堆栈内存溢出
  繁体   English   中英

Jboss 4.2.3迁移到Jboss 7 EAP,数据源和安全性

[英]Jboss 4.2.3 migration to Jboss 7 EAP, datasources and security

 原文  2017-08-23 10:05:19       java/ ssl/ jboss/ jboss-eap-7/ jboss-4.0.x

问题描述

我想将几个Java应用程序从Jboss 4.2.3迁移到Jboss 7.0.0 EAP

对于第一步,我决定迁移数据源。 例如,我在4.2.3中有这样的数据源配置: 

{profile}/deploy/some-ds.xml
<local-tx-datasource>
    <jndi-name>SomeDS</jndi-name>
    ...
    <security-domain>EncryptedSomeDBLocalRealm</security-domain>
  </local-tx-datasource>
</datasources>

但是我注意到数据源凭据已加密,因此我还需要迁移安全系统。 4.2.3中有相关的配置: 

{profile}/conf/login-config.xml
<application-policy name = "EncryptedSomeDBLocalRealm">
    <authentication>
       <login-module code = "org.jboss.resource.security.JaasSecurityDomainIdentityLoginModule" flag="required">
             <module-option name = "username">user123</module-option>
             <module-option name = "password">1ad9fNmTA/65Ufh583ZAn4</module-option>
             <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=SomeDS</module-option>
             <module-option name = "jaasSecurityDomain">jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword</module-option>
       </login-module>
    </authentication>
</application-policy>

{profile}/conf/jboss-service.xml
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
  name="jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword">
  <constructor>
     <arg type="java.lang.String" value="ServerMasterPassword"/>
  </constructor>
  <attribute name="KeyStorePass">{CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/conf/server.password</attribute>
  <attribute name="Salt">abcdefgh</attribute>
  <attribute name="IterationCount">19</attribute>
</mbean>

我将其添加到用于Jboss 7 EAP的standalone.xml中: 

configuration/standalone.xml
<subsystem xmlns="urn:jboss:domain:datasources:4.0">
    <datasources>
        <datasource jta="true" jndi-name="java:/SomeDS" pool-name="SomeDS" enabled="true" use-ccm="true">
            <connection-url>{my-oracle-ldap-connection-url}</connection-url>
            <driver-class>oracle.jdbc.OracleDriver</driver-class>
            <driver>ojdbc8.jar</driver>
            <security>
                <security-domain>jdbcDatabaseSecure</security-domain>
            </security>
            <validation>
                <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
                <background-validation>true</background-validation>
                <stale-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleStaleConnectionChecker"/>
                <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"/>
            </validation>
        </datasource>
        <drivers>
            ????? should I put here my oracle driver?
        </drivers>
    </datasources>
</subsystem>

<subsystem xmlns="urn:jboss:domain:security:1.2">
    <security-domains>
        ...
        <security-domain name="jdbcDatabaseSecure">
        ?????
        </security-domain>
    </security-domains>
</subsystem>

<management>
    <security-realms>
        ...
        <security-realm name="UndertowRealm">
            <server-identities>
                <ssl>
                    <keystore path="server_as_01.keystore" relative-to="jboss.server.config.dir" keystore-password="123456"/>
                </ssl>
            </server-identities>
        </security-realm>
    </security-realms>
</management>

可能相关性较低的4.2.3配置,但对于SSL配置而言是实际的: 

{profile}/deploy/jboss-web.deployer/server.xml
<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector port="4570" address="${jboss.bind.address}"
    minSpareThreads="5" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true"
    acceptCount="100" maxThreads="100" scheme="https" secure="true" SSLEnabled="true" 
    keystoreFile="${jboss.server.home.dir}/conf/server_as_01.keystore"
    keystorePass="123456" 
    truststoreFile="${jboss.server.home.dir}/conf/server_as_01.keystore"
    truststorePass="123456" 
    clientAuth="false" sslProtocol="TLS" />

我在4.2.3中也有这些文件: 

{profile}/conf/server.password
{profile}/conf/client.truststore
{profile}/conf/server_as_01.keystore

并且JAVA_OPTS="-Djavax.net.ssl.trustStore=$JBOSS_SERVER/conf/client.truststore -Djavax.net.ssl.trustStorePassword=changeit"

我试图对Jboss 7.0.0 EAP配置做类似的事情,但是正如我从Google所注意到的那样,这些实现之间有太多差异。 似乎JAAS在7 EAP中不再存在。

有人可以帮助我进行正确的配置吗?

1 个解决方案

解决方案1
 0 已采纳  2017-08-26 05:39:06

对于您面临的所有与迁移相关的问题,您都应参考本指南。 建议是,您可以先尝试迁移到EAP 6,然后再尝试迁移到EAP7。这是从EAP 5.x迁移到7的指南, https://access.redhat.com/documentation/zh-我们/red_hat_jboss_enterprise_application_platform/7.0/html/migration_guide/migrating_from_older_releases

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 JBoss从JBoss AS 4.2 GA迁移到JBoss EAP 6.2 从 JBoss 5.1 EAP 迁移到 Wildfly 10 Soap Web Service从tomcat迁移到Jboss 4.2.3 Jboss 4.2.3的Servlet规范 迁移到JBoss EAP 7后找不到通过注释选择CDI实例 JBoss 4.2.3与ActiveMQ 5.15.0的集成 从 Jboss 4.2.3 迁移到 Wildfly 8 Jboss EAP-未加载Servlet JBoss EAP 7 与 Oracle 数据源 JBoss EAP 7和Ifinispan
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM