Jboss 4.2.3 迁移到 Jboss 7 EAP、数据源和安全
Jboss 4.2.3 migration to Jboss 7 EAP, datasources and security
我想将几个 Java 应用程序从 Jboss 4.2.3 迁移到 Jboss 7.0.0 EAP .
第一步,我决定迁移数据源。
例如我在 4.2.3 中有这样的数据源配置:
{profile}/deploy/some-ds.xml
<local-tx-datasource>
<jndi-name>SomeDS</jndi-name>
...
<security-domain>EncryptedSomeDBLocalRealm</security-domain>
</local-tx-datasource>
</datasources>
但我注意到数据源凭据已加密,因此我还需要迁移安全系统。
4.2.3中有相关配置:
{profile}/conf/login-config.xml
<application-policy name = "EncryptedSomeDBLocalRealm">
<authentication>
<login-module code = "org.jboss.resource.security.JaasSecurityDomainIdentityLoginModule" flag="required">
<module-option name = "username">user123</module-option>
<module-option name = "password">1ad9fNmTA/65Ufh583ZAn4</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=SomeDS</module-option>
<module-option name = "jaasSecurityDomain">jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword</module-option>
</login-module>
</authentication>
</application-policy>
{profile}/conf/jboss-service.xml
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
name="jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword">
<constructor>
<arg type="java.lang.String" value="ServerMasterPassword"/>
</constructor>
<attribute name="KeyStorePass">{CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/conf/server.password</attribute>
<attribute name="Salt">abcdefgh</attribute>
<attribute name="IterationCount">19</attribute>
</mbean>
我将此添加到我的 standalone.xml 中用于 Jboss 7 EAP:
configuration/standalone.xml
<subsystem xmlns="urn:jboss:domain:datasources:4.0">
<datasources>
<datasource jta="true" jndi-name="java:/SomeDS" pool-name="SomeDS" enabled="true" use-ccm="true">
<connection-url>{my-oracle-ldap-connection-url}</connection-url>
<driver-class>oracle.jdbc.OracleDriver</driver-class>
<driver>ojdbc8.jar</driver>
<security>
<security-domain>jdbcDatabaseSecure</security-domain>
</security>
<validation>
<valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
<background-validation>true</background-validation>
<stale-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleStaleConnectionChecker"/>
<exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"/>
</validation>
</datasource>
<drivers>
????? should I put here my oracle driver?
</drivers>
</datasources>
</subsystem>
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
...
<security-domain name="jdbcDatabaseSecure">
?????
</security-domain>
</security-domains>
</subsystem>
<management>
<security-realms>
...
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="server_as_01.keystore" relative-to="jboss.server.config.dir" keystore-password="123456"/>
</ssl>
</server-identities>
</security-realm>
</security-realms>
</management>
可能不太相关的 4.2.3 配置,但实际用于 SSL 配置:
{profile}/deploy/jboss-web.deployer/server.xml
<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector port="4570" address="${jboss.bind.address}"
minSpareThreads="5" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="100" scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${jboss.server.home.dir}/conf/server_as_01.keystore"
keystorePass="123456"
truststoreFile="${jboss.server.home.dir}/conf/server_as_01.keystore"
truststorePass="123456"
clientAuth="false" sslProtocol="TLS" />
我在 4.2.3 中也有这些文件:
{profile}/conf/server.password
{profile}/conf/client.truststore
{profile}/conf/server_as_01.keystore
和JAVA_OPTS="-Djavax.net.ssl.trustStore=$JBOSS_SERVER/conf/client.truststore -Djavax.net.ssl.trustStorePassword=changeit"
我尝试用 Jboss 7.0.0 EAP 配置做一些类似的事情,但正如我从 Google 中注意到的那样,这些实现有太多差异。好像JAAS在7 EAP中已经不存在了
有人可以帮我正确配置吗?
您应该参考本指南了解您面临的所有迁移相关问题。建议是,您可以先尝试迁移到 EAP 6,然后再尝试迁移到 EAP 7。
这是从 EAP 5.x 迁移到 7,https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html/migration_guide/migrating_from_older_releases
的指南
我想将几个 Java 应用程序从 Jboss 4.2.3 迁移到 Jboss 7.0.0 EAP .
第一步,我决定迁移数据源。 例如我在 4.2.3 中有这样的数据源配置:
{profile}/deploy/some-ds.xml
<local-tx-datasource>
<jndi-name>SomeDS</jndi-name>
...
<security-domain>EncryptedSomeDBLocalRealm</security-domain>
</local-tx-datasource>
</datasources>
但我注意到数据源凭据已加密,因此我还需要迁移安全系统。 4.2.3中有相关配置:
{profile}/conf/login-config.xml
<application-policy name = "EncryptedSomeDBLocalRealm">
<authentication>
<login-module code = "org.jboss.resource.security.JaasSecurityDomainIdentityLoginModule" flag="required">
<module-option name = "username">user123</module-option>
<module-option name = "password">1ad9fNmTA/65Ufh583ZAn4</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=SomeDS</module-option>
<module-option name = "jaasSecurityDomain">jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword</module-option>
</login-module>
</authentication>
</application-policy>
{profile}/conf/jboss-service.xml
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
name="jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword">
<constructor>
<arg type="java.lang.String" value="ServerMasterPassword"/>
</constructor>
<attribute name="KeyStorePass">{CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/conf/server.password</attribute>
<attribute name="Salt">abcdefgh</attribute>
<attribute name="IterationCount">19</attribute>
</mbean>
我将此添加到我的 standalone.xml 中用于 Jboss 7 EAP:
configuration/standalone.xml
<subsystem xmlns="urn:jboss:domain:datasources:4.0">
<datasources>
<datasource jta="true" jndi-name="java:/SomeDS" pool-name="SomeDS" enabled="true" use-ccm="true">
<connection-url>{my-oracle-ldap-connection-url}</connection-url>
<driver-class>oracle.jdbc.OracleDriver</driver-class>
<driver>ojdbc8.jar</driver>
<security>
<security-domain>jdbcDatabaseSecure</security-domain>
</security>
<validation>
<valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
<background-validation>true</background-validation>
<stale-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleStaleConnectionChecker"/>
<exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"/>
</validation>
</datasource>
<drivers>
????? should I put here my oracle driver?
</drivers>
</datasources>
</subsystem>
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
...
<security-domain name="jdbcDatabaseSecure">
?????
</security-domain>
</security-domains>
</subsystem>
<management>
<security-realms>
...
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="server_as_01.keystore" relative-to="jboss.server.config.dir" keystore-password="123456"/>
</ssl>
</server-identities>
</security-realm>
</security-realms>
</management>
可能不太相关的 4.2.3 配置,但实际用于 SSL 配置:
{profile}/deploy/jboss-web.deployer/server.xml
<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector port="4570" address="${jboss.bind.address}"
minSpareThreads="5" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="100" scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${jboss.server.home.dir}/conf/server_as_01.keystore"
keystorePass="123456"
truststoreFile="${jboss.server.home.dir}/conf/server_as_01.keystore"
truststorePass="123456"
clientAuth="false" sslProtocol="TLS" />
我在 4.2.3 中也有这些文件:
{profile}/conf/server.password
{profile}/conf/client.truststore
{profile}/conf/server_as_01.keystore
和JAVA_OPTS="-Djavax.net.ssl.trustStore=$JBOSS_SERVER/conf/client.truststore -Djavax.net.ssl.trustStorePassword=changeit"
我尝试用 Jboss 7.0.0 EAP 配置做一些类似的事情,但正如我从 Google 中注意到的那样,这些实现有太多差异。好像JAAS在7 EAP中已经不存在了
有人可以帮我正确配置吗?
您应该参考本指南了解您面临的所有迁移相关问题。建议是,您可以先尝试迁移到 EAP 6,然后再尝试迁移到 EAP 7。 这是从 EAP 5.x 迁移到 7,https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html/migration_guide/migrating_from_older_releases
的指南