1. Jboss EAP 6 配置 URI_ENCODING
In order to set UTF-8 for URI encoding you have to edit the JBOSS_HOME/standalone/configuration/standalone.xml file and add a system property named org.apache.catalina.connector.URI_ENCODING,(with value set to UTF-8) to the system-properties element.
Below is the code that needs to be added to the configuration file you use:
<system-properties>
<property name="org.apache.catalina.connector.URI_ENCODING" value="UTF-8"/>
<property name="org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING" value="true"/>
</system-properties>
Please note that the system-properties node has to be placed directly under the extensions node, in standalone.xml file, or you will get parse errors.
可以到jboss maven仓库下载jbossweb源码(org/jboss/web/jbossweb/),查看org.apache.catalina.connector.Connector的代码(jboss module: org\jboss\as\web\main\jbossweb-vesionxx.jar)
还有一个编码相关参数file.encoding,可以配置在standalone.conf/standalone.conf.bat的JAVA_OPTS中:
set "JAVA_OPTS=%JAVA_OPTS% -Dfile.encoding=UTF-8
2. javax.xml.transform.TransformerConfigurationException: Translet class loaded, but unable to create translet instance
同样的ear包,部署在EAP 6时正常,当部署在wildfly 8时报以上错误,原因是我使用了opensaml,版本与wildfly本身提供的不一致,导致相关的xml jar冲突,改为一致的版本后恢复正常(建议使用jboss自带的包)。
3. Driver's Blob representation is of an unsupported type: oracle.sql.BLOB
删除classpath 中的Oracle驱动包,改为在JBoss module中配置。
4. JBoss EAP 6 as RHEL 7 service
service默认启动超时时间是1min 30s,可在service配置中增加如下配置,延长超时时间:
TimeoutStartSec=10min
更多Service参数请参考systemd.service — Service unit configuration
5. TransactionReaper check timeout for TX
事物超时,在EAP 6 standalone.xml中修改超时时间
<subsystem xmlns="urn:jboss:domain:transactions:1.5">
<core-environment>
<process-id>
<uuid/>
</process-id>
</core-environment>
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
<coordinator-environment default-timeout="1800"/>
</subsystem>
6. Ldap配置例子
<security-domain name="web-security" cache-type="default">
<authentication>
<login-module code="Ldap" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://boms-prod-file.iata-asd.com:389/"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="principalDNPrefix" value="uid="/>
<module-option name="principalDNSuffix" value=",ou=People,dc=bjs,dc=iata,dc=org"/>
<module-option name="rolesCtxDN" value="ou=Roles,dc=bjs,dc=iata,dc=org"/>
<module-option name="uidAttributeID" value="uniquemember"/>
<module-option name="matchOnUserDN" value="true"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="roleAttributeIsDN" value="false"/>
</login-module>
</authentication>
</security-domain>
附:启动ldap时显示日志,执行如下命令:
/usr/local/libexec/slapd -d -1
7. 加密数据库密码
1) Setup a Java Keystore to store key for password encryption
利用java keytool执行以下命令:
keytool -genseckey -alias vault -storetype jceks -keyalg AES -keysize 128 -storepass vault22 -keypass vault22 -validity 730 –keystore EAP_HOME/vault/vault.keystore
2) Initialize the Password Vault and store password in the Password Vault
EAP_HOME/bin/vault.sh --keystore EAP_HOME/vault/vault.keystore --keystore-password vault22 --alias vault --vault-block ds_boms --attribute password --sec-attr test --enc-dir EAP_HOME/vault/ --iteration 120 --salt 1234abcd
3) Configure JBoss EAP 6 to use the Password Vault
登录Jboss CLI执行以下命令:
/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "EAP_HOME/vault/vault.keystore"), ("KEYSTORE_PASSWORD" => "MASK-5dOaAVafCSd"), ("KEYSTORE_ALIAS" => "vault"), ("SALT" => "1234abcd"),("ITERATION_COUNT" => "120"), ("ENC_FILE_DIR" => "EAP_HOME/vault/")])
4) Datasource Definition Using a Password in Masked Form
<password>${VAULT::ds_boms::password::1}</password>
详细信息请参见:Password Vaults for Sensitive Strings
8, 设置log时区
使用%z,注意一定要放在%d前:
%z{GMT+8}%d{HH:mm:ss,SSS}
9. 配置HTTPS
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https">
<ssl name="https" key-alias="alias" password="12345678" certificate-key-file="${jboss.server.config.dir}\keystore.jks"/>
</connector>
10. 自动删除JSP编译的类
默认undeploy时会自动删除vfs下的lib,但不会删除work目录下的文件,deploy时JSP不会重新编译。增加系统参数org.jboss.as.web.deployment.DELETE_WORK_DIR_ONCONTEXTDESTROY=true,然后重启Jboss,下次undeploy时就会自动删除了。
11. java.sql.SQLException: javax.resource.ResourceException: IJ000457: Unchecked throwable in managedConnectionReconnected
使用xa datasource,并添加以下参数:
<xa-pool>
<is-same-rm-override>false</is-same-rm-override>
<no-tx-separate-pools/>
/xa-pool>
12. 删除x-powered-by header
在domain:web中增加jsp-configuration
<subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false">
<configuration>
<jsp-configuration x-powered-by="false"/>
</configuration>
</subsystem> 如使用JSF,在web.xml中增加:
<context-param>
<param-name>com.sun.faces.sendPoweredByHeader</param-name>
<param-value>false</param-value>
</context-param>
13. JNDI Datasource配置
这种方式不大使用了,一般采用JPA方式,升级老系统可能会用到。
1) 在jboss-web.xml中增加如下配置
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<resource-ref>
<res-ref-name>jdbc/ExampleDS</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<jndi-name>java:jboss/datasources/ExampleDS</jndi-name>
</resource-ref>
</jboss-web>
2) 在web.xml中增加如下配置
<resource-ref> <res-ref-name>jdbc/ExampleDS</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> </resource-ref>
3) Java代码
Context ctx = new InitialContext();
DataSource ds = (javax.sql.DataSource) ctx.lookup("java:comp/env/jdbc/ExampleDS");
注意:J2EE规范,JDBC DataSource必须使用java:comp/env/jdbc subcontext。
Jboss EAP 6.4 Administration and Configuration Guide
Jboss EAP 6.4 Development Guide
Control the order of Deployed Applications on JBoss EAP 6
Running Multiple JBoss EAP Standalone Servers on a Single Machine
Replace the Default Welcome Web Application
Setting up an SSL/TLS Connector
JBoss EAP 6 Performance Tuning