What is the access log pattern for logging the total response time to the request on undertow subsystem ?
<subsystem xmlns="urn:jboss:domain:undertow:7.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost">
<access-log prefix="access" pattern="%h %t %U%q %m %s %b %T"/> <!-- use-server-log="true" -->
<location name="/" handler="welcome-content"/>
<http-invoker security-realm="ApplicationRealm"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
</subsystem>
The %T is recording just a '-' in the logs. Please help.
Here i found the following hint:
Time taken to process the request, in seconds. It won't work unless record-request-start-time is set to true, see %D above.
There is also a link how you can configure it. record-request-start-time
If you start undertow with Spring Boot, the properties are
server.undertow.options.server.record-request-start-time=true
server.undertow.accesslog.pattern=[...] %T
Related
My goal is to allow several BUT NOT ALL origins for http requests to my Wildfly 10. I have searched StackOverflow and haven't found anything so far on this topic. People all over the Internet suggest using a wildcard, however this could effectively be a security flaw. Yes, a wildcard for Access-Control-Allow-Origin does work, but I don't want to allow just any origin. I have tried this standalone.xml part for undertow subsystem (unsuccessfully):
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" max-post-size="314572800" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<filter-ref name="Access-Control-Allow-Origin-header1"/>
<filter-ref name="Access-Control-Allow-Origin-header2"/>
<filter-ref name="Access-Control-Allow-Origin-header3"/>
<filter-ref name="Access-Control-Allow-Methods-header"/>
<filter-ref name="Access-Control-Allow-Headers-header"/>
<filter-ref name="Access-Control-Allow-Credentials-header"/>
<filter-ref name="Access-Control-Max-Age-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
<response-header name="Access-Control-Allow-Origin-header1" header-name="Access-Control-Allow-Origin" header-value="http://122.22.22.24:*"/>
<response-header name="Access-Control-Allow-Origin-header2" header-name="Access-Control-Allow-Origin" header-value="http://122.22.22.21:*"/>
<response-header name="Access-Control-Allow-Origin-header3" header-name="Access-Control-Allow-Origin" header-value="http://122.22.22.22:*"/>
<response-header name="Access-Control-Allow-Methods-header" header-name="Access-Control-Allow-Methods" header-value="GET, POST, OPTIONS, PUT"/>
<response-header name="Access-Control-Allow-Headers-header" header-name="Access-Control-Allow-Headers" header-value="accept, authorization, content-type, x-requested-with"/>
<response-header name="Access-Control-Allow-Credentials-header" header-name="Access-Control-Allow-Credentials" header-value="true"/>
<response-header name="Access-Control-Max-Age-header" header-name="Access-Control-Max-Age" header-value="1"/>
</filters>
</subsystem>
What am I doing wrong?
This nice article is explaining one way to do it, using an Undertow expression-filter validating origin against some whitelisted domains (modelled as a multi-valued|-separated list):
<property name=”cors.whitelist” value=”http://domainA|http://domainB"/>
All credits go to the article author :-)
I have a JBoss 7.2 app server and I start the server, I am able to connect to both the http and https ports but after a while running the server, I am not able to connect to the https port anymore but the http port still works so the server is still running. I tail the logs when I try to connect to the https port but nothing shows up and when I do a netstat on the https port, the port is still listening. Has anyone had this type of issue before?
JBoss Standalone.xml configuration
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="${jboss.home.dir}/standalone/configuration/XXXXX.keystore" keystore-password="XXXXXXXXX" alias="1"/>
</ssl>
</server-identities>
<subsystem xmlns="urn:jboss:domain:undertow:7.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enabled-protocols="TLSv1.1,TLSv1.2" enable-http2="true" ssl-session-cache-size="500" ssl-session-timeout="1800"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<access-log pattern="%h %l %u %t %r %s %b %{i,Referer} %{i,User-Agent} %S %T %{i,X-Forwarded-For}" prefix="access_log_"/>
<http-invoker security-realm="ApplicationRealm"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
</subsystem>
I'm trying to replace the Wildfly 10 default homepage (accessed from http://hostname:port) by one of my own web application.
I found a good way to do it by removing some parts of the undertow subsystem of the standalone.xml of my wildfly and by adding a war to the default-web-module.
My problem is that I don't have a war, I have a ear (with a war in it), and it doesn't work with that.
Hereunder is the undertow part of my standalone.xml file :
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost" default-web-module="myear.ear/mywar.war">
<access-log pattern="%{i,X-Forwarded-For} %h %{i,SM_UNIVERSALID} %t %H %p %U %q %s %D %T" prefix="http-in" suffix=".log"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
Can this solution work with an ear instead of a war, or have I to find another way ?
Thank you in advance,
Seb
Finally, I solved it by redirecting the index.html page of the welcome-content folder of WildFly to my application, it's simpler and it works perfectly.
Seb
I cannot run my cors header in wildfly.
Here is my standalone.xml
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<access-log/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<filter-ref name="gzipFilter" predicate="exists('%{o,Content-Type}') and regex(pattern='(?:application/javascript|text/css|text/html|text/xml|application/json)(;.*)?', value=%{o,Content-Type}, full-match=true)"/>
<filter-ref name="Access-Control-Allow-Origin"/>
<filter-ref name="Access-Control-Allow-Methods"/>
<filter-ref name="Access-Control-Allow-Headers"/>
<filter-ref name="Access-Control-Allow-Credentials"/>
</host>
</server>
<servlet-container name="default">
<jsp-config development="true" tag-pooling="false"/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
<gzip name="gzipFilter"/>
<response-header name="Access-Control-Allow-Origin" header-name="Access-Control-Allow-Origin" header-value="*"/>
<response-header name="Access-Control-Allow-Methods" header-name="Access-Control-Allow-Methods" header-value="GET, POST, OPTIONS, PUT"/>
<response-header name="Access-Control-Allow-Headers" header-name="Access-Control-Allow-Headers" header-value="accept, authorization, content-type, x-requested-with"/>
<response-header name="Access-Control-Allow-Credentials" header-name="Access-Control-Allow-Credentials" header-value="true"/>
</filters>
</subsystem>
And the result of ./standalone.sh is:
18:44:34,491 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) "WFLYCTL0193: Failed executing subsystem undertow boot operations"
18:44:34,493 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("parallel-subsystem-boot") failed - address: ([]) - failure description: "\"WFLYCTL0193: Failed executing subsystem undertow boot operations\""
18:44:34,499 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
Anyone can advise please...
You could try to increase the debug level for JBoss classes (eg "org.jboss.as" and/or ""org.jboss.as.config").
In your "standalone.xml" file:
<subsystem xmlns="urn:jboss:domain:logging:5.0">
...
<logger category="org.jboss.as.config">
<level name="DEBUG"/>
</logger>
and then restart your server
I am using wildfly and I create a folder to store images. eg:
localhost:8080/images/1/3487722873453756755.jpeg
but if i put :
localhost:8080/images/1/
our
localhost:8080/images/
I can see all files in that folders
How can I protect that folders?
My standalone.xml:
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<location name="/images" handler="PicturesDir"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
<file name="PicturesDir" path="C:\Users\diogo\wildfly-10.1.0.Final\bin\Images\" directory-listing="true"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>