watch the JBoss re-install the service. It's hot-deployment in action.

2.2. Basic Configuration Issues

Now that we’ve examined the layout of the JBoss server, we’ll take a look at some of the main configuration files and what they’re used for. All paths are relative to the server configuration directory (server/default, for example).

2.2.1. Core Services

The core services specified in the conf/jboss-service.xml file are started first when the server starts up. If you have a look at this file in an editor you'll see MBeans for various services including logging, security, JNDI (and the JNDIView service that we saw earlier). Try commenting out the entry for the JNDIView service.

   <mbean code="org.jboss.naming.JNDIView"

If you then restart JBoss, you’ll see that the JNDIView service no longer appears in the management console listing. In practice, you should rarely, if ever, need to modify this file, though there is nothing to stop you adding extra MBean entries in here if you want to. The alternative is to use a separate file in the deploy directory, which allows your service to be hot deployable.

2.2.2. Logging Service

We mentioned already that log4j is used for logging. If you're not familiar with the log4j package and would like to use it in your applications, you can read more about it at the Jakarta web site. ( Logging is controlled from a central conf/log4j.xmlfile. This file defines a set of appenders, specifying the log files, what categories of messages should go there, the message format and the level of filtering. By default, JBoss produces output to both the console and a log file (server.log in the log directory).

There are 4 basic log levels used: DEBUG, INFO, WARN and ERROR. The logging threshold on the console is INFO, which means that you will see informational messages, warning messages and error messages on the console but not general debug messages. In contrast, there is no threshold set for the server.log file, so all generated logging messages will be logged there. If things are going wrong and there doesn’t seem to be any useful information in the console, always check the log file to see if there are any debug messages which might help you track down the problem. However, be aware that just because the logging threshold allows debug messages to be displayed, that doesn't mean that all of JBoss will produce detailed debug information for the log file. You will also have to boost the logging limits set for individual categories. Take the following category for example.

<!-- Limit JBoss categories to INFO --> 
<category name="org.jboss"> 
    <priority value="INFO"/> 

This limits the level of logging to INFO for all JBoss classes, apart from those which have more specific overrides provided. If you were to change this to DEBUG, it would produce much more detailed logging output.

As another example, let’s say you wanted to set the output from the container-managed persistence engine to DEBUG level and to redirect it to a separate file, cmp.log, in order to analyze the generated SQL commands. You would add the following code to the log4j.xml file:

<appender name="CMP" class="org.jboss.logging.appender.RollingFileAppender"> 
    <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> 
    <param name="File" value="${jboss.server.home.dir}/log/cmp.log"/> 
    <param name="Append" value="false"/> 
    <param name="MaxFileSize" value="500KB"/> 
    <param name="MaxBackupIndex" value="1"/> 
    <layout class="org.apache.log4j.PatternLayout"> 
        <param name="ConversionPattern" value="%d %-5p [%c] %m%n"/> 
<category name="org.jboss.ejb.plugins.cmp"> 
    <priority value="DEBUG" /> 
    <appender-ref ref="CMP"/> 

This creates a new file appender and specifies that it should be used by the logger (or category) for the package org.jboss.ejb.plugins.cmp. This will be useful when we come to look at CMP (Chapter 7, Container-Managed Persistence).

The file appender is set up to produce a new log file every day rather than producing a new one every time you restart the server or writing to a single file indefinitely. The current log file is cmp.log. Older files have the date they were written added to the name. You will notice that the log directory also contains HTTP request logs which are produced by the web container.

2.2.3. Security Service

The security domain information is stored in the file login-config.xml as a list of named security domains, each of which specifies a number of JAAS[3] login modules which are used for authentication purposes in that domain. When you want to use security in an application, you specify the name of the domain you want to use in the application’s JBoss-specific deployment descriptors, jboss.xml and/or jboss-web.xml. We'll quickly look at how to do this to secure the JMX Console application that ship with JBoss.

We saw the JMX Console briefly in Section 1.3, “The JMX Console”. Almost every aspect of the JBoss server can be controlled through the JMX Console, so it is important to make sure that, at the very least, the application is password protected. Otherwise, any remote user could completely control your server. To protect it, we will add a security domain to cover the application. This can be done in the jboss-web.xml file for the JMX Console, which can be found in deploy/jmx-console.war/WEB-INF/ directory. Uncomment the security-domain in that file, as shown below.


This links the security domain to the web application, but it doesn't tell the web application what security policy to enforce. What URLs are we trying to protect, and who is allowed to access them? To configure this, go to the web.xml file in the same directory and uncomment the security-constraint that is already there. This security constraint will require a valid user name and password for a user in the JBossAdmin group.

   A security constraint that restricts access to the HTML JMX console
   to users with the role JBossAdmin. Edit the roles to what you want and
   uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
   secured access to the HTML JMX console.
            An example security config that only allows users with the
            role JBossAdmin to access the HTML JMX console web application

That's great, but where do the user names and passwords come from? They come from the jmx-console security domain we linked the application to. We've provided the configuration for this in the conf/login-config.xml.

<application-policy name="jmx-console">
        <login-module code=""
            <module-option name="usersProperties">
            <module-option name="rolesProperties">

This configuration uses a simple file based security policy. The configuration files are found in the conf/props directory of your server configuration. The usernames and passwords are stored in in the directory and take the form "username=password". To assign a user to the JBossAdmin group add "username=JBossAdmin" to the file. The existing file creates an admin user with the password admin. You'll want to remove that user or change the password to something stronger.

JBoss will re-deploy the JMX Console whenever you update its web.xml. You can check the server console to verify that JBoss has seen your changes. If you've configured everything correctly and re-deployed the application, the next time you try to access the JMX Console, JBoss will ask you for a name and password.

The JMX Console isn't the only web based management interface to JBoss. There is also the Web Console. Although it's a Java applet, the corresponding web application can be secured in the same way as the JMX Console. The Web Console is in deploy/management/web-console.war. The only difference is that the Web Console is provided as a simple WAR file instead of using the exploded directory structure that the JMX Console did. The only real difference between the two is that editing the files inside the WAR file is a bit more cumbersome.

2.2.4. Additional Services

The non-core, hot-deployable services are added to the deploy directory. They can be either XML descriptor files, *-service.xml, or JBoss Service Archive (SAR) files. SARs contain both the XML descriptor and additional resources the service requires (e.g. classes, library JAR files or other archives), all packaged up a single archive.

Detailed information on all these services can be found in the JBoss 4 Application Server Guide, which also provides comprehensive information on server internals and the implementation of services such as JTA and the J2EE Connector Architecture (JCA).

2.3. The Web Container - Tomcat

JBoss now comes with Tomcat 5.5 as the default web container. The embedded Tomcat service is the expanded SAR jbossweb-tomcat55.sar in the deploy directory. All the necessary jar files needed by Tomcat can be found in there, as well as a web.xml file which provides a default configuration set for web applications. If you are already familiar with configuring Tomcat, have a look at the server.xml, which contains a subset of the standard Tomcat format configuration information. As it stands, this includes setting up the HTTP connector on the default port 8080, an AJP connector on port 8009 (can be used if you want to connect via a web server such as Apache) and an example of how to configure an SSL connector (commented out by default).

You shouldn’t need to modify any of this other than for advanced use. If you’ve used Tomcat before as a stand-alone server you should be aware that things are a bit different when using the embedded service. JBoss is in charge and you shouldn’t need to access the Tomcat directory at all. Web applications are deployed by putting them in the JBoss deploy directory and logging output from Tomcat can be found in the JBoss log directory.

[3] The Java Authentication and Authorization Service. JBoss uses JAAS to provide pluggable authentication modules. You can use the ones that are provided or write your own if have more specific requirements.