jboss 入门 行癫. agenda jboss install & monitor naming on jboss web application security...
TRANSCRIPT
研究院
JBOSS 入门
行癫
研究院
Agenda
JBOSS Install & Monitor Naming On JBOSS Web Application Security On JBOSS Clustering On JBOSS Application Deploy for JBOSS TaoBao Practise On JBOSS
研究院
JBoss Install
Directory Structure
研究院
JBoss Install
The Default Server Configuration File Set
研究院
JBoss Install & Monitor
研究院
JBoss Install & Monitor
研究院
JBoss Install & Monitor
研究院
Naming on JBOSS
NamingA naming service’s primary function is to map peo
ple-friendly names to objects, such as addresses, identifiers, or objects typically used by computer programs.
JNDIThe java Naming and Directory Interface(JNDI) is an
application programming interface that provides nameing and directory functionality to application written using the Java programming language.
研究院
Naming on JBOSS
JNDI Architecture
研究院
Naming on JBOSS
JNDI on JBOSS
研究院
Naming on JBOSS
Key components in the JBossNS architecture
Port RmiPort BindAddress RmiBindAddress Backlog ClientSocketFactory ServerSocketFactory JNPServerSocketFactory
研究院
Naming On JBOSS
USING JNDI The standard naming context factory
Java.naming.factory.initial Java.naming.provider.url Java.naming.factory.url.pkgs Jnp.socketFactory Jnp.timeout Jnp.sotimeout
研究院
JNDI
ENC – enterprise naming context Naming scope in JBoss: names under java:comp, names under java:,and any other na
me. The java:comp context and its subcontexts are only available to the application component associated with th
at particular context. Subcontexts and object bindings directly under java: are only visible within the JBoss server virtual machine and not to remote clients. Any other context or object binding is available to remote clients, provided the context or object supports serialization.
Resource Manager Connection Factory References: Each resource-ref element describers a single resource manager connection factory reference. The resource-ref
element consists of the following child elements:------------------------------------------------------------------------- An optional description element. A res-ref-name element. A res-type element. A res-auth element.------------------------------------------------------------ JDBC DataSource references should be declared in the java:comp/env/jdbc subcontext. JMS connection factories should be declared in the java:comp/env/jms subcontext. JavaMail connection factories should be declared in the java:comp/env/mai subcontext. URL connection factories should be declared in the java:comp/env/url subcontext.
研究院
Web Application
Using Tomcat 5 Support servlet 2.4 and jsp 2.0 specifaction
DefaultSecurityDomainJava2ClassLoadingCompliance
UseJBossWebLoaderLenientEjbLinkManagerClassUserJKDomain
研究院
JSP2.0
JSP Custom Tag Pooling Background JSP compilation Recompile JSP when included page changes JDT used to compile JSP pages
研究院
Web Application
The server.xml The Connector element acceptCount connectionTimeout enableLookups maxThreads maxSpareThreads minSpareThreads URIEncoding useBodyEncodingForURI
研究院
Web Application
Using Apache with Tomcat
<Connector port="8009" address="${jboss.bind.address}" enableLookups="false" redirectPort="8443" debug="0" protocol="AJP/1.3" />
LoadModule jk_module libexec/mod_jk.so AddModule mod_jk.c <IfModule mod_jk.c> JkWorkersFile /tmp/workers.properties JkLogFile /tmp/mod_jk.log JkLogLevel debug JkMount /jbosstest/* ajp13 </IfModule>
研究院
Web Application
/opt/taobao/install/httpd/modules/mod_jk.so
JkWorkerProperty worker.list=local JkWorkerProperty worker.local.type=ajp13 JkWorkerProperty worker.local.host=localhost JkWorkerProperty worker.local.port=8009 JkWorkerProperty worker.local.socket_timeout=30 JkWorkerProperty worker.local.socket_keepalive=1 JkWorkerProperty worker.local.recycle_timeout=15
JkLogFile /home/admin/cai/logs/denali_jk.log JkLogLevel info JkOptions +ForwardURICompat
JkMount /auction/checkcode local JkMount /services/tbassistant local JkMount /services/tbassistant2 local JkMount /*.htm local JkMount /*.jhtml local JkMount /*.php local JkMount /*.esi local JkMount /*.vhtml local JkMount /*.do local
研究院
Security on JBOSS
研究院
Security on JBOSS
Define a Security DomainThe conf/login-config.xml file is the central configuration po
int for security in JBoss.
<application-policy name="other"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRole
sLoginModule" flag="required" /> </authentication>
</application-policy>
研究院
Security On JBoss
To set the security domain, we need to introduce another Jboss-specific deployment descriptor : jboss-web.xml
<jboss-web> <security-domain>java:/jaas/todo</security-domain></jboss-web>
研究院
Security On JBoss
Using Hashed Password<application-policy name="todo">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName"> java:/DefaultDS</module-option>
<module-option name="principalsQuery"> select passwd from USERS where login=? </module-option>
<module-option name="rolesQuery"> select role, 'Roles' from USER_ROLES where login=? </module-option>
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="hashEncoding">BASE64</module-option>
</login-module>
</authentication>
</application-policy>
研究院
Security On JBoss
The login-config.xml entry for the EncryptDBPassword? would look like:
<policy> <!-- Example usage of the SecureIdentityLoginModule --> <application-policy name = "EncryptDBPassword"> <authentication> <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required"> <m
odule-option name = "username">admin</module-option> <module-option name = "password">5dfc52b51bd35553df8592078de921bc</module-option> <mod
ule-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
</login-module> </authentication> </application-policy> </policy>
If you use a xa-datasource then the module-option name="managedConnectionFactoryName" should be:
<module-option name = "managedConnectionFactoryName">jboss.jca:service=XATxCM,name=DefaultDS</module-option>
研究院
Security On JBoss
Using SecureIdentityLoginModuleEncode password:java -cp lib/jboss-jmx.jar:lib/jboss-common.jar:server/default/lib/jboss-jca.jar:s
erver/default/lib/jbosssx.jar org.jboss.resource.security.SecureIdentityLoginModule taobao123
<datasources> <local-tx-datasource> <jndi-name>DefaultDS</jndi-name> <connection-url>jdbc:oracle:thin:@dev-db:1000:abc</connection-url> <idle-timeout-minutes>15</idle-timeout-minutes> <max-pool-size>20</max-pool-size> <min-pool-size>10</min-pool-size> <!-- Use the security domain defined in conf/login-config.xml --> <security-domain>EncryptDBPassword</security-domain> </local-tx-datasource> </datasources>
研究院
Web Clustering
Clustering: EJB、 JMS、 JNDI、WEB Web Cluster: load balance、 state synchro
nization Request-Based: session replication User-Based: session sticky
研究院
Clustering
worker.list=loadbalancer,server1,server2
# Define the first node... worker.server1.port=8009 worker.server1.host=172.16.0.116 worker.server1.type=ajp13 worker.server1.lbfactor=1 worker.server1.local_worker=1 worker.server1.cachesize=10
# Define the first node... worker.server2.port=8009 worker.server2.host=172.16.32.88 worker.server2.type=ajp13 worker.server2.lbfactor=1 worker.server2.local_worker=1 worker.server2.cachesize=10
# Now we define the load-balancing behaviour worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers=server1,server2 worker.loadbalancer.sticky_session=1
研究院
Web Clusting
Configure JBoss
edit the JBOSS_HOME/server/all/deploy/jbossweb-tomcat50.sar/server.xml file:<Engine name="jboss.web" defaultHost="localhost" jvmRoute="node1"> ... ... </Engine>
<attribute name="UseJK">true</attribute>
研究院
JMS & MDB
JBoss Messaging Overview Invocation Layer (IL) UIL2 IL JVM IL HTTP IL Security Manager Destination Manager Message Cache State Manager Persistence Manager DBC2 persistence manager Null Persistence Manager
Destinations Queues Topics
研究院
JMS & MDB
JBoss Messaging Configuration and MBeans
org.jboss.mq.server.MessageCache
CacheStore: The JMX ObjectName of the service that will act as the cache store. The cache store is used by the MessageCache to move messages to persistent storage. The value you set here typically depends on the type of persistence manager you are using.
HighMemoryMark: The amount of JVM heap memory in megabytes that must be reached before the MessageCache starts to move messages to secondary storage.
MaxMemoryMark: The maximum amount of JVM heap memory in megabytes that the MessageCache considers to be the max memory mark. As memory usage approaches the max memory mark, the MessageCache will move messages to persistent storage so that the number of messages kept in memory approaches zero.
研究院
JMS & MDB
EJB-JAR.XML
<message-driven> <ejb-name>CommandDispatcherMDB</ejb-name> <ejb-class>com.alibaba.biz.command.dispatcher.ejb.mdb.CommandDispatcherBean</ejb-class
> <transaction-type>Container</transaction-type> <message-driven-destination> <destination-type>javax.jms.Queue</destination-type> </message-driven-destination> <env-entry> <env-entry-name>serviceConfig</env-entry-name> <env-entry-type>java.lang.String</env-entry-type> <env-entry-value>classpath/denali-biz-service.xml</env-entry-value> </env-entry> <resource-ref> <res-ref-name>jms/QCF</res-ref-name> <res-type>javax.jms.QueueConnectionFactory</res-type> <res-auth>Container</res-auth> </resource-ref> </message-driven>
研究院
JMS & MDB
Jboss.xml
<jboss> <enterprise-beans> <session> <ejb-name>CommandDispatcherSLSB</ejb-name> <jndi-name>ejb/CommandDispatcherSLSB</jndi-name> </session> <message-driven> <ejb-name>CommandDispatcherMDB</ejb-name> <destination-jndi-name>queue/B</destination-jndi-name> <configuration-name>Standard Message Driven Bean</configuration-name> <resource-ref> <res-ref-name>jms/QCF</res-ref-name> <jndi-name>ConnectionFactory</jndi-name> </resource-ref> </message-driven> </enterprise-beans></jboss>
研究院
JMS & MDB
jvm-il-service.xml
uil2-service.xml
<!-- JNDI binding --> <attribute name="ConnectionFactoryJNDIRef">ConnectionFactory</attribute>
<attribute name="ConnectionFactoryJNDIRef">java:/ConnectionFactory</attribute>
研究院
Application Deploy
Jboss-service.xml
<mbean code="org.jboss.deployment.scanner.URLDeploymentScanner" name="jboss.deployment:type=DeploymentScanner,flavor=URL"> <attribute name="URLs"> deploy/ </attribute></mbean>
<!-- Example URLs: deploy/ scans ${jboss.server.url}/deploy/, which is local or remote depending on the URL used to boot the server ${jboss.server.home}/deploy/ scans ${jboss.server.home)/deploy, which is always local file:/var/opt/myapp.ear deploy myapp.ear from a local location file:/var/opt/apps/ scans the specified directory http://www.test.com/netboot/myapp.ear deploys myapp.ear from a remote location http://www.test.com/netboot/apps/ scans the specified WebDAV location -->
研究院
Directory Structure
Directory Structure├─htdocs static content├─conf dynamic config file│ └─tpl├─bin script├─lib linux lib├─oracle oracle database tnsnames│ └─network│ └─admin└─logs └─cronolog
研究院
Running multiple instances on a given machine
<mbean code="org.jboss.services.binding.ServiceBindingManager" name="jboss.system:service=ServiceBindingManager"> <attribute name="ServerName">ports-01</attribute> <attribute name="StoreURL"> ../conf/bindings.xml </attribute> <attribute name="StoreFactoryClassName"> org.jboss.services.binding.XMLServicesStoreFactory </attribute> </mbean>
研究院
Database connection pool configure:
<datasources> <local-tx-datasource> <jndi-name>genesisDataSource</jndi-name> <connection-url>jdbc:oracle:oci:@genesis</connection-url> <connection-property name="SetBigStringTryClob">true</connection-property> <connection-property name="defaultRowPrefetch">50</connection-property> <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
<min-pool-size>2</min-pool-size> <max-pool-size>5</max-pool-size> <prepared-statement-cache-size>50</prepared-statement-cache-size> <metadata><type-mapping>Oracle9i</type-mapping></metadata>
<user-name>p4p</user-name> <password>p4p</password> <!--security-domain>EncryptDB1Password</security-domain--> </local-tx-datasource></datasources>
研究院
讨论与交流