`
elan1986
  • 浏览: 168958 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

JBOSS HTTPS

阅读更多
<Server>

  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
  <Listener className="org.apache.catalina.core.JasperListener" />

   <!-- Use a custom version of StandardService that allows the
   connectors to be started independent of the normal lifecycle
   start to allow web apps to be deployed before starting the
   connectors.
   -->
   <Service name="jboss.web">

    <!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned. Documentation at :
         Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
         Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL HTTP/1.1 Connector on port 8080
    -->
    <Connector port="8088" address="0.0.0.0"    
         maxThreads="250" maxHttpHeaderSize="8192"
         emptySessionPath="true" protocol="HTTP/1.1"
         enableLookups="false" redirectPort="8443" acceptCount="100"
         connectionTimeout="20000" disableUploadTimeout="true" />

    <!-- Define a SSL HTTP/1.1 Connector on port 8443
         This connector uses the JSSE configuration, when using APR, the 
         connector should be using the OpenSSL style configuration
         described in the APR documentation -->
    <!--
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    -->
	<!-- 
	 <Connector port="8443" maxHttpHeaderSize="8192"

                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

                enableLookups="false" disableUploadTimeout="true"

                acceptCount="100" scheme="https" secure="true"

                clientAuth="false" sslProtocol="TLS"

                keystoreFile="/conf/server.keystore" 

                keystorePass="changeit" />   
	-->
	
	<Connector 
           port="8443" minSpareThreads="5" maxSpareThreads="75"
           enableLookups="true" disableUploadTimeout="true" 
           acceptCount="100"  maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="F:/jboss-4.2.3.GA/server/default/conf/server.keystore" keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS"/>
	<!-- 
	<Connector port="8443" maxThreads="100"
            minSpareThreads="5" maxSpareThreads="15" scheme="https"
			enableLookups="true" disableUploadTimeout="true" 
			acceptCount="100"  
            secure="true" clientAuth="false"
            keystoreFile="F:/jboss-4.2.3.GA/server/default/conf/server.keystore"
            keystorePass="changeit" sslProtocol="TLS"/>
		-->	
    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3"
         emptySessionPath="true" enableLookups="false" redirectPort="8443" />

      <Engine name="jboss.web" defaultHost="localhost">

         <!-- The JAAS based authentication and authorization realm implementation
         that is compatible with the jboss 3.2.x realm implementation.
         - certificatePrincipal : the class name of the
         org.jboss.security.auth.certs.CertificatePrincipal impl
         used for mapping X509[] cert chains to a Princpal.
         - allRolesMode : how to handle an auth-constraint with a role-name=*,
         one of strict, authOnly, strictAuthOnly
           + strict = Use the strict servlet spec interpretation which requires
           that the user have one of the web-app/security-role/role-name
           + authOnly = Allow any authenticated user
           + strictAuthOnly = Allow any authenticated user only if there are no
           web-app/security-roles
         -->
         <Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
            certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
            allRolesMode="authOnly"
            />
         <!-- A subclass of JBossSecurityMgrRealm that uses the authentication
         behavior of JBossSecurityMgrRealm, but overrides the authorization
         checks to use JACC permissions with the current java.security.Policy
         to determine authorized access.
         - allRolesMode : how to handle an auth-constraint with a role-name=*,
         one of strict, authOnly, strictAuthOnly
           + strict = Use the strict servlet spec interpretation which requires
           that the user have one of the web-app/security-role/role-name
           + authOnly = Allow any authenticated user
           + strictAuthOnly = Allow any authenticated user only if there are no
           web-app/security-roles
         <Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
            certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
            allRolesMode="authOnly"
            />
         -->

        <Host name="localhost"
           autoDeploy="false" deployOnStartup="false" deployXML="false"
           configClass="org.jboss.web.tomcat.security.config.JBossContextConfig"
           >

            <!-- Uncomment to enable request dumper. This Valve "logs interesting 
                 contents from the specified Request (before processing) and the 
                 corresponding Response (after processing). It is especially useful 
                 in debugging problems related to headers and cookies."
            -->
            <!--
            <Valve className="org.apache.catalina.valves.RequestDumperValve" />
            -->
 
            <!-- Access logger -->
            <!--
            <Valve className="org.apache.catalina.valves.AccessLogValve"
                prefix="localhost_access_log." suffix=".log"
                pattern="common" directory="${jboss.server.log.dir}" 
                resolveHosts="false" />
            -->

            <!-- Uncomment to enable single sign-on across web apps
                deployed to this host. Does not provide SSO across a cluster.     
            
                If this valve is used, do not use the JBoss ClusteredSingleSignOn 
                valve shown below. 
                
                A new configuration attribute is available beginning with
                release 4.0.4:
                
                cookieDomain  configures the domain to which the SSO cookie
                              will be scoped (i.e. the set of hosts to
                              which the cookie will be presented).  By default
                              the cookie is scoped to "/", meaning the host
                              that presented it.  Set cookieDomain to a
                              wider domain (e.g. "xyz.com") to allow an SSO
                              to span more than one hostname.
             -->
            <!--
            <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
            -->

            <!-- Uncomment to enable single sign-on across web apps
               deployed to this host AND to all other hosts in the cluster.
            
               If this valve is used, do not use the standard Tomcat SingleSignOn
               valve shown above.
            
               Valve uses a JBossCache instance to support SSO credential 
               caching and replication across the cluster.  The JBossCache 
               instance must be configured separately.  By default, the valve 
               shares a JBossCache with the service that supports HttpSession 
               replication.  See the "jboss-web-cluster-service.xml" file in the 
               server/all/deploy directory for cache configuration details.
            
               Besides the attributes supported by the standard Tomcat
               SingleSignOn valve (see the Tomcat docs), this version also 
               supports the following attributes:
            
               cookieDomain   see above
            
               treeCacheName  JMX ObjectName of the JBossCache MBean used to 
                              support credential caching and replication across
                              the cluster. If not set, the default value is 
                              "jboss.cache:service=TomcatClusteringCache", the 
                              standard ObjectName of the JBossCache MBean used 
                              to support session replication.
            -->
            <!--
            <Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
            -->
         
            <!-- Check for unclosed connections and transaction terminated checks
                 in servlets/jsps.
                 
                 Important: The dependency on the CachedConnectionManager
                 in META-INF/jboss-service.xml must be uncommented, too
            -->
            <Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"
                cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
                transactionManagerObjectName="jboss:service=TransactionManager" />

         </Host>

      </Engine>

   </Service>

</Server>


http://docs.jboss.org/jbossweb/latest/ssl-howto.html
分享到:
评论

相关推荐

    jboss配置https环境

    JBoss,作为一个流行的Java应用服务器,提供了配置HTTPS(安全套接层超文本传输协议)的能力,以确保数据传输的加密和安全性。以下是配置JBoss服务器使用HTTPS的详细步骤: 1. **生成Keystore文件**: 使用Java...

    Jboss配置https

    Jboss 配置 HTTPS protocol Jboss 配置 HTTPS 协议是为了在 Web 应用传输过程中,保护数据的安全性。HTTPS 协议使用密钥对数据进行加密,从而防止数据在传输过程中的泄露。 首先,需要使用 keytool 工具生成 ...

    JBOSS 7 基于HTTPS双向SSL认证

    JBOSS 7 基于 HTTPS 双向 SSL 认证 JBOSS 7 基于 HTTPS 双向 SSL 认证是一种高级别的安全认证机制,该机制使用 SSL 证书对服务器和客户端进行身份验证,以确保数据传输的安全性。在本文中,我们将详细介绍 JBOSS 7 ...

    windows环境下Jboss as 7配置Https

    Windows 环境下 JBoss AS 7 配置 HTTPS 在 Windows 环境下,配置 JBoss AS 7 的 HTTPS 需要按照特定的步骤进行。下面将详细介绍配置 HTTPS 的过程。 生成服务器端证书文件 首先,需要使用 JDK 自带的工具制作 ...

    JBoss启动 JBoss启动

    - 启动监听器:开启HTTP、HTTPS、JMS等网络端口监听。 - 部署应用:扫描`deploy`目录下的应用并进行部署。 6. **日志与诊断**: - `standalone.log`是服务器的主要日志文件,记录了启动过程和运行时信息。 - ...

    linux 下 配置JBoss6.0+JDK7.0

    1. **下载JBoss**:从JBoss官网(https://www.jboss.org/jbossas/downloads)获取`jboss-as-distribution-6.1.0.Final`。 2. **解压JBoss**:将下载的JBoss解压到任意目录,比如`/usr/local/JBoss`。 3. **配置环境...

    中间件jboss环境搭建01

    - SSL配置:如果需要启用HTTPS服务,则需要配置SSL证书及相关的安全策略。 - 集群配置:对于需要高可用性和负载均衡的应用场景,还需要对JBoss进行集群配置。 4. **启动与验证**:启动JBoss服务并验证其是否正常...

    JBoss AS7教程

    3. SSL配置:启用HTTPS协议,保证通信过程的安全性。 五、JBoss AS7的集群与高可用性 1. 集群配置:通过JGroups实现节点间的通信,创建高可用性的集群环境。 2. 负载均衡:通过负载均衡器分配请求到不同的服务器...

    JBOSS启动顺序、JBOSS占用的端口

    1. **HTTP/HTTPS端口**:默认情况下,JBoss的HTTP端口是8080,HTTPS端口是8443,用于处理HTTP和安全的HTTPS请求。 2. **管理端口**:如`management-http`的9990端口用于管理控制台,`management-native`的9999端口...

    一台机器部署多个jboss说明

    ### 一台机器部署多个JBoss服务器的配置方法 在企业级应用开发中,有时需要在同一台物理机器上部署多个JBoss应用服务器实例。这可能是出于性能测试、开发环境搭建或是资源利用等多种考虑因素。然而,在同一台机器上...

    Apache与Jboss负载均衡教程

    主要内容涵盖JBoss的基本介绍、配置技巧、HTTPS的配置、Apache的安装与配置流程、JBoss集群的搭建以及粘性Session策略的应用。 - **JBoss简介**:JBoss是一款开源应用服务器,100%基于Java开发,与底层操作系统...

    jboss开发技术文档

    2. **web服务的端口号的修改**:如果需要更改HTTP或HTTPS端口,可以在standalone/configuration/standalone.xml或domain/configuration/domain.xml中找到相应的socket-binding配置。 3. **JBoss的安全设置**:JBoss...

    Jboss基础.pdf

    - **SSL/TLS**:可以配置服务器使用HTTPS协议,提高网络通信的安全性。 6. **故障排查与性能优化** - **日志分析**:查看`standalone/log/server.log`或`domain/log/host-controller.log`等日志文件,有助于定位...

    eclipse+Jboss配置远程调试

    ### Eclipse与JBoss远程调试详解 #### 一、引言 在软件开发过程中,经常会遇到部署在测试或生产环境的应用出现问题但无法在本地环境中重现的情况。这种情况下,使用远程调试技术能够有效地帮助开发者定位问题所在...

    Jboss 下载地址

    - Red Hat官方网站:https://www.redhat.com/en/technologies/jboss-middleware - GitHub仓库:https://github.com/wildfly/wildfly/releases 下载时要注意选择适合你的操作系统(例如Linux、Windows或macOS)和...

    jboss as7 文档

    - 涉及HTTP/HTTPS监听器、管理接口等。 - **5.4.2 配置安全领域**:指导如何设置认证机制、权限控制等安全措施。 - **5.4.3 开箱即用配置**:介绍了JBoss AS7预设的一些常用配置。 - **5.4.4 详细配置**:深入探讨...

    JBOSS-7.0.2-Final包

    JBoss AS 7.x系列在Web服务方面有显著提升,支持HTTP/HTTPS协议,以及Servlet、JSP、JSF等Web技术。此外,它还包含了对EJB(Enterprise JavaBeans)3.1的支持,使企业级业务逻辑的实现更加便捷。 解压这个包后,...

    JBoss AS 7 简介

    - **源代码仓库**:https://github.com/jbossas/jboss-as - **讨论论坛**:http://community.jboss.org/community/jbossas/dev/jboss_as7_development?view=all - **下载页面**:...

    jboss5服务器2

    - **SSL加密**:支持HTTPS协议,保障通信过程中的数据安全。 - **角色与权限**:定义不同角色并分配相应的操作权限,强化系统安全。 6. **开发与调试** - **IDE集成**:与Eclipse、IntelliJ IDEA等开发工具无缝...

Global site tag (gtag.js) - Google Analytics