I have this working configuration:
jboss-web.xml (in WAR):
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/effebi</security-domain>
<context-root>/</context-root>
</jboss-web>
standalone.xml (in JBoss conf):
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<virtual-server name="default-host" enable-welcome-root="false" default-web-module="test">
<alias name="localhost"/>
<alias name="www.test.com"/>
</virtual-server>
</subsystem>
I need to deploy another app (e.g. www.foo.bar) at "/" context-root.
I read in the docs that I need to define virtual-host for having two simultaneous "/" root-contexts. So in jboss-web.xml:
<virtual-host>localhost</virtual-host>
<virtual-host>www.test.com</virtual-host>
This results in:
JBAS014775: New missing/unsatisfied dependencies:
service jboss.web.host."www.test.com" (missing) dependents: [service jboss.web.deployment."www.test.com"./]
11:01:23,015 ERROR [org.jboss.as.server.deployment.scanner]
(DeploymentScanner-threads - 1) {"JBAS014653: Composite operation
failed and was rolled back. Steps that failed:" => {"Operation step-2"
=> {"JBAS014771: Services with missing/unavailable dependencies" => ["jboss.web.deployment.\"www.test.com\"./jboss.web.host.\"www.test.com\"Missing[jboss.web.deployment.\"www.test.com\"./jboss.web.host.\"www.test.com\"]"]}}}
Can somebody help me please? JBoss community hasn't been really helpful.
tag should point to virtual-server "name", not the domain.
I blogged about that: http://fabiobozzo.wordpress.com/2013/02/25/multiple-web-applications-with-jboss-and-apache/
Related
I am new to working with JBoss and I'm working on setting up a cluster to test with. I followed the directions from middleware to setup a JBoss Domain cluster on a single Linux VM using JBoss EAP 7.1.6. I am now trying to deploy a web application to my cluster using the admin console to test that the cluster is working.
I have created a simple hello world web app using liweinan's cluster demo source code that should display the current time. I tested the app and it displays correctly on a standalone cluster, but when I test my domain cluster I am seeing the page telling me that I need to disable the welcome content. What am I doing wrong? Is there something that also needs to be configured on the slaves?
Here is my jboss-web.xml in my application war:
<jboss-web>
<context-root>/</context-root>
</jboss-web>
In the host-master.xml the domain controller is:
<domain-controller>
<local/>
</domain-controller>
In the domain.xml file I have updated the interfaces to match the address of my machine. I also commented out the welcome content in the undertow.
<subsystem xmlns="urn:jboss:domain:undertow:4.0">
<buffer-cache name="default"/>
<server name="default-server">
<ajp-listener name="ajp" socket-binding="ajp"/>
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost">
<!--<location name="/" handler="welcome-content"/>-->
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<http-invoker security-realm="ApplicationRealm"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<!--<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>-->
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
In both of the host-slave.xml files I have updated the socket interface management port, the interface inet-address, and added an offset for the servers.
Any help or suggestions would be greatly appreciated. I've been researching this for days without success.
It turns out the issue wasn't with my configuration. When you deploy the application you can't change the name. I was changing it from ClusterDemo.war to ClusterDemo. When I left the .war on the name, the app ran with no issues.
I use Jboss eap 6.4.
I'd like to have those ears deployed simultaneously but on different ports.
If I just put 2 ears into deployments I got: DuplicateServiceException: Service /app already registered.
To configure JBoss for App1.war on port 8080 and App2.war on port 8543, you should implement the following steps:
First of all, you have to add socket-binding for 8543 (as port 8080 is already defined).
<socket-binding name="http2" port="8543"/>
In web subsystem the following connectors should be declared:
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" />
<connector name="http2" protocol="HTTP/1.1" scheme="http" socket-binding="http2" />
Additionally, in web subsystem the following two virtual-servers should be declared:
<virtual-server name="host1" enable-welcome-root="false" default-web-module="App1.war">
<alias name="first.com"/>
</virtual-server>
<virtual-server name="host2" enable-welcome-root="false" default-web-module="App2.war">
<alias name="second.com"/>
</virtual-server>
Associate the appropriate virtual-server with the respective connector:
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http">
<virtual-server name="host1"/>
</connector>
<connector name="http2" protocol="HTTP/1.1" scheme="http" socket-binding="http2">
<virtual-server name="host2"/>
</connector>
The final step is to configure each application with the right jboss-web.xml in WEB-INF:
- For App1.war
<jboss-web>
<virtual-host>host1</virtual-host>
</jboss-web>
- For App2.war
<jboss-web>
<virtual-host>host2</virtual-host>
</jboss-web>
Now each application can be accessed by following the urls:
For App1.war - http://first.com:8080/App1/index.jsp
For App2.war - http://second.com:8543/App2/index.jsp
Please bear in mind that in /etc/hosts of the system, you must add the corresponding virtual-server alias names:
127.0.0.1 localhost.localdomain localhost first.com second.com
I'm trying to replace the Wildfly 10 default homepage (accessed from http://hostname:port) by one of my own web application.
I found a good way to do it by removing some parts of the undertow subsystem of the standalone.xml of my wildfly and by adding a war to the default-web-module.
My problem is that I don't have a war, I have a ear (with a war in it), and it doesn't work with that.
Hereunder is the undertow part of my standalone.xml file :
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost" default-web-module="myear.ear/mywar.war">
<access-log pattern="%{i,X-Forwarded-For} %h %{i,SM_UNIVERSALID} %t %H %p %U %q %s %D %T" prefix="http-in" suffix=".log"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
Can this solution work with an ear instead of a war, or have I to find another way ?
Thank you in advance,
Seb
Finally, I solved it by redirecting the index.html page of the welcome-content folder of WildFly to my application, it's simpler and it works perfectly.
Seb
I want to implement SSO between two apps that are deployed on same instance of Wildfly 9. I have searched about it but never got enough information regarding it.
First thing is we have to start from standalone.xml:
<subsystem xmlns="urn:jboss:domain:undertow:2.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<single-sign-on domain="localhost"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/9"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
Then in jboss-web.xml put following entry of security-domain and valve:
<jboss-web>
<security-domain>java:/jaas/other</security-domain>
<valve>
<class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>
</valve>
</jboss-web>
I am not sure about changes in web.xml.
I think we have to provide information about security-constraint and login-config.
Please help me to implement this concept in both clustered and non-clustered environment.
Try to add the following line at default-host host under the default-server server:
<single-sign-on path="/"/>
At the end, it will be like:
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<single-sign-on path="/"/>
</host>
</server>
I'm using Wildfly 9.0.2 Final.
org.apache.catalina.authenticator.SingleSignOn can't work on WildFly AS, because Tomcat is substituted by Undertow as a web container.
Normally, you don't need any change to jboss-web.xml.
For an IdP based on PicketLink, you can set jboss-web.xml as following to enable the PicketLink Authenticator:
<filter>
<filter-name>IDPFilter</filter-name>
<filter-class>org.picketlink.identity.federation.web.filters.IDPFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>IDPFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I complete the "tiago mussi" answer, valve are note supported anymore on widlfy because it uses the new webserver undertow, you can put the valve line in jboss-web it will do nothing at all...
<single-sign-on domain="localhost"/>
this is bad syntax because there is a bug in domain sso
<single-sign-on path="/"/>
this is the right syntax then in your web application you will see JSESSIONSSOID or like this name in plus than SESSIONID
picketLink is too much just for use SSO, because it handle API REST SSO, social secure, and it is a specific module with a new mechanism authentication, and furthermore if you will manage several URL you can't because you have to put in configuration the url, it is not dynamic...
How is it possible to configure Jasig's CAS to listen only on HTTPS port (8443)?
We have application divided into two parts, portal and SSO authority (JASIG CAS). Both are running on JBoss AS7 and different machines. Portal and SSO authority are configured to redirect from HTTP (8080) port to HTTPS (8443) port by
<subsystem xmlns="urn:jboss:domain:web:1.0" default-virtual-server="default-host">
<connector name="http" protocol="HTTP/1.1" socket-binding="http" scheme="http" redirect-port="8443"/>
<connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" secure="true">
<ssl name="https" password="pass" certificate-key-file="/path_to_keystore.jks"/>
</connector>
<virtual-server name="default-host">
<alias name="myapp.domain.com"/>
</virtual-server>
</subsystem>
...
<socket-binding name="http" port="8080" fixed-port="true" interface="public"/>
<socket-binding name="https" port="8443" fixed-port="true" interface="public"/>
Port redirection works well on portal part, but CAS ignores the redirection and works at http (8080) as well (shows information about non-secured access).
For correct java web app SSL configuration is necessary to make some part of application secured in web.xml file. Then redirect works flawless.
<security-constraint>
<web-resource-collection>
<web-resource-name>sso secured pages</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>