Hello.I have some misunderstanding while configuring ssl for jboss. I'm using this http://help.adobe.com/en_US/livecycle/9.0/adminHelp/admin.htm?content=000216.html article.The problem is i have not such piece in servers.xml like
<!-- SSL/TLS Connector configuration using the admin devl guide keystore <Connector port="8443" address="${jboss.bind.address}" maxThreads="100" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/keystoreFile.keystore" keystorePass="keystorePass" sslProtocol = "TLS" />
-->
My xml looks like that:
<Server>^M
^M
<!--APR library loader. Documentation at /docs/apr.html -->^M
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />^M
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->^M
<Listener className="org.apache.catalina.core.JasperListener" />^M
^M
<!-- Use a custom version of StandardService that allows the^M
connectors to be started independent of the normal lifecycle^M
start to allow web apps to be deployed before starting the^M
connectors.^M
-->^M
<Service name="jboss.web">^M
^M
<!-- A "Connector" represents an endpoint by which requests are received^M
and responses are returned. Documentation at :^M
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)^M
Java AJP Connector: /docs/config/ajp.html^M
APR (HTTP/AJP) Connector: /docs/apr.html^M
Define a non-SSL HTTP/1.1 Connector on port 8080^M
-->^M
<Connector port="8080" address="${jboss.bind.address}" ^M
maxThreads="250" maxHttpHeaderSize="8192"^M
emptySessionPath="true" protocol="HTTP/1.1"^M
enableLookups="false" redirectPort="8443" acceptCount="100"^M
connectionTimeout="20000" disableUploadTimeout="true" />^M
^M
<!-- Define a SSL HTTP/1.1 Connector on port 8443^M
This connector uses the JSSE configuration, when using APR, the ^M
connector should be using the OpenSSL style configuration^M
described in the APR documentation -->^M
<Connector port="8443" address="${jboss.bind.address}"<!-- protocol="HTTP/1.1" SSLEnabled="true"-->^M
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" scheme="https"
secure="true"^M
clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/coskey.keystore"
keystorePass="keypass" sslProtocol="TLS" />^M
^M
<!-- Define an AJP 1.3 Connector on port 8009 -->^M
<Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3"^M
emptySessionPath="true" enableLookups="false" redirectPort="8443" />^M
^M
<Engine name="jboss.web" defaultHost="localhost">^M
^M
<!-- The JAAS based authentication and authorization realm implementation^M
that is compatible with the jboss 3.2.x realm implementation.^M
- certificatePrincipal : the class name of the^M
org.jboss.security.auth.certs.CertificatePrincipal impl^M
used for mapping X509[] cert chains to a Princpal.^M
- allRolesMode : how to handle an auth-constraint with a role-name=*,^M
one of strict, authOnly, strictAuthOnly^M
+ strict = Use the strict servlet spec interpretation which requires^M
that the user have one of the web-app/security-role/role-name^M
+ authOnly = Allow any authenticated user^M
+ strictAuthOnly = Allow any authenticated user only if there are no^M
web-app/security-roles^M
-->^M
<Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"^M
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"^M
allRolesMode="authOnly"^M
/>^M
<!-- A subclass of JBossSecurityMgrRealm that uses the authentication^M
behavior of JBossSecurityMgrRealm, but overrides the authorization^M
checks to use JACC permissions with the current java.security.Policy^M
to determine authorized access.^M
- allRolesMode : how to handle an auth-constraint with a role-name=*,^M
one of strict, authOnly, strictAuthOnly^M
+ strict = Use the strict servlet spec interpretation which requires^M
that the user have one of the web-app/security-role/role-name^M
+ authOnly = Allow any authenticated user^M
+ strictAuthOnly = Allow any authenticated user only if there are no^M
web-app/security-roles^M
<Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"^M
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"^M
allRolesMode="authOnly"^M
/>^M
-->^M
^M
<Host name="localhost"^M
autoDeploy="false" deployOnStartup="false" deployXML="false"^M
configClass="org.jboss.web.tomcat.security.config.JBossContextConfig"^M
>^M
^M
<!-- Uncomment to enable request dumper. This Valve "logs interesting ^M
contents from the specified Request (before processing) and the ^M
corresponding Response (after processing). It is especially useful ^M
in debugging problems related to headers and cookies."^M
-->^M
<!--^M
<Valve className="org.apache.catalina.valves.RequestDumperValve" />^M
-->^M
^M
<!-- Access logger -->^M
<!--^M
<Valve className="org.apache.catalina.valves.AccessLogValve"^M
prefix="localhost_access_log." suffix=".log"^M
pattern="common" directory="${jboss.server.home.dir}/log" ^M
resolveHosts="false" />^M
-->^M
^M
<!-- Uncomment to enable single sign-on across web apps^M
deployed to this host. Does not provide SSO across a cluster. ^M
^M
If this valve is used, do not use the JBoss ClusteredSingleSignOn ^M
valve shown below. ^M
^M
A new configuration attribute is available beginning with^M
release 4.0.4:^M
^M
cookieDomain configures the domain to which the SSO cookie^M
will be scoped (i.e. the set of hosts to^M
which the cookie will be presented). By default^M
the cookie is scoped to "/", meaning the host^M
that presented it. Set cookieDomain to a^M
wider domain (e.g. "xyz.com") to allow an SSO^M
to span more than one hostname.^M
-->^M
<!--^M
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />^M
-->^M
^M
<!-- Uncomment to enable single sign-on across web apps^M
deployed to this host AND to all other hosts in the cluster.^M
^M
If this valve is used, do not use the standard Tomcat SingleSignOn^M
valve shown above.^M
^M
Valve uses a JBossCache instance to support SSO credential ^M
caching and replication across the cluster. The JBossCache ^M
instance must be configured separately. By default, the valve ^M
shares a JBossCache with the service that supports HttpSession ^M
replication. See the "jboss-web-cluster-service.xml" file in the ^M
server/all/deploy directory for cache configuration details.^M
^M
Besides the attributes supported by the standard Tomcat^M
SingleSignOn valve (see the Tomcat docs), this version also ^M
supports the following attributes:^M
^M
cookieDomain see above^M
^M
treeCacheName JMX ObjectName of the JBossCache MBean used to ^M
support credential caching and replication across^M
the cluster. If not set, the default value is ^M
"jboss.cache:service=TomcatClusteringCache", the ^M
standard ObjectName of the JBossCache MBean used ^M
to support session replication.^M
-->^M
<!--^M
<Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />^M
-->^M
^M
<!-- Check for unclosed connections and transaction terminated checks^M
in servlets/jsps.^M
^M
Important: The dependency on the CachedConnectionManager^M
in META-INF/jboss-service.xml must be uncommented, too^M
-->^M
<Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"^M
cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"^M
transactionManagerObjectName="jboss:service=TransactionManager" />^M
^M
</Host>^M
^M
</Engine>^M
^M
</Service>^M
^M
</Server>^M
Bold text is text i've changed in this xml . Is it correct? Or should i write something else there.
Thx in advance.
Views
Replies
Total Likes
Hello
I have attached the "server.xml" from my system that I have configured with SSL. I created my own self-signed ketystore with the java keytool. Here is SSL section of the file as well...
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/lces-ssl.jks"
keystorePass="yourkeystrepasswordhere" sslProtocol="TLS" />
The file is located at the following location... C:\Adobe\Adobe LiveCycle ES2\jboss\server\lc_turnkey\deploy\jboss-web.deployer This is the default location for the JBoss Turnkey install for LiveCycle ES2.
Hope this helps.
Steve
Views
Replies
Total Likes