java - Jboss 4.2.3 migration to Jboss 7 EAP, datasources and security -

- April 25, 2013

i want migrate several java applications jboss 4.2.3 jboss 7.0.0 eap.

for first step, decided migrate datasources. example have such datasource config in 4.2.3:

{profile}/deploy/some-ds.xml <local-tx-datasource>     <jndi-name>someds</jndi-name>     ...     <security-domain>encryptedsomedblocalrealm</security-domain>   </local-tx-datasource> </datasources>

but have noticed datasource credentials encrypted , need migrate security system. there related configs in 4.2.3:

{profile}/conf/login-config.xml <application-policy name = "encryptedsomedblocalrealm">     <authentication>        <login-module code = "org.jboss.resource.security.jaassecuritydomainidentityloginmodule" flag="required">              <module-option name = "username">user123</module-option>              <module-option name = "password">1ad9fnmta/65ufh583zan4</module-option>              <module-option name = "managedconnectionfactoryname">jboss.jca:service=localtxcm,name=someds</module-option>              <module-option name = "jaassecuritydomain">jboss.security:service=jaassecuritydomain,domain=servermasterpassword</module-option>        </login-module>     </authentication> </application-policy>  {profile}/conf/jboss-service.xml <mbean code="org.jboss.security.plugins.jaassecuritydomain"   name="jboss.security:service=jaassecuritydomain,domain=servermasterpassword">   <constructor>      <arg type="java.lang.string" value="servermasterpassword"/>   </constructor>   <attribute name="keystorepass">{class}org.jboss.security.plugins.filepassword:${jboss.server.home.dir}/conf/server.password</attribute>   <attribute name="salt">abcdefgh</attribute>   <attribute name="iterationcount">19</attribute> </mbean>

i added standalone.xml jboss 7 eap:

configuration/standalone.xml <subsystem xmlns="urn:jboss:domain:datasources:4.0">     <datasources>         <datasource jta="true" jndi-name="java:/someds" pool-name="someds" enabled="true" use-ccm="true">             <connection-url>{my-oracle-ldap-connection-url}</connection-url>             <driver-class>oracle.jdbc.oracledriver</driver-class>             <driver>ojdbc8.jar</driver>             <security>                 <security-domain>jdbcdatabasesecure</security-domain>             </security>             <validation>                 <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.oraclevalidconnectionchecker"/>                 <background-validation>true</background-validation>                 <stale-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.oraclestaleconnectionchecker"/>                 <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.oracleexceptionsorter"/>             </validation>         </datasource>         <drivers>             ????? should put here oracle driver?         </drivers>     </datasources> </subsystem>  <subsystem xmlns="urn:jboss:domain:security:1.2">     <security-domains>         ...         <security-domain name="jdbcdatabasesecure">         ?????         </security-domain>     </security-domains> </subsystem>  <management>     <security-realms>         ...         <security-realm name="undertowrealm">             <server-identities>                 <ssl>                     <keystore path="server_as_01.keystore" relative-to="jboss.server.config.dir" keystore-password="123456"/>                 </ssl>             </server-identities>         </security-realm>     </security-realms> </management>

maybe less related 4.2.3 configs, actual ssl configuration:

{profile}/deploy/jboss-web.deployer/server.xml <!-- ssl/tls connector configuration using admin devl guide keystore --> <connector port="4570" address="${jboss.bind.address}"     minsparethreads="5" maxsparethreads="75" enablelookups="true" disableuploadtimeout="true"     acceptcount="100" maxthreads="100" scheme="https" secure="true" sslenabled="true"      keystorefile="${jboss.server.home.dir}/conf/server_as_01.keystore"     keystorepass="123456"      truststorefile="${jboss.server.home.dir}/conf/server_as_01.keystore"     truststorepass="123456"      clientauth="false" sslprotocol="tls" />

also have these files in 4.2.3:

{profile}/conf/server.password {profile}/conf/client.truststore {profile}/conf/server_as_01.keystore

and java_opts="-djavax.net.ssl.truststore=$jboss_server/conf/client.truststore -djavax.net.ssl.truststorepassword=changeit"

i tried similar jboss 7.0.0 eap config, i've noticed google, there many differences in these implementations. seems jaas not exist in 7 eap anymore.

can me correct config?

you should refer guide migration related issue facing. recommendation is, can first try migrate eap 6 , try migrate eap 7. here's guide migrate eap 5.x 7, https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html/migration_guide/migrating_from_older_releases

wiki

Search This Blog

tL

java - Jboss 4.2.3 migration to Jboss 7 EAP, datasources and security -

Comments

Post a Comment

Popular posts from this blog

Asterisk AGI Python Script to Dialplan does not work -

python - Read npy file directly from S3 StreamingBody -

kotlin - Out-projected type in generic interface prohibits the use of metod with generic parameter -