linux : ssl+jaas+virtual-hosting in jboss

SSL CONFIGURATION IN JBOSS

1.).Creating the keystore and private key:

a.)Open a command prompt and go to jbosseap/jbossas/server/default/conf folder

b.)run command : keytool -genkey -alias jbosskey -keypass hello -keyalg RSA -keystore server.keystore

c.)Answer prompts,after that your keystore is generated.

d.)keytool -list -keystore server.keystore .after running this command you should see the privatekey entry named jbosskey in the listing.

2.)Generating and storing the certificate:

a.)keytool -export -alias jbosskey -keypass hello -file server.crt -keystore server.keystore

server.crt is generated.

keytool -import -alias jbosscert -keypass changeit -file server.crt -keystore server.keystore

You receive a warning that it already exists in the keystore. Ignore it. It is because Java expects separate keystore adn trustore files and we are using only one.

keytool -list -keystore server.keystore

You should see a TrustedCertEntry named jbosscert in the listing

3.)Ensure that you start the server with:-c default -b 0.0.0.0 -Djavax.net.ssl.trustStore="</yourServerLocation>/server/default/conf/server.keystore"

4.)Enable jBoss' Tomcat for HTTPS:

Edit:"</yourServerLocation>/server/default/deploy/jbossweb.deployer/server.xml"

Uncomment the section that begins with <Connector port="8443"

At the end of the section (but still inside of it) add:

a.) keystoreFile="/conf/server.keystore"

b.)keystorePass="changeit"

Then write url in your browser:https://localhost:8443

VIRTUAL-HOSTING IN JBOSS

1.)Edit you /etc/hosts file enter following lines.i am taking example you change according to your site name.

10.x.x.x myfirstsite.com mysecondsite.com

2.Deploying two different application in jboss and in your application WEB-INF directory make jboss-web.xml file and enter following lines:

<jboss-web>

<context-root>/</context-root>

<virtual-host>myfirstsite.com</virtual-host>

</jboss-web>

make same file in your second application also.

3.Now edit your jbossweb.sar/server.xml

<?xml version="1.0"?>

-<Server>

<Service name="jboss.web">

<Connector redirectPort="8443" connectionTimeout="20000" address="${jboss.bind.address}" port="8080" protocol="HTTP/1.1"/>

<Connector redirectPort="8443" address="${jboss.bind.address}" port="8009" protocol="AJP/1.3"/>

<Engine name="jboss.web" defaultHost="myfirstsite.com">

<Realm allRolesMode="authOnly" certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping" className="org.jboss.web.tomcat.security.JBossWebRealm"/>

<Host name="myfirst.com" deployXML="false" deployOnStartup="false" autoDeploy="false">

</Host>

<Host name="mysecondsite.com" deployXML="false" deployOnStartup="false" autoDeploy="false">

</Host>

</Engine>

</Service>

</Server>

Now start your jboss server and access your both application in your browser.

JAAS Implementation in jboss

1.)First edit your application web.xml

<security-constraint>

<web-resource-collection>

<web-resource-name>HtmlAdaptor</web-resource-name>

<description>An example security config that only allows users with the role Admin to access the HTML jaas web application </description>

<url-pattern>/*</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>Admin</role-name>

</auth-constraint>

</security-constraint>

<login-config>

<auth-method>BASIC</auth-method>

<realm-name>Jaas testing</realm-name>

</login-config>

<security-role>

<role-name>Admin</role-name>

</security-role>

2.)Make properties file in aourapplication/WEB-INF/classes/

a.)make a file user.properties and role.properties

enter following lines in user.properties file

<username>=<password>

enter following lines in role.properties file

<username>=<role1,role2.......>

now save your file and start your jboss .

............................best of luck...........................

linux

Monday, 19 November 2012

ssl+jaas+virtual-hosting in jboss

No comments:

Post a Comment