Professional Documents
Culture Documents
Ox - oBIX Server 0.2 - User Guide
Ox - oBIX Server 0.2 - User Guide
2 - User Guide
Peter Michalek
V 0.2
Copyright © 2006-2008 Peter Michalek
Table of Contents
1. Preface
2. Introduction
3. Quick Start
4. Architecture of oX Framework
Internal Modules
Push model
Pull model
Supported Internal Modules
External Modules
4.3. Services
Watch Service
Alarm Service
5. Security
5.1. Authentication
5.2. Authorization
5.3. Encryption
5.4. Summary of Security Options
7. Tips
8. Acknowledgements
1. Preface
The Ox is the sign of prosperity through fortitude and hard work. This powerful sign is a born leader, being quite dependable and
possessing an innate ability to achieve great things. ... The Ox works hard, patiently, and methodically, with original intelligence and
reflective thought.
The current implementation of oBIX server provides basic functionality to support the oBIX standard from OASIS. It enables to browse
oBIX objects via GET, set their values via PUT. POST support is provided for watch service, alarm service and feed operations. oBIX
objects with associated URIs can be loaded from resource files or created in the Java code.
oX can be deployed with any modern servlet container. It has been tested with Winstone which is the default container and also with
Tomcat.
Current footprint of a minimal configuration of oX is around 500K and it works with Java 1.4 VM, so it can be deployed on systems with
limited resources.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that this entire copyright notice is
duplicated in all such copies.
This software is provided "as is" and without any expressed or implied warranties, including, without limitation, the implied warranties of
merchantability and fitness for any particular purpose.
2. Introduction
Apache Ant version 1.6 or better. The build scripts use the macrodef task which was introduced in ant 1.6. Any later version should
work, too. You can get it from http://ant.apache.org/
oBIX toolkit: obix.jar is included in the source tree as well as in the binary package.
Winstone 0.9.9 (jars included in the source tree): light-weight servlet container http://sourceforge.net/projects/winstone
Some modules, such as GPS and Lejos, that are part of the source tree use 3rd party jars and libraries. All needed libraries are included in
the source distribution.
Last word and updates may be found in the latest release and on the project web page at http://obix-server.sourceforge.net/
Please refer to README.TXT for detailed information on setup and build documentation. The source for this documentation is in docbook
format and is located in doc/docbook sub folder of the source distribution.
3. Quick Start
To quickly try out a running server, download the binary from http://sourceforge.net/projects/obix-server.
Unzip into a directory and click on winstone-0.9.9.jar from the explorer or run from the command line:
java -jar winstone-0.0.9.jar
You can customize the modules loaded by modifying the configuration file obix-server.properties.
4. Architecture of oX Framework
Note: Javadoc documenting all packages and classes can be generated from the source tree by running
ant javadoc
ant -f build-docbook.xml
At high-level, oX consists of oBIX engine and modules. Horizontal modules provide essential support for oBIX functionality, such as
Watch, Alarm, Feed and History.
ObjBroker is the fundamental manager interface and ObjBrokerImpl a class that implements that interface. It also provides mapping of
Objs to REST end points for GET, PUT, POST, Obj to service mapping and routing and related infrastructure. ObjBroker interface as
facade for Obj management. The implementation ObjBrokerImpl uses WatchManager to manage watches and feeds and
InvocationManager to invoke processing for operations (POST requests).
ObjBroker contains most functionality for loading oBIX object repository, object management and overall interfacing with the obj
repository.
ObjCache is used for caching of Obj's and their mapping and lookup based on Obj hrefs (URIs).
ObixEnv holds system properties and is used to load application behavior such as logging.
ObjProxy interface is used for proxying external objects to oBIX Obj's and is used primarily in the Pull model.
4.2 Modules
oX features a modular design where devices can integrate their state into the oBIX tree via pluggable entities called modules. Modules can
be:
Internal Modules
oX internal modules can work in one of two different modes depending on how they add their Obj's to the oBIX tree and internal cached
repository and how Obj status is updated: the push mode and the pull mode.
In the push model, Obj's can be added at run-time by the module via ObjBroker's addObj function. At a system-defined interval that can be
fine-tuned by the module, watched obj proxies are invoked. ObjBroker will accordingly invoke an 'insert your object' operation on the feed
object. The feed object updates its watch with a new list item.
Push model
In the push model, Obj's can be added at run-time by the module via ObjBroker's addObj function. At a system-defined interval that can be
fine-tuned by the module, watched obj proxies are invoked. ObjBroker will accordingly invoke an 'insert your object' operation on the feed
object. The feed object updates its watch with a new list item.
Pull model
In the pull model, objects already loaded are associated with 'proxy' objects that can be used for dynamic updates and later for integration.
Update notifications are generated by the module, therefore updates don't need any extra processing thread like in the push model. If an obj
has a feed associated with it and its URI is added to a watch, the feed will be notified about changes in any obj's in its span. Feed will then
decide which objs to add to watch.
push-simulator
pull-simulator
lejos
gps
noop
Documentation for the modules is in corresponding README files placed in module/{name} directories in the source distribution
The default binary distribution comes only with the simulator modules included.
External Modules
oX provides experimental support for external modules. They can run on a remote system or out of process on the local system.
This is a typical scenario for an external module interaction with the main oX server:
At load time, register the area of the tree to which this module will add objects and keep updating their state
At execution time, as the Obj's become available, add them to the tree by performing HTTP PUTs
At execution time, as the Obj's status changes, update Obj sub-items by performing HTTP PUTs
oX server takes care of accepting PUTs, creating corresponding Obj's on its tree or updating Obj's attributes if the Obj already exists.
ext-push-simulator
Documentation for the modules is in corresponding README files placed in module/{name} directories in the source distribution.
4.3 Services
Orthogonal to the notion of modules is the notion of services. Services are system facilities that cooperate in overall operation of the oX
system to enable or implement specific system features.
There are several stock (built-in) services and new services can be potentially provided by customizing the oX system.
A service can be configured in the property file and loaded at startup time. The following fragment shows has services can be specified.
Invocation target, represented by the interface InvocationTarget, allows the system the configure a service that can be 'invoked' at run time
using obix 'Op' operations, such as 'make' operation of WatchService (represented by the class obixserver.watch.WatchManager in this
case), or 'query' operation of a standard oBIX alarm service.
# invocation target definition
obixserver.targets=alarmService,watchService
obixserver.target.alarmService.class=obixserver.core.alarm.AlarmManager
obixserver.target.alarmService.uri=/obix/config/services/alarmservice/
obixserver.target.watchService.class=obixserver.watch.WatchManager
obixserver.target.watchService.uri=/obix/watchService/
Watch Service
Alarm Service
Alarm creation is enabled by modules. A module can associate a condition with an Obj. When the condition is true, the oX system, using
the collaboration of alarm service, objBroker and notifications about changes from the modules, automatically creates an alarm.
There is a set of stock conditions provided by the system, represented by Java classes that implement Condition interface. See javadoc for
package obixserver.core.alarm.condition.
To see sample usage and setup of conditions and notifications that result in alarm creation, see PushSimulatorModule. Here is a relevant
code fragment that creates two conditions that result in alarms if the value of Int obj 'intModuloMinute' goes above 59000, and if the Real
obj 'realSize' is between 0.1 and 0.2.
objBroker.addCondition(new GreaterThanCondition(intModuloMinute, 59000));
objBroker.addCondition(new OutofrangeCondition(realSine, 0.1, 0.2));
Please see testing readme in test/resources/README.TXT and associated scripts for the detailed semantics of alarm service
implementation.
With a more full-featured version of winstone container, the footprint is about 150K more (655K):
327027 winstone-0.9.9.jar
5. Security
In any given system, security is usually a trade off of multiple factors. To keep oX system simple, security facilities of underlying
technology: the HTTP server and servlet container are being used. While this may not be optimal in all situations, it is in line with some of
the fundamental goals of the project: simplicity and ability to run on low-power servers.
5.1 Authentication
Authentication (ability to validate user credentials) is provided via standard servlet authentication facility. If you deploy the product in
secure configuration, a sample web.xml will be installed that contains authentication for specific resources.
If you deployed a secure version of oX, you can test authentication by going to protected areas, such as:
http://localhost:1225/obix/config/users/. You can use admin user with the password 'admin' as configured in tomcat-users.xml file of the
deployment directory.
5.2 Authorization
Authorization (granting access to resources to a user or principal) is provided in a standard servlet container manner: in the default
winstone configuration this is done via the combination of web.xml, winstone.properties and tomcat-users.xml file.
5.3 Encryption
Encryption, which provides data integrity and confidentiality, is implemented via HTTPS protocol that is part of the servlet container. In
default configuration, winstone properties are used to enable it.
Please note that this applies to a particular sample configuration. By changing real specification class, more flexible and dynamic approach
to authentication and authorization can be deployed.
tomcat-users.xml contains a list of users and their passwords. Here is a sample file:
<tomcat-users>
<role rolename="guest"/>
<role rolename="user"/>
<role rolename="module"/>
<role rolename="admin"/>
<user username="admin" password="admin" roles="admin"/>
<user username="both" password="both" roles="admin,user"/>
<user username="frank" password="frank" roles="user"/>
<user username="x10" password="x10" roles="module"/>
<user username="chris" password="chris" roles="user"/>
</tomcat-users>
winstone.properties file provides a mechanism to associate a realm in web.xml with user roles and user login credentials. This is the
relevant section of winstone.properties:
...
# Authentication
#argumentsRealm.passwd.user=password
#argumentsRealm.roles.user=admin
realmClassName=winstone.realm.FileRealm
fileRealm.configFile=tomcat-users.xml
# enable encryption: this requires keystore in winstone.ks
#httpsPort=1226
...
Note that encryption can be specified as well. It requires that a standard Java keystore file with the name 'winstone.ks' be created.
web.xml provides a declarative mechanism where resources can be associated with roles. It can specify which methods can be applied to a
resource, thus allowing read access (GET) to some user roles, and read/write access to others (DELETE/PUT), or method execution ability
within the context of oBIX to yet another user role (POST). This is the relevant section of web.xml:
...
<security-constraint>
<display-name>Obix Security Constraint - Users</display-name>
<web-resource-collection>
<web-resource-name>Protected Area - Users</web-resource-name>
<url-pattern>/obix/config/users/*</url-pattern>
<http-method>GET</http-method>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>Obix Security Constraint - Config</display-name>
<web-resource-collection>
<web-resource-name>Protected Area - Config</web-resource-name>
<url-pattern>/obix/config/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
...
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>oBIX Server Protected Area</realm-name>
<transport-guarantee>NONE</transport-guarantee>
</login-config>
<security-role>
<description>Admin role</description>
<role-name>admin</role-name>
</security-role>
<security-role>
<description>Module role</description>
<role-name>module</role-name>
</security-role>
<security-role>
<description>User role</description>
<role-name>user</role-name>
</security-role>
<security-role>
<description>Guest role</description>
<role-name>guest</role-name>
</security-role>
Important
Please take a look at a sample module, such as push-simulator in the modules/push-simulator or NoopModule in
modules/core directory to see a sample project.
+---- build.xml
+---- ant.properties
|
+-- module
| |
| |
| +-- core
| | |
| | +-- java
| | |
| | +-- resources
| | |
| | +-- lib
| | |
| | +-- test
| |
| +-- yourmodule
| | |
| | +-- java
| | |
| | +-- resources
| | |
| | +-- lib
| | |
| | +-- test
| |
| +-- test
+-- standalone-modules
|
+-- ext-pushsimulator
|
+-- int-pushsimulator
|
+-- yourmodule
Java source
unit tests
It's recommended that your module follows a similar structure within this project, in particular for modules that may be later integrated into
this projects source base.
For your own standalone modules, you can use structure similar to that of ./standalone-modules/int-pushsimulator example or similar
examples.
Create a class that extends AbstractBaseModule. Include an implementation of start and stop functions. They could be noops if you
don't need to start and stop your own processing threads
Note: You may find it useful to view the source code for the minimal module: NoopModule - you may use it as a template to write your
own module.
You'll notice that the source tree contains module examples under ./modules directory: those may offer additional ideas if you are interested
in seeing solutions to specific problems such as integrating a GPS device into the oX system.
Module Creation Walk-Through - Internal Module
Rename and modify the Java file included in the project: ./java/obixserver/module/PushSimulatorModule.java
Here is an example.
...
obixserver.modules=core,push-simulator
...
obixserver.module.push-simulator=obixserver.module.PushSimulatorModule
obixserver.module.push-simulator.base=push-simulator
...
You can do this by navigating to the URL as specified in .home property of the configuration file:
http://localhost:1225/obix/pushsimulator/
For this particular sample, you should see several values at http://localhost:1225/obix/push-simulator/dynamicValues/ changing
when you refresh the URL.
cp -a standalone-modules/ext-pushsimulator/ standalone-modules/ext-mymodule
Rename and modify the Java file included in the project: ./java/obixserver/module/external/ExternalSimModule.java
Specify your classname, home and credentials. obixmodule.serverUri is the URL of the main oX server where the tree will be
expanded. Here is an example.
# Obix remote/external module properties
# oX server URL
obixmodule.serverUri=http://localhost:1225
# ignore errors on init and start of modules. obix server will still start
obixmodule.ignoreInitErrors=true
# module definition
obixmodule.modules=sim-external
obixmodule.module.sim-external=obixserver.module.external.ExternalSimModule
obixmodule.module.sim-external.home=/obix/sim-external/
obixmodule.module.sim-external.username=admin
obixmodule.module.sim-external.password=admin
Build
ant
Execute
You can do this by navigating to the URL as specified in .home property of the configuration file:
http://localhost:1225/obix/sim-external/
or by running a command line utility, e.g.:
curl http://localhost:1225/obix/sim-external/
For this particular sample, you should see integer value at http://localhost:1225/obix/sim-external/myRealObj/ being incremented at
5 s interval when you refresh the URLS.
Note
This sample doesn't address security: a system should ship only with authentication-based area to receive Obj's
created by external module. For example, in a secure production system, an external module that attempts to create
new Obj's by writing via HTTP PUT to /obix/sim-external/ should be properly authenticated and the communication
encrypted.
obixserver.modules=core,push-simulator,pull-simulator,my-module
If you configure your module as described above, you will see it when accessing the running oX server on this URL:
http://localhost:1225/obix/my-module/
After the project is in eclipse and you've built from the command line as well, you can start Launcher which will start the project in debug
mode using winstone. To also set breakpoint in winstone, you'll need to install winstone and modify .classpath to point to it's sources, such
as:
<classpathentry kind="lib" path="lib/winstone-lite-0.9.9.jar" sourcepath="c:/sw/winstone-src-0.9.9" />
You will also need to install obix toolkit and import into eclipse, or modify your .classpath to point to lib/obix.jar.
You can also use curl-based command-line scripts and procedures outlined in test/resources/README.TXT included in the source
distribution.
If your module uses 3rd party libraries or other resources, you should also copy those during the deployment phase, typically to
build/webroot/WEB-INF/lib for jars and build/webroot/WEB-INF/classes for resources that need to be on the classpath.
7. Tips
Steps to deploy:
You also need to replace winstone-0.9.9.jar with winstone-lite-0.9.9.jar (both files are in lib subdirectory of the source root).
You can shutdown the server or reload the application it in this manner:
# reload application
java -cp winstone-0.9.9.jar winstone.tools.WinstoneControl reload
# stop server
java -cp winstone-0.9.9.jar winstone.tools.WinstoneControl shutdown
8. Acknowledgements
oBIX Server project builds on the clean design and implementation of oBIX core by Brian Frank: see http://obix.sourceforge.net
The default deployment integrates with Winstone, a very efficient and full-featured servlet container from sourceforge: see winstone