Can alternatedocroot property be defined in Payara/GlassFish server? - jsf

I am using Payara Server, Community Edition, and wish to define an alternatedocroot property so as to serve a web page defined outside my application. I can make this work by adding a property to glassfish-web.xml, such as:
<property name="alternatedocroot_1" value="from=/tutorials/* dir=C:\srv\ExtSTAR"/>
However, I'm running into an issue because while my application is developed under Windows, it is deployed to Linux, so I need a different path for the value of the "dir" attribute depending on whether I'm trying to run the application in my development environment or build it for deployment. My hope is that instead of defining the property in my application, I could instead add it to the server configuration. However, while I did see a hint somewhere that that could be done, I have been unable to make it happen. Is this possible to do, and if not, is there any alternative strategy available that would let me accommodate both my development and deployment environments without having to remember to change the configuration when that's necessary?
EDIT: There is actually documentation here that indicates this can be done, but I am still unable to make it work this way.

I answered my own question on the accident of having to rebuild my environment due to a disk crash. Under Linux, I use the following definition for the alternatedocroot_1 property:
<property name="alternatedocroot_1" value="from=/tutorials/* dir=/srv/ExtSTAR"/>
Upon trying to run the application under Windows, that would fail because that directory cannot be found. The error in server.log told me it was looking for the /srv/ExtSTAR directory within the domain directory. So all I needed to do was create that directory structure within the domain directory and voila, no errors when I run in my development environment.

Related

How to setup IIS Express from a script the way Visual Studio does it?

When we configure a web application to run in IIS Express there are certain things VS does, like:
Creating the application host configuration file in the IISExpress subfolder of the user documents folder.
Creating a dedicated site section for each web application in the solution, including ours.
Maybe more things are done, which I am unaware of.
I would like to replicate the same process from a script, so that running the web application from the script would be equivalent to running it from VS. Including for the very first time.
Right now I start IISExpress with the /port and /path flags, because this is how I used to run Cassini. However, Cassini supported an additional flag - /vpath. They removed it from IISExpress, meaning I have to use another set of flags - /config, /site, /siteid. But I suspect it must be done in conjunction with the Appcmd.exe utility.
This second approach is still something I haven't managed to master. So, my question is this - suppose I am given the port, path and vpath of a web application (i.e. no need to read them from the web application's csproj file, like VS does). What command sets up the right application host configuration file and how do I run IISExpress to take advantage of it?

How can I test whether jmx-console.war is being used in JBoss 4.2.2?

There is a file within the .\jboss-4.2.2.GA\server\default\deploy folder, named "jmx-console.war". I am getting a security vulnerability dealing with this module. How can I tell if our application is using this module. I implemented an open source tool, but I'm not sure how to test whether it's being used.
Nessus vulnerability of High Severity:
JBoss JMX Console Unrestricted Access
http://www.tenable.com/plugins/index.php?view=single&id=23842
If you see that war file in the deploy folder, then most likely your application is using it. That is to say, it is most likely being loaded. It should be fairly easy to test for, assuming you know the HTTP port the JBoss instance is listening on. By default, it is 8080 so point your browser to http://[your jboss host]:8080/jmx-console and see if the console comes up, keeping in mind that it might be password protected, and your HTTP port might not be 8080.
You should also see something like this in the server.log or configured equivalent:
11:52:30,165 INFO main [TomcatDeployer] deploy, ctxPath=/jmx-console,
warUrl=.../deploy/jmx-console.war/
Having said that, there's a couple of ways I can think of that would indicate or cause the jmx-console to not be deployed:
The folder you referenced is in the default server directory. This is only one instance out of 3 (default, all, minimal) and you may be running one of the others, or even a custom configured server. That is to say, if you were running the minimal server instance, or one that did not contain the jmx-console.war, then the presence of that file in the default server's deploy directory would not cause it to be deployed in another server's instance. (that all sounds more complicated than it really is)
War files in the deploy directory depend on another directory called jboss-web.deployer which actually deploys war files. If that directory is not there, my guess is that war deployment has been disabled. Highly unlikely though, as there are easier ways of doing this, and if someone went to the trouble of removing this folder, they probably would have removed the wars too.
Bottom line is, the easiest way would be to find the http port, then hit the jmx-console URL and see if it responds, or check the log file. It is conceivable that someone could rename jmx-console.war to something else (in an ill-conceived attempt to hide it perhaps ?) in which case, you would need to execute a battery of http request scans and try and find a jmx-console signature, but that's out of my (otherwise quite large...) area of expertise.

VS2012 Web Deploy Package to create application pool

I have a web application project in VS2012 which I'm publishing using a "Web Deploy Package". I want this package to include app-pool settings, specifically creating an IIS app-pool and assigning the newly created application to it.
I'm familiar with the option "Include application pool settings used by this Web project" available when the project is configured to use an IIS instance (not IIS Express), but IIS configuration is not part of the project file, and thus not source controlled. What happens when somebody builds a deployment package on a machine that hasn't had IIS meticulously configured? Not ideal.
How else then, can I go about getting AppPool settings into my web deploy package? I understand that the appPoolConfig provider is IIS7+ only, I'm fine with that limitation. I've banged my head against this issue in the past and never found a solution. 18 months later, we've got a new VisualStudio version, and a new web-publishing-pipeline, are there new options to address this? Or maybe something I missed when I first tackled this problem?
Edit
OK, I'm seeing the following as options:
Configure my project to sync settings from an IIS instance. As mentioned, I'm not a fan of this given that it puts settings outside of the project, meaning the environment has to be meticulously configured to build + publish. Plus it drags along other IIS settings I don't want included.
Inject something into the web-publishing-pipeline (WPP) to modify the archive.xml. I've toyed with this in the past and had limited success. One problem is the pipeline isn't exactly co-operative with working directly on the archive.xml file, another problem is some of the more cryptic attributes involved, like MSDeploy.MSDeployProviderOptions which appears to have some Base64 encoded binary? No idea what to put in there.
Find an existing "provider" that can do what I want. I might be out of luck here, the appPoolConfig provider only seems to want to read / write IIS, not, say, an XML file of settings. Does anybody know otherwise?
Write my own "provider" to produce manifest output entries. I'm not sure, is it possible to write a custom provider that writes to a manifest using the name of an existing provider? As in, MyCustomPoolProvider writes appPoolConfig sections into a manifest? This sounds like a potentially painful exercise that may or may not work. Would I still need to figure out the encoding of whatever is going into MSDeploy.MSDeployProviderOptions?
I get the feeling that the fundamental obstacle with Web Deploy for what I'm trying to accomplish, is how strictly it leans on "providers". The pre-existing providers are largely designed for IIS synchronisation, not primary development and publication. It so happens that some of these providers can be relatively easily hooked into via MSBuild, but the majority insist on pulling data from IIS, and that's that.
You are correct in your understanding of the appPoolConfig provider, in that it can only sync between App Pools and can't be provided with the configuration directly. What you could potentially do is keep a copy of the appPool in question in package form (ie. msdeploy -verb:sync -source:appPoolConfig=PoolName -dest:package=apppool.zip) and attempt to hijack the pipeline so that the MSDeploy call adds the application content into the package, leaving the existing content there.
Alternatively, you could always keep the packages separate and deploy them with different calls to MSDeploy.
FYI, MSDeploy.MSDeployProviderOptions is simply an encoded version of the parameters supplied to the provider when it was packaged. For example, -source:dirPath=c:\,ignoreErrors=0x10293847 -dest:package=package.zip would package the ignoreErrors value.

Getting the full local path of a file in a site node in a webrole within a startup cmd file?

It's been several hours lost now, i just don't get it.
Situation :
- Migrating an ASP.net app to Azure
- IMPORTANT : This is a webrole with several websites, all websites are compiled in a folder "azure.builds" so my sites bindings are like
physicalDirectory="..\azure.builds\www.mywebsite.com"
physicalDirectory="..\azure.builds\cb.mywebsite.com"
and so on
I have a cmd script that works great on my dev machine, which set permission on IIS to execute on an exe file (it has to be called by an html form).
Here is my local code startup.cmd which works against my local IIS :
%windir%\system32\inetsrv\appcmd set config /section:system.webServer/handlers /+"[name='MY_GCI', path='.exe',verb='',modules='CgiModule', scriptProcessor='c:\websites\myproject\azure.builds\cb.mywebsite.com\cgi-bin\mymodule.exe',resourceType='Either']"
On my html form the file is called via action "http://cb.mywebsite.com/cgi-bin/mymodule.exe" and guess what it works.
But in my migration to Azure it doesn't, i'm unable to set permission to this particular file. The problem is i can't figure the full complete path to the EXE files as the example above show.
I tried this (%ROLEROOT%) :
%windir%\system32\inetsrv\appcmd set config /section:system.webServer/handlers /+"[name='MY_GCI', path='.exe',verb='',modules='CgiModule', scriptProcessor='%ROLEROOT%\azure.build\cb.mywebsite.com\cgi-bin\mymodule.exe',resourceType='Either']"
Does not work.
I studied several example involving similar CGI setup (such running PHP) but the difficulty is that the EXE module have to be exposed on http://cb.mywebsite.com/cgi-bin/mymodule.exe wich is not even the main root webiste on my azure webrole, so this is not exactly the same.
Sorry if it is not very clear to understand, let say in short : how to find the full local path of a particular file in a particular site node in a webrole within a startup cmd file ?
It appears you have this value outside of Azure:
scriptProcessor='c:\websites\myproject\azure.builds\cb.mywebsite.com\cgi-bin\mymodule.exe
Now you want the equivalent within Azure. The key for doing this is to use the ROLEROOT environment variable.
It appears you have considered ROLEROOT already, but perhaps there is a little bit off in mapping into your directory structure. I suggest you RDP into the Azure instance and get oriented (look at e:\approot for starters, but you are not guaranteed to always be there, thus the need for using ROLEROOT). RDP: http://msdn.microsoft.com/en-us/library/windowsazure/gg443832.aspx
If your real problem has to do with "...the difficulty is that the EXE module have to be exposed on http://cb.mywebsite.com/cgi-bin/mymodule.exe wich is not even the main root webiste on my azure webrole, so this is not exactly the same." then I am not sure I can help as I am unsure of issue you are describing. But one idea: RDP in (as mentioned above) and try to execute the CGI script by hand in Azure and see how that goes. If that doesn't work, you may have a path or permission problem. If it does work, you still may have a problem related to permissions (since the RDP account will have more power than your default IIS user).
A couple of other things to try: Ensure your Azure Web Role is running with elevated permissions by using the following setting in ServiceDefinition.csdef:
<WebRole name="WebHost">
<Runtime executionContext="elevated"/>
...
And also consider running your startup task elevated, also via ServiceDefinition.csdef:
<Startup>
<Task commandLine="startup.cmd" executionContext="elevated" />
</Startup>
And, finally, some StartUp Task debugging tips:
http://blog.smarx.com/posts/windows-azure-startup-tasks-tips-tricks-and-gotchas

Is Sharepoint local bin deployment possible?

I’ve inherited a SharePoint solution where all the projects have strong names and are deployed to the GAC.
I find that its difficult working with projects that are signed, it slows down development, testing and makes debugging difficult.
So, is it possible that SharePoint projects, WebParts, Codebehinds etc be deployed to the local bin instead of the GAC? Is it considered bad practice to deploy to the local bin?
It is always recommanded to use the Bin directory over to GAC, for all the WebParts & Code Behinds. As that will restrict the Trust given to the code, GAC provides full trust to the code.
After deploying to the bin you can gain the required permission using CAS.
I recommend you to read the chapter Application Security of Inside Windows SharePoint Services 3.0 Book
Note: You will have to deploy your code Feature Handler, Timer Job etc to the GAC
By default, SharePoint Web applications are only allowed to run with a very restrictive trust level of WSS_Minimal. If we want to have our Web Part deployed to the bin folder, then in order for it to run we must do one of two things: either set the trust level to WSS_Medium or WSS_Full in the web.config, or create a custom CAS policy that will allow this assembly's managed code to run. In a production environment, you will need to make an informed decision on this yourself.
I would use the GAC for local development and testing and use the bin in production.
To debug locally, check the following in your config file:
customErrors=off
Enable Stack Traces by adding CallStack=”true” to the SafeMode tag
Set the compilation debug attribute to "true"

Resources