瘦身
l
移除server/slim/deploy/mail-service.xml
当不使用缓存失效服务的时候 (一般在集群配置里作为CMP选择一个beans用与失效缓存)
l
移除 server/slim/deloy/cache-invalidation-service.xml
当不使用J2EE客户端部署服务的时候(这不是一个很有益的J2EE规格必须服务,对于EAR application-client.xml描述符)
l
移除 server/slim/deploy/client-deployer-service.xml
当不使用集成HAR部署和Hibernate会话管理服务的时候
l
移除server/slim/deploy/hibernate-deployer-service.xml (HAR support)
l
移除server/slim/lib/jboss-hibernate.jar (HAR support)
l
移除server/slim/lib/hibernate2.jar (Hibernate itself)
l
移除server/slim/lib/cglib-full-2.0.1.jar (used by Hibernate to create proxies of POJOs)
l
移除server/slim/lib/odmg-3.0.jar (由hibernate使用的一些傻瓜试的对象-关系映射行为是从一些傻瓜式的委员会来的[goofy committee][url]http://www.service-architecture.com/database/articles/odmg_3_0.html[/url]
)
不使用 Hypersonic的时候 (在生产环境里你可能不使用这个)
注意在默认配置里 JBossMQ使用 DefaultDS名字同样被部署,用于为Hypersonic映射. 在配置上对于其他选择的更多信息,见 JBoss MQ Persistence Wiki pages .
l
移除server/slim/deploy/hsqldb-ds.xml
l
移除server/slim/lib/hsqldb-plugin.jar
l
移除server/slim/lib/hsqldb.jar
l
移除the entire server/slim/deploy/jms directory
l
移除server/slim/lib/jbossmq.jar
不使用 HTTPInvoker的时候 (从RMI到HTTP的隧道)
l
移除the entire server/slim/deploy/http-invoker.sar 文件夹
不使用 XA 数据源的使用 (分布式 and/or 可恢复的事务)
l
移除server/slim/deploy/jboss-xa-jdbc.rar
如果你不需要JMX-Console 然后删除它
l
移除server/slim/deploy/jmx-console.war
如果你不需要制造JMX调用RMI (警告the shutdown.sh 是否这样做)
l
移除server/slim/deploy/jmx-invoker-adaptor-server.sar
l
移除server/slim/deploy/jmx-adaptor-plugin.jar
如果你不需要web-console
l
移除server/slim/deploy/management/web-console.war
如果你不需要JMX的JSR-77扩充
l
移除server/slim/deploy/management/console-mgr.sar
如果你需要web-console 或者 jsr-77 扩充的其中之一
l
移除server/slim/deploy/management directory entirely
如果你不使用控制台/email监控警报
l
移除server/slim/deploy/monitoring-service.xml
l
移除server/slim/lib/jboss-monitoring.jar
如果你不通过Properties Service使用富资源编辑器(JMX)或者装载properties到系统properties 里。
l
移除server/slim/deploy/properties-service.xml
l
移除server/slim/lib/properties-plugin.jar
此scheduler-service.xml是一个例子,除非你在它的里面放入自己的东西
l
移除server/slim/deploy/scheduler-service.xml
如果你不适用JBoss调度管理 (允许你安排请求依赖MBeans)
l
移除server/slim/deploy/schedule-manager-service.xml
l
移除server/slim/lib/scheduler-plugin* (scheduler-plugin.jar, scheduler-plugin-example.jar)
如果你不需要供应商特定的sql异常援助[handing] (just leave it, really)
l
移除server/slim/deploy/sqlexception-service.xml
如果你既没有使用客户端事务管理,也没有缓存连接(我们缓存连接来代替池,例如就JAAS->DB User 来说—-使用这个意味着你是个坏人,需要被拍击[using this means you are a bad person and need to be smacked]) .
l
移除server/slim/deploy/user-service.xml
如果你不使用JBoss的UUID key生成 (大多情况下用于CMP主键生成,但是我们的数据库也同样支持的很好)
l
移除server/slim/deploy/uuid-key-generator.sar
l
移除server/slim/lib/autonumber-plugin.jar
user-service.xml 是一个例子 – 除非你在它里面做一些事情 (你自己的mbeans),你可以移除它.
l
移除server/slim/deploy/user-service.xml
如果你使用通过HTTP直接连接Tomcat而不是通过Apache/mod_jk:
l
使用vi编辑器打开server/slim/deploy/jbossweb-tomcat50.sar/server.xml
l
移除/注释下面的XML 片段:
<!--
A AJP 1.3 Connector on port 8009 -->
< Connector port ="8009" address ="${jboss.bind.address}"
enableLookups ="false" redirectPort ="8443" debug ="0"
protocol ="AJP/1.3" />
< Connector port ="8009" address ="${jboss.bind.address}"
enableLookups ="false" redirectPort ="8443" debug ="0"
protocol ="AJP/1.3" />
如果你的用户总是不通过HTTP连接到Tomcat而总是通过Apache/mod_jk连接
l
使用vi编辑server/slim/deploy/jbossweb-tomcat50.sar/server.xml 文件
l
移除/注释下面的XML片段:
<!--
A HTTP/1.1 Connector on port 8080 -->
< Connector port ="8080" address ="${jboss.bind.address}"
maxThreads ="150" minSpareThreads ="25" maxSpareThreads ="75"
enableLookups ="false" redirectPort ="8443" acceptCount ="100"
connectionTimeout ="20000" disableUploadTimeout ="true" />
< Connector port ="8080" address ="${jboss.bind.address}"
maxThreads ="150" minSpareThreads ="25" maxSpareThreads ="75"
enableLookups ="false" redirectPort ="8443" acceptCount ="100"
connectionTimeout ="20000" disableUploadTimeout ="true" />
如果你不需要可以部署EAR文件
l
使用vi打开编辑 server/slim/conf/jboss-service.xml文件
l
移除/注释下面的XML片段从这
从这个
<
mbean
code
="org.jboss.management.j2ee.LocalJBossServerDomain"
>
MBean 下面
<
attribute
name
="EARDeployer"
>jboss.j2ee:service=EARDeployer
</
attribute
>
和
<!-- EAR 部署,如果你不使用Web分层,删除-->
<
mbean
code
="org.jboss.deployment.EARDeployer"name="jboss.j2ee:service=EARDeployer"
>
</ mbean >
</ mbean >
如果你不需要可以部署JMS队列
l
使用vi打开 server/slim/conf/jboss-service.xml 文件
l
移除/注释下面的XML片段从这
从这个
<
mbean
code
="org.jboss.management.j2ee.LocalJBossServerDomain"
>
Mbean下面
<
attribute
name
="JMSService"
>jboss.mq:service=DestinationManager
</
attribute
>
如果你不需要使用CORBA/IIOP
l
使用vi打开编辑 server/slim/conf/jboss-service.xml文件
l
移除/注释下面的XML片段从这
从这个
<
mbean
code
="org.jboss.management.j2ee.LocalJBossServerDomain"
>
MBean 下面
<
attribute
name
="RMI_IIOPService"
>jboss:service=CorbaORB
</
attribute
>
如果你删除user-transaction-service.xml
l
Vi编辑 server/slim/conf/jboss-service.xml 文件
l
移除/注释下面的XML片段从这
从这个
<
mbean
code
="org.jboss.management.j2ee.LocalJBossServerDomain"
>
MBean 下面
<
attribute
name
="UserTransactionService"
>jboss:service=ClientUserTransaction
</
attribute
>
如果你不需要JSR-77支持 (尝试做JBoss, Weblogic 和 Websphere支持一些基于同类的JMX监控)你可以删除/注释server/slim/conf/jboss-service.xml文件关于JSR-77的全部片段:
<!--
==================================================================== -->
<!-- JSR-77 Single JBoss Server Management Domain -->
<!-- ==================================================================== -->
< mbean code ="org.jboss.management.j2ee.LocalJBossServerDomain"
name ="jboss.management.local:j2eeType=J2EEDomain,name=Manager" >
< attribute name ="MainDeployer" >jboss.system:service=MainDeployer </ attribute >
< attribute name ="SARDeployer" >jboss.system:service=ServiceDeployer </ attribute >
<!-- <attribute name="EARDeployer">jboss.j2ee:service=EARDeployer</attribute>-->
< attribute name ="EJBDeployer" >jboss.ejb:service=EJBDeployer </ attribute >
< attribute name ="RARDeployer" >jboss.jca:service=RARDeployer </ attribute >
< attribute name ="CMDeployer" >jboss.jca:service=ConnectionFactoryDeployer </ attribute >
< attribute name ="WARDeployer" >jboss.web:service=WebServer </ attribute >
< attribute name ="MailService" >jboss:service=Mail </ attribute >
<!-- <attribute name="JMSService">jboss.mq:service=DestinationManager</attribute>-->
< attribute name ="JNDIService" >jboss:service=Naming </ attribute >
< attribute name ="JTAService" >jboss:service=TransactionManager </ attribute >
<!-- <attribute name="UserTransactionService">jboss:service=ClientUserTransaction</attribute>
<attribute name="RMI_IIOPService">jboss:service=CorbaORB</attribute>-->
</ mbean >
<!-- JSR-77 Single JBoss Server Management Domain -->
<!-- ==================================================================== -->
< mbean code ="org.jboss.management.j2ee.LocalJBossServerDomain"
name ="jboss.management.local:j2eeType=J2EEDomain,name=Manager" >
< attribute name ="MainDeployer" >jboss.system:service=MainDeployer </ attribute >
< attribute name ="SARDeployer" >jboss.system:service=ServiceDeployer </ attribute >
<!-- <attribute name="EARDeployer">jboss.j2ee:service=EARDeployer</attribute>-->
< attribute name ="EJBDeployer" >jboss.ejb:service=EJBDeployer </ attribute >
< attribute name ="RARDeployer" >jboss.jca:service=RARDeployer </ attribute >
< attribute name ="CMDeployer" >jboss.jca:service=ConnectionFactoryDeployer </ attribute >
< attribute name ="WARDeployer" >jboss.web:service=WebServer </ attribute >
< attribute name ="MailService" >jboss:service=Mail </ attribute >
<!-- <attribute name="JMSService">jboss.mq:service=DestinationManager</attribute>-->
< attribute name ="JNDIService" >jboss:service=Naming </ attribute >
< attribute name ="JTAService" >jboss:service=TransactionManager </ attribute >
<!-- <attribute name="UserTransactionService">jboss:service=ClientUserTransaction</attribute>
<attribute name="RMI_IIOPService">jboss:service=CorbaORB</attribute>-->
</ mbean >
如果你不需要client-side事务管理 (记住,使用这个那意味着你是一个坏人)
l
使用vi编辑 server/slim/conf/jboss-service.xml文件
l
移除/注释下面的XML片段
<!--
| UserTransaction support.
-->
< mbean code ="org.jboss.tm.usertx.server.ClientUserTransactionService"
name ="jboss:service=ClientUserTransaction"
xmbean-dd ="resource:xmdesc/ClientUserTransaction-xmbean.xml" >
< depends >
< mbean code ="org.jboss.invocation.jrmp.server.JRMPProxyFactory"
name ="jboss:service=proxyFactory,target=ClientUserTransactionFactory" >
< attribute name ="InvokerName" >jboss:service=invoker,type=jrmp </ attribute >
< attribute name ="TargetName" >jboss:service=ClientUserTransaction </ attribute >
< attribute name ="JndiName" >UserTransactionSessionFactory </ attribute >
< attribute name ="ExportedInterface" >
org.jboss.tm.usertx.interfaces.UserTransactionSessionFactory
</ attribute >
< attribute name ="ClientInterceptors" >
< interceptors >
< interceptor >org.jboss.proxy.ClientMethodInterceptor </ interceptor >
< interceptor >org.jboss.invocation.InvokerInterceptor </ interceptor >
</ interceptors >
</ attribute >
< depends >jboss:service=invoker,type=jrmp </ depends >
</ mbean >
</ depends >
< depends optional-attribute-name ="TxProxyName" >
< mbean code ="org.jboss.invocation.jrmp.server.JRMPProxyFactory"
name ="jboss:service=proxyFactory,target=ClientUserTransaction" >
< attribute name ="InvokerName" >jboss:service=invoker,type=jrmp </ attribute >
< attribute name ="TargetName" >jboss:service=ClientUserTransaction </ attribute >
< attribute name ="JndiName" > </ attribute >
< attribute name ="ExportedInterface" > org.jboss.tm.usertx.interfaces.UserTransactionSession
</ attribute >
< attribute name ="ClientInterceptors" >
< interceptors >
< interceptor >org.jboss.proxy.ClientMethodInterceptor </ interceptor >
< interceptor >org.jboss.invocation.InvokerInterceptor </ interceptor >
</ interceptors >
</ attribute >
< depends >jboss:service=invoker,type=jrmp </ depends >
</ mbean >
</ depends >
</ mbean >
| UserTransaction support.
-->
< mbean code ="org.jboss.tm.usertx.server.ClientUserTransactionService"
name ="jboss:service=ClientUserTransaction"
xmbean-dd ="resource:xmdesc/ClientUserTransaction-xmbean.xml" >
< depends >
< mbean code ="org.jboss.invocation.jrmp.server.JRMPProxyFactory"
name ="jboss:service=proxyFactory,target=ClientUserTransactionFactory" >
< attribute name ="InvokerName" >jboss:service=invoker,type=jrmp </ attribute >
< attribute name ="TargetName" >jboss:service=ClientUserTransaction </ attribute >
< attribute name ="JndiName" >UserTransactionSessionFactory </ attribute >
< attribute name ="ExportedInterface" >
org.jboss.tm.usertx.interfaces.UserTransactionSessionFactory
</ attribute >
< attribute name ="ClientInterceptors" >
< interceptors >
< interceptor >org.jboss.proxy.ClientMethodInterceptor </ interceptor >
< interceptor >org.jboss.invocation.InvokerInterceptor </ interceptor >
</ interceptors >
</ attribute >
< depends >jboss:service=invoker,type=jrmp </ depends >
</ mbean >
</ depends >
< depends optional-attribute-name ="TxProxyName" >
< mbean code ="org.jboss.invocation.jrmp.server.JRMPProxyFactory"
name ="jboss:service=proxyFactory,target=ClientUserTransaction" >
< attribute name ="InvokerName" >jboss:service=invoker,type=jrmp </ attribute >
< attribute name ="TargetName" >jboss:service=ClientUserTransaction </ attribute >
< attribute name ="JndiName" > </ attribute >
< attribute name ="ExportedInterface" > org.jboss.tm.usertx.interfaces.UserTransactionSession
</ attribute >
< attribute name ="ClientInterceptors" >
< interceptors >
< interceptor >org.jboss.proxy.ClientMethodInterceptor </ interceptor >
< interceptor >org.jboss.invocation.InvokerInterceptor </ interceptor >
</ interceptors >
</ attribute >
< depends >jboss:service=invoker,type=jrmp </ depends >
</ mbean >
</ depends >
</ mbean >
l
你现在能删除从来没有引用的server/slim/conf/xmdesc/ClientUserTransaction-xmbean.xml 文件
如果你不需要持久化MBean(persistent MBean )特性 (默认情况下,没有JBoss MBeans使用它...yet)
l
编辑 server/slim/conf/jboss-service.xml文件
l
移除/注释这个XML片段
<!--
==================================================================== -->
<!-- XMBean Persistence -->
<!-- ==================================================================== -->
< mbean code ="org.jboss.system.pm.AttributePersistenceService"
name ="jboss:service=AttributePersistenceService"
xmbean-dd ="resource:xmdesc/AttributePersistenceService-xmbean.xml" >
< attribute name ="AttributePersistenceManagerClass" > org.jboss.system.pm.XMLAttributePersistenceManager
</ attribute >
< attribute name ="AttributePersistenceManagerConfig" >
< data-directory >data/xmbean-attrs </ data-directory >
</ attribute >
< attribute name ="ApmDestroyOnServiceStop" >false </ attribute >
< attribute name ="VersionTag" > </ attribute >
</ mbean >
<!-- XMBean Persistence -->
<!-- ==================================================================== -->
< mbean code ="org.jboss.system.pm.AttributePersistenceService"
name ="jboss:service=AttributePersistenceService"
xmbean-dd ="resource:xmdesc/AttributePersistenceService-xmbean.xml" >
< attribute name ="AttributePersistenceManagerClass" > org.jboss.system.pm.XMLAttributePersistenceManager
</ attribute >
< attribute name ="AttributePersistenceManagerConfig" >
< data-directory >data/xmbean-attrs </ data-directory >
</ attribute >
< attribute name ="ApmDestroyOnServiceStop" >false </ attribute >
< attribute name ="VersionTag" > </ attribute >
</ mbean >
l
既然server/slim/conf/xmdec/xmdesc/AttributePersistenceService-xmbean.xml已经不在被引用,你也可以删除它。
如果你不使用RMI类装载器 (在服务器上利用classes从客户端装载代码)
l
vi编辑 server/slim/conf/jboss-service.xml文件
l
移除/注释这个XML片段
<!--
==================================================================== -->
<!-- JBoss RMI Classloader - only install when available -->
<!-- ==================================================================== -->
< mbean code ="org.jboss.util.property.jmx.SystemPropertyClassValue"
name ="jboss.rmi:type=RMIClassLoader" >
< attribute name ="Property" >java.rmi.server.RMIClassLoaderSpi </ attribute >
< attribute name ="ClassName" >org.jboss.system.JBossRMIClassLoader </ attribute >
</ mbean >
<!-- JBoss RMI Classloader - only install when available -->
<!-- ==================================================================== -->
< mbean code ="org.jboss.util.property.jmx.SystemPropertyClassValue"
name ="jboss.rmi:type=RMIClassLoader" >
< attribute name ="Property" >java.rmi.server.RMIClassLoaderSpi </ attribute >
< attribute name ="ClassName" >org.jboss.system.JBossRMIClassLoader </ attribute >
</ mbean >
和
<!--
==================================================================== -->
<!-- Class Loading -->
<!-- ==================================================================== -->
< mbean code ="org.jboss.web.WebService"
name ="jboss:service=WebService" >
< attribute name ="Port" >8083 </ attribute >
<!-- Should resources and non-EJB classes be downloadable -->
< attribute name ="DownloadServerClasses" >true </ attribute >
< attribute name ="Host" >${jboss.bind.address} </ attribute >
< attribute name ="BindAddress" >${jboss.bind.address} </ attribute >
</ mbean >
<!-- Class Loading -->
<!-- ==================================================================== -->
< mbean code ="org.jboss.web.WebService"
name ="jboss:service=WebService" >
< attribute name ="Port" >8083 </ attribute >
<!-- Should resources and non-EJB classes be downloadable -->
< attribute name ="DownloadServerClasses" >true </ attribute >
< attribute name ="Host" >${jboss.bind.address} </ attribute >
< attribute name ="BindAddress" >${jboss.bind.address} </ attribute >
</ mbean >
l
修改XML片段 (注意: 在JBoss 4.0里,是在server/slim/deploy/ejb-deployer.xml文件里的一点设置):
<!--
EJB deployer, remove to disable EJB behavior-->
< mbean code ="org.jboss.ejb.EJBDeployer" name ="jboss.ejb:service=EJBDeployer" >
< attribute name ="VerifyDeployments" >true </ attribute >
...
< depends optional-attribute-name ="WebServiceName" >jboss:service=WebService </ depends >
</ mbean >
< mbean code ="org.jboss.ejb.EJBDeployer" name ="jboss.ejb:service=EJBDeployer" >
< attribute name ="VerifyDeployments" >true </ attribute >
...
< depends optional-attribute-name ="WebServiceName" >jboss:service=WebService </ depends >
</ mbean >
象这样标明:
<!--
EJB deployer, remove to disable EJB behavior-->
< mbean code ="org.jboss.ejb.EJBDeployer" name ="jboss.ejb:service=EJBDeployer" >
< attribute name ="VerifyDeployments" >true </ attribute >
...
<!-- <depends optional-attribute-name="WebServiceName">jboss:service=WebService</depends> -->
</ mbean >
< mbean code ="org.jboss.ejb.EJBDeployer" name ="jboss.ejb:service=EJBDeployer" >
< attribute name ="VerifyDeployments" >true </ attribute >
...
<!-- <depends optional-attribute-name="WebServiceName">jboss:service=WebService</depends> -->
</ mbean >
如果你只想使用 JBoss Naming locally (没有 RMI 客户端)
l
用vi打开 server/slim/conf/jboss-service.xml文件
l
更改下面的XML片段
<!--
==================================================================== -->
<!-- JNDI -->
<!-- ==================================================================== -->
< mbean code ="org.jboss.naming.NamingService"
name ="jboss:service=Naming"
xmbean-dd ="resource:xmdesc/NamingService-xmbean.xml" >
...
<!-- The listening port for the bootstrap JNP service. Set this to -1
to run the NamingService without the JNP invoker listening port.
-->
< attribute name ="Port" >1099 </ attribute >
...
<!-- The port of the RMI naming service, 0 == anonymous -->
< attribute name ="RmiPort" >1098 </ attribute >
...
</ mbean >
<!-- JNDI -->
<!-- ==================================================================== -->
< mbean code ="org.jboss.naming.NamingService"
name ="jboss:service=Naming"
xmbean-dd ="resource:xmdesc/NamingService-xmbean.xml" >
...
<!-- The listening port for the bootstrap JNP service. Set this to -1
to run the NamingService without the JNP invoker listening port.
-->
< attribute name ="Port" >1099 </ attribute >
...
<!-- The port of the RMI naming service, 0 == anonymous -->
< attribute name ="RmiPort" >1098 </ attribute >
...
</ mbean >
改写
<!--
==================================================================== -->
<!-- JNDI -->
<!-- ==================================================================== -->
< mbean code ="org.jboss.naming.NamingService"
name ="jboss:service=Naming"
xmbean-dd ="resource:xmdesc/NamingService-xmbean.xml" >
...
<!-- The listening port for the bootstrap JNP service. Set this to -1
to run the NamingService without the JNP invoker listening port.
-->
< attribute name ="Port" >-1 </ attribute >
...
<!-- The port of the RMI naming service, 0 == anonymous -->
< attribute name ="RmiPort" >0 </ attribute >
...
</ mbean >
<!-- JNDI -->
<!-- ==================================================================== -->
< mbean code ="org.jboss.naming.NamingService"
name ="jboss:service=Naming"
xmbean-dd ="resource:xmdesc/NamingService-xmbean.xml" >
...
<!-- The listening port for the bootstrap JNP service. Set this to -1
to run the NamingService without the JNP invoker listening port.
-->
< attribute name ="Port" >-1 </ attribute >
...
<!-- The port of the RMI naming service, 0 == anonymous -->
< attribute name ="RmiPort" >0 </ attribute >
...
</ mbean >
你也可以从相同的XML区域删除此行,来删除相关联的线程池:
<
depends
optional-attribute-name
="LookupPool"
proxy-type ="attribute" >jboss.system:service=ThreadPool </ depends >
proxy-type ="attribute" >jboss.system:service=ThreadPool </ depends >
和它自己的线程池块:
<!--
A Thread pool service -->
< mbean code ="org.jboss.util.threadpool.BasicThreadPool"
name ="jboss.system:service=ThreadPool" >
< attribute name ="Name" >JBoss System Threads </ attribute >
< attribute name ="ThreadGroupName" >System Threads </ attribute >
< attribute name ="KeepAliveTime" >60000 </ attribute >
< attribute name ="MinimumPoolSize" >1 </ attribute >
< attribute name ="MaximumPoolSize" >10 </ attribute >
< attribute name ="MaximumQueueSize" >1000 </ attribute >
< attribute name ="BlockingMode" >run </ attribute >
</ mbean >
< mbean code ="org.jboss.util.threadpool.BasicThreadPool"
name ="jboss.system:service=ThreadPool" >
< attribute name ="Name" >JBoss System Threads </ attribute >
< attribute name ="ThreadGroupName" >System Threads </ attribute >
< attribute name ="KeepAliveTime" >60000 </ attribute >
< attribute name ="MinimumPoolSize" >1 </ attribute >
< attribute name ="MaximumPoolSize" >10 </ attribute >
< attribute name ="MaximumQueueSize" >1000 </ attribute >
< attribute name ="BlockingMode" >run </ attribute >
</ mbean >
如果你使用它,从JMX控制台(显示JNDI命名树) 此JNDIView MBean 是非常有用的, 除非你不使用它。
l
使用vi打开 server/slim/conf/jboss-service.xml
l
删除
<
mbean
code
="org.jboss.naming.JNDIView"
name ="jboss:service=JNDIView"
xmbean-dd ="resource:xmdesc/JNDIView-xmbean.xml" >
</ mbean >
name ="jboss:service=JNDIView"
xmbean-dd ="resource:xmdesc/JNDIView-xmbean.xml" >
</ mbean >
l
你可以也删掉server/slim/conf/xmdesc/JNDIView-xmbean.xml 文件
如果你不使用JBossSX, 我们为EJBs或者Web层组件继承的基于JAAS的安全 (then you deserve to be flogged and I hope you get hacked but thats another story):
l
使用vi打开 server/slim/conf/jboss-service.xml
l
删除
<!--
==================================================================== -->
<!-- Security -->
<!-- ==================================================================== -->
<!--
< mbean code ="org.jboss.security.plugins.SecurityConfig"
name ="jboss.security:service=SecurityConfig" >
< attribute name ="LoginConfig" >jboss.security:service=XMLLoginConfig </ attribute >
</ mbean >
< mbean code ="org.jboss.security.auth.login.XMLLoginConfig"
name ="jboss.security:service=XMLLoginConfig" >
< attribute name ="ConfigResource" >login-config.xml </ attribute >
</ mbean >
<!-- Security -->
<!-- ==================================================================== -->
<!--
< mbean code ="org.jboss.security.plugins.SecurityConfig"
name ="jboss.security:service=SecurityConfig" >
< attribute name ="LoginConfig" >jboss.security:service=XMLLoginConfig </ attribute >
</ mbean >
< mbean code ="org.jboss.security.auth.login.XMLLoginConfig"
name ="jboss.security:service=XMLLoginConfig" >
< attribute name ="ConfigResource" >login-config.xml </ attribute >
</ mbean >
l
编辑 server/slim/deploy/jbossweb-tomcatxx.sar/META-INF/jboss-service.xml 并注释掉这些片段:
<!--
The JAAS security domain to use in the absense of an explicit
security-domain specification in the war WEB-INF/jboss-web.xml
-->
<!-- <attribute name="DefaultSecurityDomain">java:/jaas/other</attribute>-->
security-domain specification in the war WEB-INF/jboss-web.xml
-->
<!-- <attribute name="DefaultSecurityDomain">java:/jaas/other</attribute>-->
和
<!--
A mapping to the server security manager service which must be operation compatible with type
org.jboss.security.plugins.JaasSecurityManagerServiceMBean. This is only needed if web applications are allowed to flush the security manager authentication cache when the web sessions invalidate.
-->
<!—
< depends optional-attribute-name ="SecurityManagerService"
proxy-type ="attribute" >jboss.security:service=JaasSecurityManager
</ depends >
-->
org.jboss.security.plugins.JaasSecurityManagerServiceMBean. This is only needed if web applications are allowed to flush the security manager authentication cache when the web sessions invalidate.
-->
<!—
< depends optional-attribute-name ="SecurityManagerService"
proxy-type ="attribute" >jboss.security:service=JaasSecurityManager
</ depends >
-->
l
也移除/注释:
<!--
JAAS 安全性管理和区域mapping -->
< mbean code ="org.jboss.security.plugins.JaasSecurityManagerService"
name ="jboss.security:service=JaasSecurityManager" >
< attribute name ="SecurityManagerClassName" >
org.jboss.security.plugins.JaasSecurityManager
</ attribute >
< attribute name ="DefaultCacheTimeout" >1800 </ attribute >
< attribute name ="DefaultCacheResolution" >60 </ attribute >
</ mbean >
< mbean code ="org.jboss.security.plugins.JaasSecurityManagerService"
name ="jboss.security:service=JaasSecurityManager" >
< attribute name ="SecurityManagerClassName" >
org.jboss.security.plugins.JaasSecurityManager
</ attribute >
< attribute name ="DefaultCacheTimeout" >1800 </ attribute >
< attribute name ="DefaultCacheResolution" >60 </ attribute >
</ mbean >
l
如果你使用JBossMQ,你将需要从server/slim/deploy/jms/jbossmq-destinations-service.xml文件的所有测试 queues/topics中删掉任何一个 (优先的)或者注释掉他们的安全性信息. 如果你选择保持示例topics/queues增加如下注释:
<
mbean
code
="org.jboss.mq.server.jmx.Topic"
name ="jboss.mq.destination:service=Topic,name=testTopic" >
< depends optional-attribute-name ="DestinationManager" >jboss.mq:service=DestinationManager </ depends >
<!—-
< depends optional-attribute-name ="SecurityManager" >
jboss.mq:service=SecurityManager </ depends >
< attribute name ="SecurityConf" >
< security >
< role name ="guest" read ="true" write ="true" />
< role name ="publisher" read ="true" write ="true" create ="false" />
< role name ="durpublisher" read ="true" write ="true" create ="true" />
</ security >
</ attribute >
-->
</ mbean >
< mbean code ="org.jboss.mq.server.jmx.Topic"
name ="jboss.mq.destination:service=Topic,name=testTopic" >
< depends optional-attribute-name ="DestinationManager" >jboss.mq:service=DestinationManager </ depends >
<!-- <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
<attribute name="SecurityConf">
<security>
<role name="guest" read="true" write="true"/>
<role name="publisher" read="true" write="true" create="false"/>
<role name="durpublisher" read="true" write="true" create="true"/>
</security>
</attribute>
-->
</ mbean >
< mbean code ="org.jboss.mq.server.jmx.Topic"
name ="jboss.mq.destination:service=Topic,name=testDurableTopic" >
< depends optional-attribute-name ="DestinationManager" >jboss.mq:service=DestinationManager </ depends >
<!--
<depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
<attribute name="SecurityConf">
<security>
<role name="guest" read="true" write="true"/>
<role name="publisher" read="true" write="true" create="false"/>
<role name="durpublisher" read="true" write="true" create="true"/>
</security>
</attribute>
-->
</ mbean >
< mbean code ="org.jboss.mq.server.jmx.Queue"
name ="jboss.mq.destination:service=Queue,name=testQueue" >
< depends optional-attribute-name ="DestinationManager" >jboss.mq:service=DestinationManager </ depends >
<!--
<depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
<attribute name="SecurityConf">
<security>
<role name="guest" read="true" write="true"/>
<role name="publisher" read="true" write="true" create="false"/>
<role name="noacc" read="false" write="false" create="false"/>
</security>
</attribute>
-->
</ mbean >
name ="jboss.mq.destination:service=Topic,name=testTopic" >
< depends optional-attribute-name ="DestinationManager" >jboss.mq:service=DestinationManager </ depends >
<!—-
< depends optional-attribute-name ="SecurityManager" >
jboss.mq:service=SecurityManager </ depends >
< attribute name ="SecurityConf" >
< security >
< role name ="guest" read ="true" write ="true" />
< role name ="publisher" read ="true" write ="true" create ="false" />
< role name ="durpublisher" read ="true" write ="true" create ="true" />
</ security >
</ attribute >
-->
</ mbean >
< mbean code ="org.jboss.mq.server.jmx.Topic"
name ="jboss.mq.destination:service=Topic,name=testTopic" >
< depends optional-attribute-name ="DestinationManager" >jboss.mq:service=DestinationManager </ depends >
<!-- <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
<attribute name="SecurityConf">
<security>
<role name="guest" read="true" write="true"/>
<role name="publisher" read="true" write="true" create="false"/>
<role name="durpublisher" read="true" write="true" create="true"/>
</security>
</attribute>
-->
</ mbean >
< mbean code ="org.jboss.mq.server.jmx.Topic"
name ="jboss.mq.destination:service=Topic,name=testDurableTopic" >
< depends optional-attribute-name ="DestinationManager" >jboss.mq:service=DestinationManager </ depends >
<!--
<depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
<attribute name="SecurityConf">
<security>
<role name="guest" read="true" write="true"/>
<role name="publisher" read="true" write="true" create="false"/>
<role name="durpublisher" read="true" write="true" create="true"/>
</security>
</attribute>
-->
</ mbean >
< mbean code ="org.jboss.mq.server.jmx.Queue"
name ="jboss.mq.destination:service=Queue,name=testQueue" >
< depends optional-attribute-name ="DestinationManager" >jboss.mq:service=DestinationManager </ depends >
<!--
<depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
<attribute name="SecurityConf">
<security>
<role name="guest" read="true" write="true"/>
<role name="publisher" read="true" write="true" create="false"/>
<role name="noacc" read="false" write="false" create="false"/>
</security>
</attribute>
-->
</ mbean >
l
如果使用JBossMQ ,你也需要编辑server/slim/deploy/jms/jbossmq-service.xml 和变更 InterceptorLoader? XML 片段,像下面这样:
<
mbean
code
="org.jboss.mq.server.jmx.InterceptorLoader"
name
="jboss.mq:service=TracingInterceptor"
>
< attribute name ="InterceptorClass" >org.jboss.mq.server.TracingInterceptor </ attribute >
< depends optional-attribute-name ="NextInterceptor" >jboss.mq:service=DestinationManager </ depends >
<!--
<depends optional-attribute-name="NextInterceptor">jboss.mq:service=SecurityManager</depends>
-->
</ mbean >
< attribute name ="InterceptorClass" >org.jboss.mq.server.TracingInterceptor </ attribute >
< depends optional-attribute-name ="NextInterceptor" >jboss.mq:service=DestinationManager </ depends >
<!--
<depends optional-attribute-name="NextInterceptor">jboss.mq:service=SecurityManager</depends>
-->
</ mbean >
l
你也需要注释或者删除(从server/slim/deploy/jms/jbossmq-service.xml文件):
<!—
< mbean code ="org.jboss.mq.security.SecurityManager" name ="jboss.mq:service=SecurityManager" >
< attribute name ="DefaultSecurityConfig" >
< security >
< role name ="guest" read ="true" write ="true" create ="true" />
</ security >
</ attribute >
< attribute name ="SecurityDomain" >java:/jaas/jbossmq </ attribute >
< depends optional-attribute-name ="NextInterceptor" >jboss.mq:service=DestinationManager </ depends >
</ mbean >
-->
< mbean code ="org.jboss.mq.security.SecurityManager" name ="jboss.mq:service=SecurityManager" >
< attribute name ="DefaultSecurityConfig" >
< security >
< role name ="guest" read ="true" write ="true" create ="true" />
</ security >
</ attribute >
< attribute name ="SecurityDomain" >java:/jaas/jbossmq </ attribute >
< depends optional-attribute-name ="NextInterceptor" >jboss.mq:service=DestinationManager </ depends >
</ mbean >
-->
l
修改死亡信队列项(server/slim/deploy/jms/jbossmq-service.xml) 注释掉安全源:
<!—死亡信队列-->
< mbean code ="org.jboss.mq.server.jmx.Queue"
name ="jboss.mq.destination:service=Queue,name=DLQ" >
< depends optional-attribute-name ="DestinationManager" >jboss.mq:service=DestinationManager </ depends >
<!--
<depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
-->
</ mbean >
< mbean code ="org.jboss.mq.server.jmx.Queue"
name ="jboss.mq.destination:service=Queue,name=DLQ" >
< depends optional-attribute-name ="DestinationManager" >jboss.mq:service=DestinationManager </ depends >
<!--
<depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
-->
</ mbean >
<!-- JMS XA 资源适配器, 在beans中使用这个得到处理JMS-->
<
tx-connection-factory
>
< jndi-name >JmsXA </ jndi-name >
< xa-transaction />
< adapter-display-name >JMS Adapter </ adapter-display-name >
< config-property name ="SessionDefaultType" type ="java.lang.String" >javax.jms.Topic </ config-property >
< config-property name ="JmsProviderAdapterJNDI" type ="java.lang.String" >java:/DefaultJMSProvider </ config-property >
< max-pool-size >20 </ max-pool-size >
<!--
<security-domain-and-application>JmsXARealm</security-domain-and-application>
-->
</ tx-connection-factory >
< jndi-name >JmsXA </ jndi-name >
< xa-transaction />
< adapter-display-name >JMS Adapter </ adapter-display-name >
< config-property name ="SessionDefaultType" type ="java.lang.String" >javax.jms.Topic </ config-property >
< config-property name ="JmsProviderAdapterJNDI" type ="java.lang.String" >java:/DefaultJMSProvider </ config-property >
< max-pool-size >20 </ max-pool-size >
<!--
<security-domain-and-application>JmsXARealm</security-domain-and-application>
-->
</ tx-connection-factory >
l
如果使用JBoss 4, also do this 2 things:
l
在 conf/login-config.xml文件中, 注释下面的:
<!—测试jca框架的安全域
< application-policy name = "HsqlDbRealm" >
< authentication >
< login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required" >
< module-option name = "principal" >sa </ module-option >
< module-option name = "userName" >sa </ module-option >
< module-option name = "password" > </ module-option >
< module-option name = "managedConnectionFactoryName" > jboss.jca:service=LocalTxCM,name=DefaultDS </ module-option >
</ login-module >
</ authentication >
</ application-policy >
< application-policy name = "JmsXARealm" >
< authentication >
< login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required" >
< module-option name = "principal" >guest </ module-option >
< module-option name = "userName" >guest </ module-option >
< module-option name = "password" >guest </ module-option >
< module-option name = "managedConnectionFactoryName" > jboss.jca:service=TxCM,name=JmsXA
</ module-option >
</ login-module >
</ authentication >
</ application-policy >
-->
< application-policy name = "HsqlDbRealm" >
< authentication >
< login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required" >
< module-option name = "principal" >sa </ module-option >
< module-option name = "userName" >sa </ module-option >
< module-option name = "password" > </ module-option >
< module-option name = "managedConnectionFactoryName" > jboss.jca:service=LocalTxCM,name=DefaultDS </ module-option >
</ login-module >
</ authentication >
</ application-policy >
< application-policy name = "JmsXARealm" >
< authentication >
< login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required" >
< module-option name = "principal" >guest </ module-option >
< module-option name = "userName" >guest </ module-option >
< module-option name = "password" >guest </ module-option >
< module-option name = "managedConnectionFactoryName" > jboss.jca:service=TxCM,name=JmsXA
</ module-option >
</ login-module >
</ authentication >
</ application-policy >
-->
l
和在deploy/hsqldb-ds.xml文件中注释:
<!--
在conf/login-config.xml文件中使用清晰的安全域
<security-domain>HsqlDbRealm</security-domain> -->
<security-domain>HsqlDbRealm</security-domain> -->
如果你不使用池请求(Pooled Invoker)If you are not using the (见调优章节,也也许想使用池请求) 然后:
l
使用vi打开 server/slim/conf/jboss-service.xml 文件
l
删掉:
<!--
<mbean code="org.jboss.invocation.pooled.server.PooledInvoker"
name="jboss:service=invoker,type=pooled">
<attribute name="NumAcceptThreads">1</attribute>
<attribute name="MaxPoolSize">300</attribute>
<attribute name="ClientMaxPoolSize">300</attribute>
<attribute name="SocketTimeout">60000</attribute>
<attribute name="ServerBindAddress">${jboss.bind.address}</attribute>
<attribute name="ServerBindPort">4445</attribute>
<attribute name="ClientConnectAddress">${jboss.bind.address}</attribute>
<attribute name="ClientConnectPort">0</attribute>
<attribute name="EnableTcpNoDelay">false</attribute>
<depends optional-attribute-name="TransactionManagerService">
jboss:service=TransactionManager</depends>
</mbean>
-->
<mbean code="org.jboss.invocation.pooled.server.PooledInvoker"
name="jboss:service=invoker,type=pooled">
<attribute name="NumAcceptThreads">1</attribute>
<attribute name="MaxPoolSize">300</attribute>
<attribute name="ClientMaxPoolSize">300</attribute>
<attribute name="SocketTimeout">60000</attribute>
<attribute name="ServerBindAddress">${jboss.bind.address}</attribute>
<attribute name="ServerBindPort">4445</attribute>
<attribute name="ClientConnectAddress">${jboss.bind.address}</attribute>
<attribute name="ClientConnectPort">0</attribute>
<attribute name="EnableTcpNoDelay">false</attribute>
<depends optional-attribute-name="TransactionManagerService">
jboss:service=TransactionManager</depends>
</mbean>
-->
l
使用vi打开 server/slim/conf/jboss-service.xml 文件
l
删除或者注释
<
mbean
code
="org.jboss.varia.deployment.BeanShellSubDeployer"
name ="jboss.scripts:service=BSHDeployer" >
</ mbean >
name ="jboss.scripts:service=BSHDeployer" >
</ mbean >
l
删除 server/slim/bsh* (bsh-deployer.jar, bsh-1.3.0.jar)
如果你不使用热部署文件到server/slim/deploy 文件夹,而从外部重启JBoss:
l
使用vi打开 server/slim/conf/jboss-service.xml 文件
l
改变这个 XML的片段:
<!—热部署/反部署归档文件的mbean. -->
< mbean code ="org.jboss.deployment.scanner.URLDeploymentScanner"
name ="jboss.deployment:type=DeploymentScanner,flavor=URL" >
...
< attribute name ="ScanPeriod" >5000 </ attribute >
...
</ mbean >
< mbean code ="org.jboss.deployment.scanner.URLDeploymentScanner"
name ="jboss.deployment:type=DeploymentScanner,flavor=URL" >
...
< attribute name ="ScanPeriod" >5000 </ attribute >
...
</ mbean >
改为(加入):
<!--
热部署/反部署归档文件的mbean.-->
< mbean code ="org.jboss.deployment.scanner.URLDeploymentScanner"
name ="jboss.deployment:type=DeploymentScanner,flavor=URL" >
...
< attribute name ="ScanPeriod" >5000 </ attribute >
< attribute name ="ScanEnabled" >False </ attribute >
...
</ mbean >
< mbean code ="org.jboss.deployment.scanner.URLDeploymentScanner"
name ="jboss.deployment:type=DeploymentScanner,flavor=URL" >
...
< attribute name ="ScanPeriod" >5000 </ attribute >
< attribute name ="ScanEnabled" >False </ attribute >
...
</ mbean >
l
就这个性能透视而言,看其他建议的调整章节
如果你不使用集群
l
最好的方法就是从"default"配置启动,而不是使用"all"配置启动. 然后从"all"配置里带来的一些各种服务,你在"default"配置里没有使用.
l
如果你必须从“all”配置启动:
o
移除 server/slim/farm
o
移除server/slim/deploy-hasingleton
o
移除server/slim/deploy/cluster-service.xml
o
移除server/slim/deploy/tc5-cluster-service.xml (或者 在4.0.4或者以前的版本上的server/slim/deploy/tc5-cluster.sar)
o
移除server/slim/deploy/deploy.last/farm-service.xml
o
移除server/slim/deploy/deploy-hasingleton-service.xml
o
进入到 server/slim/deploy/jms 文件夹, 删除它的内容,并从server/default/deploy/jms文件夹复制他们到这里.
o
编辑 server/slim/deploy/jbossweb-tomcat55.sar/META-INF
/jboss-service.xml 移除下面的片段:
/jboss-service.xml 移除下面的片段:
<!--
如果需要使用HTTP会话集群(HTTP Session Clustering)或者如果在tomcat的server.xml文件中 ClusteredSingleSignOn 值是enabled
-->
< depends >jboss.cache:service=TomcatClusteringCache </ depends >
如果需要使用HTTP会话集群(HTTP Session Clustering)或者如果在tomcat的server.xml文件中 ClusteredSingleSignOn 值是enabled
-->
< depends >jboss.cache:service=TomcatClusteringCache </ depends >
如果你不使用分布式(集群)web会话(sessions)
l
移除 server/slim/deploy/tc5-cluster-service.xml (或者 在4.0.4或者以前的版本上的server/slim/deploy/tc5-cluster.sar)
l
编辑 server/slim/deploy/jbossweb-tomcat55.sar/META-INF/jboss-service.xml 移除这个片段:
<!--
如果需要使用HTTP会话集群(HTTP Session Clustering)或者如果在tomcat的server.xml文件中 ClusteredSingleSignOn 值是enabled
-->
<depends>jboss.cache:service=TomcatClusteringCache</depends>
如果需要使用HTTP会话集群(HTTP Session Clustering)或者如果在tomcat的server.xml文件中 ClusteredSingleSignOn 值是enabled
-->
<depends>jboss.cache:service=TomcatClusteringCache</depends>
如果你不使用Farm服务 (复制部署)
l
移除server/slim/farm
l 移除server/slim/deploy/deploy.last/farm-service.xml
JBoss AS的调优与瘦身就翻译完了,翻译的不好,请谅解。还有就是这也只是看看,到底用途和状况怎么样,还需要具体的实践工作。
本文转自xudayu 51CTO博客,原文链接:http://blog.51cto.com/xudayu/77054,如需转载请自行联系原作者