1 JBoss设置
1.1 JBoss安全设置
1.1.1 jmx-console安全设置
1.1.1.1 编辑jboss-web.xml文件
u
编辑jmx-console.war/WEB-INF/jboss-web.xml文件:
[jboss@node1 ~]$ cd JBOSS_HOME/server/default/deploy
[jboss@node1 deploy]$ vi jmx-console.war/WEB-INF/jboss-web.xml
<!--将-->
< jboss-web >
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users.
<security-domain>java:/jaas/jmx-console</security-domain>
-->
</ jboss-web >
<!--修改为-->
< jboss-web >
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users. -->
< security-domain >java:/jaas/jmx-console </ security-domain >
</ jboss-web >
< jboss-web >
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users.
<security-domain>java:/jaas/jmx-console</security-domain>
-->
</ jboss-web >
<!--修改为-->
< jboss-web >
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users. -->
< security-domain >java:/jaas/jmx-console </ security-domain >
</ jboss-web >
1.1.1.2 编辑web.xml文件
u
编辑jmx-console.war/WEB-INF/web.xml文件:
[jboss@node1 ~]$ cd JBOSS_HOME/server/default/deploy
[jboss@node1 deploy]$ vi jmx-console.war/WEB-INF/web.xml
[jboss@node1 deploy]$ vi jmx-console.war/WEB-INF/web.xml
<!--
将-->
<? xml version ="1.0" ?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
< web-app >
......
<!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console.
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application </description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
-->
< login-config >
< auth-method >BASIC </ auth-method >
< realm-name >JBoss JMX Console </ realm-name >
</ login-config >
< security-role >
< role-name >JBossAdmin </ role-name >
</ security-role >
</ web-app >
<!-- 修改为-->
<? xml version ="1.0" ?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
< web-app >
......
<!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console.-->
< security-constraint >
< web-resource-collection >
< web-resource-name >HtmlAdaptor </ web-resource-name >
< description >An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application </ description >
< url-pattern >/* </ url-pattern >
< http-method >GET </ http-method >
< http-method >POST </ http-method >
</ web-resource-collection >
< auth-constraint >
< role-name >JBossAdmin </ role-name >
</ auth-constraint >
</ security-constraint >
< login-config >
< auth-method >BASIC </ auth-method >
< realm-name >JBoss JMX Console </ realm-name >
</ login-config >
< security-role >
< role-name >JBossAdmin </ role-name >
</ security-role >
</ web-app >
<? xml version ="1.0" ?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
< web-app >
......
<!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console.
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application </description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
-->
< login-config >
< auth-method >BASIC </ auth-method >
< realm-name >JBoss JMX Console </ realm-name >
</ login-config >
< security-role >
< role-name >JBossAdmin </ role-name >
</ security-role >
</ web-app >
<!-- 修改为-->
<? xml version ="1.0" ?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
< web-app >
......
<!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console.-->
< security-constraint >
< web-resource-collection >
< web-resource-name >HtmlAdaptor </ web-resource-name >
< description >An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application </ description >
< url-pattern >/* </ url-pattern >
< http-method >GET </ http-method >
< http-method >POST </ http-method >
</ web-resource-collection >
< auth-constraint >
< role-name >JBossAdmin </ role-name >
</ auth-constraint >
</ security-constraint >
< login-config >
< auth-method >BASIC </ auth-method >
< realm-name >JBoss JMX Console </ realm-name >
</ login-config >
< security-role >
< role-name >JBossAdmin </ role-name >
</ security-role >
</ web-app >
1.1.2 web-console 安全设置
1.1.2.1 编辑jboss-web.xml文件
u
修改web-console.war/WEB-INF/jboss-web.xml文件:
[jboss@node1 ~]$ cd JBOSS_HOME/server/default/deploy/management/console-mgr.sar/web-console.war
[jboss@node1 web-console.war]$ vi WEB-INF/jboss-web.xml
[jboss@node1 web-console.war]$ vi WEB-INF/jboss-web.xml
<!--
将-->
< jboss-web >
<!-- Uncomment the security-domain to enable security. You will need to edit the htmladaptor login nfiguration to setup thelogin modules used to authentication users.
<security-domain>java:/jaas/web-console</security-domain>
-->
<!-- The war depends on the -->
< depends >jboss.admin:service=PluginManager </ depends >
</ jboss-web >
<!-- 修改为-->
< jboss-web >
<!-- Uncomment the security-domain to enable security. You will need to edit the htmladaptor login configuration to setup the login modules used to authentication users. -->
< security-domain >java:/jaas/web-console </ security-domain >
<!-- The war depends on the -->
< depends >jboss.admin:service=PluginManager </ depends >
</ jboss-web >
< jboss-web >
<!-- Uncomment the security-domain to enable security. You will need to edit the htmladaptor login nfiguration to setup thelogin modules used to authentication users.
<security-domain>java:/jaas/web-console</security-domain>
-->
<!-- The war depends on the -->
< depends >jboss.admin:service=PluginManager </ depends >
</ jboss-web >
<!-- 修改为-->
< jboss-web >
<!-- Uncomment the security-domain to enable security. You will need to edit the htmladaptor login configuration to setup the login modules used to authentication users. -->
< security-domain >java:/jaas/web-console </ security-domain >
<!-- The war depends on the -->
< depends >jboss.admin:service=PluginManager </ depends >
</ jboss-web >
1.1.2.2 编辑web.xml文件
u
编辑web-console.war/WEB-INF/web.xml文件:
[jboss@node1 web-console.war]$ vi WEB-INF/jboss-web.xml
<!--
将-->
<? xml version ="1.0" ?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
< web-app >
......
<!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console.
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
-->
< login-config >
< auth-method >BASIC </ auth-method >
< realm-name >JBoss WEB Console </ realm-name >
</ login-config >
< security-role >
< role-name >JBossAdmin </ role-name >
</ security-role >
</ web-app >
<!-- 修改为-->
<? xml version ="1.0" ?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
< web-app >
......
<!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console.-->
< security-constraint >
< web-resource-collection >
< web-resource-name >HtmlAdaptor </ web-resource-name >
< description >An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</ description >
< url-pattern >/* </ url-pattern >
< http-method >GET </ http-method >
< http-method >POST </ http-method >
</ web-resource-collection >
< auth-constraint >
< role-name >JBossAdmin </ role-name >
</ auth-constraint >
</ security-constraint >
< login-config >
< auth-method >BASIC </ auth-method >
< realm-name >JBoss WEB Console </ realm-name >
</ login-config >
< security-role >
< role-name >JBossAdmin </ role-name >
</ security-role >
</ web-app >
<? xml version ="1.0" ?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
< web-app >
......
<!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console.
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
-->
< login-config >
< auth-method >BASIC </ auth-method >
< realm-name >JBoss WEB Console </ realm-name >
</ login-config >
< security-role >
< role-name >JBossAdmin </ role-name >
</ security-role >
</ web-app >
<!-- 修改为-->
<? xml version ="1.0" ?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
< web-app >
......
<!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console.-->
< security-constraint >
< web-resource-collection >
< web-resource-name >HtmlAdaptor </ web-resource-name >
< description >An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</ description >
< url-pattern >/* </ url-pattern >
< http-method >GET </ http-method >
< http-method >POST </ http-method >
</ web-resource-collection >
< auth-constraint >
< role-name >JBossAdmin </ role-name >
</ auth-constraint >
</ security-constraint >
< login-config >
< auth-method >BASIC </ auth-method >
< realm-name >JBoss WEB Console </ realm-name >
</ login-config >
< security-role >
< role-name >JBossAdmin </ role-name >
</ security-role >
</ web-app >
[jboss@node1 ~]$ cd JBOSS_HOME/server/default/conf/props
[jboss@node1 props]$ ls jmx*
jmx-console-roles.properties jmx-console-users.properties
其中的jmx-console-roles.properties 是用户角色配置,而jmx-console-users.properties则是用户密码配置。
u 增加一个用户
:
[jboss@node1 props]$ vi jmx-console-roles.properties
#将
# A sample roles.properties file for use with the UsersRolesLoginModule
admin=JBossAdmin,HttpInvoker
admin=JBossAdmin,HttpInvoker
#修改为
admin=JBossAdmin,HttpInvoker
jboss=JBossAdmin,HttpInvoker
注意:配置文件里面左面的是用户,右面对应的是角色
u 为新增的用户设置密码
:
[jboss@node1 props]$ vi jmx-console-users.properties
#将
# A sample users.properties file for use with the UsersRolesLoginModule
admin=admin
admin=admin
#修改为
admin=admin
jboss=jboss
注意:配置文件里面左面的是用户,右面对应的是密码
1.1.4 设置web-console帐户密码
web-console的用户、角色、密码的设置与上面的jmx-console一致,只是配置文件web-console-roles.properties和web-console-users.properties的位置没有在上面的目录里,而是在JBOSS_HOME/server/default/deploy/management/
console-mgr.sar/web-console.war/WEB-INF/classes的目录里。
console-mgr.sar/web-console.war/WEB-INF/classes的目录里。
所以这里就不再重复上面的步骤,请读者自己进行操作。
1.2 JBoss其他重要的一些设置
1.2.1 JBoss集群名称修改
同一个网段内可能会有多个集群,所以要以集群的名字来区分它们。按照下面的方法修改
JBoss
集群的名字,使同一网段内的多个
JBoss
集群区分开来。
编辑
JBOSS_HOME/server/YOURCONDIF/deploy/cluster-service.xml
文件:
[jboss@node1 ~]$ vi JBOSS_HOME/server/YOURCONDIF
/deploy/cluster-service.xml
/deploy/cluster-service.xml
<!--
将-->
< mbean code ="org.jboss.ha.framework.server.ClusterPartition"
name ="jboss:service=${jboss.partition.name:DefaultPartition}" >
<!-- Name of the partition being built -->
< attribute name ="PartitionName" >
${jboss.partition.name:DefaultPartition} </ attribute >
......
< depends >jboss:service=Naming </ depends >
</ mbean >
<!-- 修改为-->
< mbean code ="org.jboss.ha.framework.server.ClusterPartition"
name ="jboss:service=${jboss.partition.name:DefaultPartition}" >
<!-- Name of the partition being built -->
< attribute name ="PartitionName" >你的集群的名字 </ attribute >
......
< depends >jboss:service=Naming </ depends >
</ mbean >
< mbean code ="org.jboss.ha.framework.server.ClusterPartition"
name ="jboss:service=${jboss.partition.name:DefaultPartition}" >
<!-- Name of the partition being built -->
< attribute name ="PartitionName" >
${jboss.partition.name:DefaultPartition} </ attribute >
......
< depends >jboss:service=Naming </ depends >
</ mbean >
<!-- 修改为-->
< mbean code ="org.jboss.ha.framework.server.ClusterPartition"
name ="jboss:service=${jboss.partition.name:DefaultPartition}" >
<!-- Name of the partition being built -->
< attribute name ="PartitionName" >你的集群的名字 </ attribute >
......
< depends >jboss:service=Naming </ depends >
</ mbean >
1.2.2 JBoss群集通讯协议
大型的
JBoss
集群使用
UDP
协议更好,可以减少网络流量。而对于小型的
JBoss
集群,使用
TCP
协议比较好,也比较安全。
编辑
JBOSS_HOME/server/YOURCONDIF/deploy/cluster-service.xml
文件:
[jboss@node1 ~]$ vi JBOSS_HOME/server/YOURCONDIF
/deploy/cluster-service.xml
/deploy/cluster-service.xml
<!--
查找-->
< mbean code ="org.jboss.ha.framework.server.ClusterPartition"
name ="jboss:service=${jboss.partition.name:DefaultPartition}" >
......
< mbean code ="org.jboss.ha.framework.server.ClusterPartition"
name ="jboss:service=${jboss.partition.name:DefaultPartition}" >
......
<
Config
>
< UDP mcast_addr ="${jboss.partition.udpGroup:228.1.2.3}" mcast_port ="45566"
ip_ttl ="${jgroups.mcast.ip_ttl:8}" ip_mcast ="true"
mcast_recv_buf_size ="2000000" mcast_send_buf_size ="640000"
ucast_recv_buf_size ="2000000" ucast_send_buf_size ="640000"
loopback ="false" />
......
</ Config >
</ mbean >
<!-- 修改为-->
< mbean code ="org.jboss.ha.framework.server.ClusterPartition"
name ="jboss:service=${jboss.partition.name:DefaultPartition}" >
......
<!--
<Config>
<UDP mcast_addr="${jboss.partition.udpGroup:228.1.2.3}" mcast_port="45566"
ip_ttl="${jgroups.mcast.ip_ttl:8}" ip_mcast="true"
mcast_recv_buf_size="2000000" mcast_send_buf_size="640000"
ucast_recv_buf_size="2000000" ucast_send_buf_size="640000"
loopback="false"/>
......
</Config>
-->
</ mbean >
<!-- 查找-->
< mbean code ="org.jboss.ha.framework.server.ClusterPartition"
name ="jboss:service=${jboss.partition.name:DefaultPartition}" >
......
<!--
<Config>
<TCP bind_addr="thishost" start_port="7800" loopback="true"
recv_buf_size="2000000" send_buf_size="640000"
tcp_nodelay="true" up_thread="false" down_thread="false"/>
<TCPPING initial_hosts="thishost[7800],otherhost[7800]"
port_range="3" timeout="3500" num_initial_members="3"
up_thread="false" down_thread="false"/>
......
</Config>
-->
</ mbean >
<!-- 修改为-->
< mbean code ="org.jboss.ha.framework.server.ClusterPartition"
name ="jboss:service=${jboss.partition.name:DefaultPartition}" >
......
< Config >
< TCP bind_addr ="thishost" start_port ="7800" loopback ="true"
recv_buf_size ="2000000" send_buf_size ="640000"
tcp_nodelay ="true" up_thread ="false" down_thread ="false" />
< TCPPING initial_hosts ="thishost[7800],otherhost[7800]"
port_range ="3" timeout ="3500" num_initial_members ="3"
up_thread ="false" down_thread ="false" />
......
</ Config >
</ mbean >
< UDP mcast_addr ="${jboss.partition.udpGroup:228.1.2.3}" mcast_port ="45566"
ip_ttl ="${jgroups.mcast.ip_ttl:8}" ip_mcast ="true"
mcast_recv_buf_size ="2000000" mcast_send_buf_size ="640000"
ucast_recv_buf_size ="2000000" ucast_send_buf_size ="640000"
loopback ="false" />
......
</ Config >
</ mbean >
<!-- 修改为-->
< mbean code ="org.jboss.ha.framework.server.ClusterPartition"
name ="jboss:service=${jboss.partition.name:DefaultPartition}" >
......
<!--
<Config>
<UDP mcast_addr="${jboss.partition.udpGroup:228.1.2.3}" mcast_port="45566"
ip_ttl="${jgroups.mcast.ip_ttl:8}" ip_mcast="true"
mcast_recv_buf_size="2000000" mcast_send_buf_size="640000"
ucast_recv_buf_size="2000000" ucast_send_buf_size="640000"
loopback="false"/>
......
</Config>
-->
</ mbean >
<!-- 查找-->
< mbean code ="org.jboss.ha.framework.server.ClusterPartition"
name ="jboss:service=${jboss.partition.name:DefaultPartition}" >
......
<!--
<Config>
<TCP bind_addr="thishost" start_port="7800" loopback="true"
recv_buf_size="2000000" send_buf_size="640000"
tcp_nodelay="true" up_thread="false" down_thread="false"/>
<TCPPING initial_hosts="thishost[7800],otherhost[7800]"
port_range="3" timeout="3500" num_initial_members="3"
up_thread="false" down_thread="false"/>
......
</Config>
-->
</ mbean >
<!-- 修改为-->
< mbean code ="org.jboss.ha.framework.server.ClusterPartition"
name ="jboss:service=${jboss.partition.name:DefaultPartition}" >
......
< Config >
< TCP bind_addr ="thishost" start_port ="7800" loopback ="true"
recv_buf_size ="2000000" send_buf_size ="640000"
tcp_nodelay ="true" up_thread ="false" down_thread ="false" />
< TCPPING initial_hosts ="thishost[7800],otherhost[7800]"
port_range ="3" timeout ="3500" num_initial_members ="3"
up_thread ="false" down_thread ="false" />
......
</ Config >
</ mbean >
同时,将“thishost”换成本机IP,“otherhost”换成另一台JBoss集群节点的IP。例如:
<
Config
>
< TCP bind_addr ="192.168.200.12" start_port ="7800" loopback ="true"
recv_buf_size ="2000000" send_buf_size ="640000"
tcp_nodelay ="true" up_thread ="false" down_thread ="false" />
< TCPPING initial_hosts ="192.168.200.12 [7800], 192.168.200.13 [7800]"
port_range ="3" timeout ="3500" num_initial_members ="3"
up_thread ="false" down_thread ="false" />
......
</ Config >
< TCP bind_addr ="192.168.200.12" start_port ="7800" loopback ="true"
recv_buf_size ="2000000" send_buf_size ="640000"
tcp_nodelay ="true" up_thread ="false" down_thread ="false" />
< TCPPING initial_hosts ="192.168.200.12 [7800], 192.168.200.13 [7800]"
port_range ="3" timeout ="3500" num_initial_members ="3"
up_thread ="false" down_thread ="false" />
......
</ Config >
1.2.3 JBoss字符集设置
JBoss
启动时默认使用的是系统字符集,而某些应用程序对于系统默认的字符集会出现不兼容的情况,如:打印出来的数据都是乱码。对于这种情况,可以在
JBoss
启动时定制应用程序使用自己的字符集。
u 使用vi命令编辑JBOSS_HOME/bin/run.conf文件:
[jboss@node1 ~]$ vi JBOSS_HOME/bin/run.conf
#在文件的上部加入字符集(红色字体部分)
## -*- shell-script -*- ######################################################
## ##
## JBoss Bootstrap Script Configuration ##
## ##
##############################################################################
### $Id: run.conf 62747 2007-05-02 17:43:36Z [email]dimitris@jboss.org[/email] $
#
# This file is optional; it may be removed if not needed.
#
#
# Specify the maximum file descriptor limit, use "max" or "maximum" to use
# the default, as queried by the system.
#
# Defaults to "maximum"
#
#MAX_FD="maximum"
export LANG="zh_CN.GBK"
#
# Specify the profiler configuration file to load.
#
# Default is to not load profiler configuration file.
#
#PROFILER=""
## ##
## JBoss Bootstrap Script Configuration ##
## ##
##############################################################################
### $Id: run.conf 62747 2007-05-02 17:43:36Z [email]dimitris@jboss.org[/email] $
#
# This file is optional; it may be removed if not needed.
#
#
# Specify the maximum file descriptor limit, use "max" or "maximum" to use
# the default, as queried by the system.
#
# Defaults to "maximum"
#
#MAX_FD="maximum"
export LANG="zh_CN.GBK"
#
# Specify the profiler configuration file to load.
#
# Default is to not load profiler configuration file.
#
#PROFILER=""
......
u
重新运行JBoss,乱码问题就可以解决了。
注意:上面的操作只是举个例子,字符集的修改需要根据实际情况而定。
本文转自xudayu 51CTO博客,原文链接:http://blog.51cto.com/xudayu/67210,如需转载请自行联系原作者
