Skip to main content
您好,欢迎光临IDC汇,需要什么服务器直接咨询客服,方便快捷。客服QQ 点击这里给我发消息
首页 > 服务器技术 »正文

从Jboss EAP 6.4迁移到EAP 7.1

服务器技术 webadmin 2020-07-01 08:49:01 查看评论 加入收藏

POM

  • 升级JavaEE
    <dependency>
    <groupId>org.jboss.bom</groupId>
    <artifactId>jboss-eap-javaee7</artifactId>
    <version>7.1.1.GA</version>
    <type>pom</type>
    <scope>import</scope>
    </dependency>
    <dependency>
    <groupId>org.jboss.eap</groupId>
    <artifactId>wildfly-ejb-client-bom</artifactId>
    <version>7.1.1.GA-redhat-2</version>
    <type>pom</type>
    <scope>import</scope>
    </dependency>
    <dependency>
    <groupId>org.jboss.eap</groupId>
    <artifactId>wildfly-jms-client-bom</artifactId>
    <version>7.1.1.GA-redhat-2</version>
    <type>pom</type>
    <scope>import</scope>
    </dependency>
  • 升级dependency
    <dependency>
    <groupId>org.jboss.spec.javax.servlet</groupId>
    <artifactId>jboss-servlet-api_3.1_spec</artifactId>
    <scope>provided</scope>
    </dependency>
    <dependency>
    <groupId>org.jboss.remoting</groupId>
    <artifactId>jboss-remoting</artifactId>
    <scope>provided</scope>
    </dependency>
    <dependency>
    <groupId>org.jboss.spec.javax.ejb</groupId>
    <artifactId>jboss-ejb-api_3.2_spec</artifactId>
    <scope>provided</scope>
    </dependency>
    <dependency>
    <groupId>org.jboss.spec.javax.jms</groupId>
    <artifactId>jboss-jms-api_2.0_spec</artifactId>
    <scope>provided</scope>
    </dependency>
    ...

    WEB

    设置默认编码

    <subsystem xmlns="urn:jboss:domain:undertow:4.0">
    ...
    <servlet-container name="default" default-encoding="UTF-8" use-listener-encoding="true">
        <jsp-config/>
        <websockets/>
    </servlet-container>
    ...
    </subsystem>

    配置ajp-listener和instance-id

    <subsystem xmlns="urn:jboss:domain:undertow:4.0" instance-id="asdapp1">
    <buffer-cache name="default"/>
    <server name="default-server">
        <ajp-listener name="ajp" socket-binding="ajp" scheme="http"/>
        <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
        <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enabled-protocols="TLSv1.2" enable-http2="true"/>
        ...
    </server>
    ...
    </subsystem>

    JSF 1.2

    EAP 7不支持JSF 1.2,可从EAP 6将JSF 1.2 Module(包含javax.faces.api,com.sun.jsf-impl,org.jboss.as.jsf-injection)迁移过来,module.xml内容无需更改,建议修改一下module版本urn:jboss:module:1.5
    如部署使用的ear包,在jboss-deployment-structure.xml中增加如下配置:

    <jboss-deployment-structure>
    <deployment>
        <exclusions>
            <module name="javax.faces.api"/>
            <module name="com.sun.jsf-impl"/>
            <module name="org.jboss.as.jsf-injection"/>
        </exclusions>
        <dependencies>
            <module name="javax.faces.api" slot="1.2" export="true"/>
            <module name="com.sun.jsf-impl" slot="1.2" export="true"/>
            <module name="org.jboss.as.jsf-injection" slot="1.2" export="true"/>
        </dependencies>
    </deployment>
    <sub-deployment name="ejb.jar">
        <exclusions>
            <module name="javax.faces.api"/>
            <module name="com.sun.jsf-impl"/>
            <module name="org.jboss.as.jsf-injection"/>
        </exclusions>
        <dependencies>
            <module name="javax.faces.api" slot="1.2"/>
            <module name="com.sun.jsf-impl" slot="1.2"/>
            <module name="org.jboss.as.jsf-injection" slot="1.2"/>
        </dependencies>
    </sub-deployment>
    <sub-deployment name="web.war">
        <exclusions>
            <module name="javax.faces.api"/>
            <module name="com.sun.jsf-impl"/>
            <module name="org.jboss.as.jsf-injection"/>
        </exclusions>
        <dependencies>
            <module name="javax.faces.api" slot="1.2"/>
            <module name="com.sun.jsf-impl" slot="1.2"/>
            <module name="org.jboss.as.jsf-injection" slot="1.2"/>
        </dependencies>
    </sub-deployment>
    </jboss-deployment-structure>

Richfaces 3.3

因EAP 7的servlet版本是3.1,fileUpload组件不能使用,需要使用getParts方法重写MultipartRequest实现。

package org.ajax4jsf.request;

import org.ajax4jsf.exception.FileUploadException;
import org.ajax4jsf.webapp.BaseXMLFilter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.richfaces.component.FileUploadConstants;
import org.richfaces.model.UploadItem;

import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.Part;
import java.io.*;
import java.rmi.server.UID;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

/**
 * Request wrapper for supporting multipart requests, used for file uploading.
 *
 * @author Shane Bryzak
 */
public class MultipartRequest extends HttpServletRequestWrapper {
    private static final Log logger = LogFactory.getLog(MultipartRequest.class);
    private static final int BUFFER_SIZE = 2048;

    private boolean createTempFiles;

    private Part filePart;
    private ByteArrayOutputStream bOut = null;
    private FileOutputStream fOut = null;
    private File tempFile = null;

    private String uid;

    private Integer contentLength = 0;

    private int bytesRead = 0;

    private int read = 0;

    private byte[] buffer;

    private InputStream input;

    //we shouldn't allow to stop until request reaches PhaseListener because of portlets
    private boolean canStop = false;

    private Map<String, Object> percentMap = null;

    private Map<String, Integer> requestSizeMap = null;

    private Map<String, String> requestKeysMap = null;

    private String requestKey = null;

    private MultipartRequestRegistry requestRegistry;

    boolean initialized = false;

    private boolean shouldStop = false;
    private boolean canceled;

    public MultipartRequest(HttpServletRequest request, boolean createTempFiles, int maxRequestSize, String uid) {
        super(request);
        this.createTempFiles = createTempFiles;
        this.uid = uid;
        this.contentLength = Integer.parseInt(request.getHeader("Content-Length"));
    }

    public void cancel() {
        this.canceled = true;

        deleteFile();
    }

    private void deleteFile() {
        try {
            if (fOut != null) {
                fOut.close();
                if (tempFile != null) {
                    tempFile.delete();
                }
            }
        } catch (Exception e) {
            throw new FileUploadException("Could not delete temporary file");
        }
    }

    private void fillBuffer() throws IOException {
        read = input.read(buffer);

        if (read > 0) {
            bytesRead += read;
        }

        fillProgressInfo();
    }

    private void readData() throws IOException {
        while (read > 0) {
            appendData(buffer, 0, read);
            fillBuffer();
        }
    }

    private void initialize() throws IOException {
        if (initialized) {
            return;
        }

        initialized = true;
        buffer = new byte[BUFFER_SIZE];
        getFilePart();
        input = getFileInputStream();

        setupProgressData();
        fillBuffer();
    }

    private void getFilePart() {
        try {
            filePart = null;
            Collection<Part> parts = getParts();
            for (Part part : parts) {
                if (part.getName().endsWith(":file")) {
                    filePart = part;
                    if (createTempFiles) {
                        createTempFile();
                    }
                    break;
                }
            }
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
    }

    public void createTempFile() {
        try {
            tempFile = File.createTempFile(new UID().toString().replace(":", "-"), ".upload");
            fOut = new FileOutputStream(tempFile);
        } catch (IOException ex) {
            throw new FileUploadException("Could not create temporary file");
        }
    }

    private void appendData(byte[] data, int start, int length) throws IOException {
        if (fOut != null) {
            fOut.write(data, start, length);
            fOut.flush();
        } else {
            if (bOut == null) {
                bOut = new ByteArrayOutputStream();
            }
            bOut.write(data, start, length);
        }
    }

    public void parseRequest() {
        canStop = true;

        setupProgressData();

        try {
            initialize();

            readData();
        } catch (IOException e) {
            this.cancel();

            if (!this.shouldStop) {
                throw new FileUploadException("IO Error parsing multipart request", e);
            }
        }
    }

    public static MultipartRequest lookupRequest(FacesContext context, String uploadId) {
        Map<String, Object> sessionMap = context.getExternalContext().getSessionMap();
        Map<String, String> requestKeys = (Map<String, String>) sessionMap.get(FileUploadConstants.REQUEST_KEYS_BEAN_NAME);
        if (requestKeys != null) {
            String requestKey = requestKeys.get(uploadId);
            if (requestKey != null) {
                MultipartRequestRegistry requestRegistry = MultipartRequestRegistry.getInstance(context);
                if (requestRegistry != null) {
                    MultipartRequest request = requestRegistry.getRequest(requestKey);
                    if (request != null) {
                        return request;
                    }
                }
            }
        }

        return null;
    }

    @SuppressWarnings("unchecked")
    private void setupProgressData() {
        if (percentMap == null || requestSizeMap == null || requestKeysMap == null) {
            FacesContext facesContext = FacesContext.getCurrentInstance();
            if (facesContext != null) {
                ExternalContext externalContext = facesContext.getExternalContext();
                if (externalContext != null) {
                    Map<String, Object> sessionMap = externalContext.getSessionMap();
                    if (sessionMap != null) {
                        String uploadId = getUploadId();

                        synchronized (sessionMap) {
                            if (percentMap == null) {
                                percentMap = (Map<String, Object>) sessionMap.get(FileUploadConstants.PERCENT_BEAN_NAME);
                                if (percentMap == null) {
                                    percentMap = new ConcurrentHashMap<String, Object>();
                                    sessionMap.put(FileUploadConstants.PERCENT_BEAN_NAME, percentMap);
                                }
                            }

                            if (requestSizeMap == null) {
                                requestSizeMap = (Map<String, Integer>) sessionMap.get(FileUploadConstants.REQUEST_SIZE_BEAN_NAME);
                                if (requestSizeMap == null) {
                                    requestSizeMap = new ConcurrentHashMap<String, Integer>();
                                    sessionMap.put(FileUploadConstants.REQUEST_SIZE_BEAN_NAME, requestSizeMap);
                                }
                            }

                            if (requestKeysMap == null) {
                                requestKeysMap = (Map<String, String>) sessionMap.get(FileUploadConstants.REQUEST_KEYS_BEAN_NAME);
                                if (requestKeysMap == null) {
                                    requestKeysMap = new ConcurrentHashMap<String, String>();
                                    sessionMap.put(FileUploadConstants.REQUEST_KEYS_BEAN_NAME, requestKeysMap);
                                }
                            }
                        }

                        percentMap.put(uploadId, Double.valueOf(0));
                        requestSizeMap.put(uploadId, getSize());

                        requestRegistry = MultipartRequestRegistry.getInstance(facesContext);
                        requestKey = requestRegistry.registerRequest(this);
                        requestKeysMap.put(uploadId, requestKey);
                    }
                }
            }
        }
    }

    private void fillProgressInfo() {
        setupProgressData();

        if (percentMap != null) {
            Double percent = (100.0 * this.bytesRead / this.contentLength);
            percentMap.put(uid, percent);
        }
    }

    public Integer getSize() {
        return contentLength;
    }

    public byte[] getFileBytes(String name) {
        if (filePart == null) {
            return null;
        }

        if (fOut != null) {
            try {
                fOut.close();
            } catch (IOException ex) {
            }
            fOut = null;
        }

        if (bOut != null) {
            return bOut.toByteArray();
        }

        if (tempFile != null && tempFile.exists()) {
            try {
                FileInputStream inputStream = new FileInputStream(tempFile);
                ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
                byte[] buf = new byte[BUFFER_SIZE];
                int read = inputStream.read(buf);
                while (read != -1) {
                    outputStream.write(buf, 0, read);
                    read = inputStream.read(buf);
                }
                outputStream.flush();
                inputStream.close();
                tempFile.delete();
                return outputStream.toByteArray();
            } catch (IOException ex) {
            }
        }
        return null;
    }

    public InputStream getFileInputStream() throws IOException {
        return filePart == null ? null : filePart.getInputStream();
    }

    public String getFileContentType() {
        return filePart != null ? filePart.getContentType() : null;
    }

    public Object getFile() {
        if (filePart == null) {
            return null;
        }

        if (tempFile != null) {
            if (fOut != null) {
                try {
                    fOut.close();
                } catch (IOException ex) {
                }
                fOut = null;
            }
            return tempFile;
        }
        if (bOut != null) {
            return bOut.toByteArray();
        }

        return null;
    }

    public String getFileName() {
        return filePart != null ? filePart.getSubmittedFileName() : null;
    }

    public int getFileSize() {
        return filePart != null ? (int) filePart.getSize() : -1;
    }

    public List<UploadItem> getUploadItems() {
        List<UploadItem> uploadItems = new ArrayList<>();
        if (filePart != null) {
            uploadItems.add(new UploadItem(getFileName(), getFileSize(), getFileContentType(), getFile()));
        }
        return uploadItems;
    }

    public boolean isFormUpload() {
        return "_richfaces_form_upload".equals(uid);
    }

    @Override
    public String getHeader(String name) {
        if (!"Accept".equals(name)) {
            return super.getHeader(name);
        } else {
            return BaseXMLFilter.TEXT_HTML;
        }
    }

    public void stop() {
        if (canStop) {
            shouldStop = true;
        }
    }

    public boolean isStopped() {
        return this.shouldStop;
    }

    public boolean isDone() {
        return !(this.shouldStop && (this.canceled || this.contentLength != null && this.contentLength.intValue() != this.bytesRead));
    }

    @Override
    public String getContentType() {
        return "application/x-www-form-urlencoded";
    }

    protected String getUploadId() {
        return uid;
    }

    public void clearRequestData() {
        String uploadId = getUploadId();

        if (percentMap != null) {
            percentMap.remove(uploadId);
        }

        if (requestSizeMap != null) {
            requestSizeMap.remove(uploadId);
        }

        if (requestKeysMap != null) {
            requestKeysMap.remove(uploadId);
        }

        if (requestRegistry != null) {
            requestRegistry.removeRequest(requestKey);
        }
    }
}

另外,Richfaces 3.3.4.Final fileupload组件页面显示有中文乱码问题,需要修改FileUploadRendererBase的initLabels方法,删除value = dumpingWriter.toString();这一行。

Hibernate 3.5

  • 强烈建议升级到Hibernate 5,如确实不能升级,需创建一个3.5 module,放入依赖包,module配置如下:

    <?xml version="1.0" encoding="UTF-8"?>
    <module xmlns="urn:jboss:module:1.5" name="org.hibernate" slot="3.5">
    <properties>
        <property name="jboss.api" value="unsupported"/>
    </properties>
    
    <resources>
        <resource-root path="hibernate-core-3.5.6-Final.jar"/>
        <resource-root path="hibernate-entitymanager-3.5.6-Final.jar"/>
        <resource-root path="hibernate-annotations-3.5.6-Final.jar"/>
        <resource-root path="hibernate-commons-annotations-3.2.0.Final.jar"/>
        <resource-root path="hibernate-validator-3.1.0.GA.jar"/>
        <resource-root path="cglib-2.2.jar"/>
    </resources>
    
    <dependencies>
        <module name="javax.api"/>
        <module name="javax.annotation.api"/>
        <module name="javax.enterprise.api"/>
        <module name="javax.persistence.api"/>
        <module name="javax.transaction.api"/>
        <module name="javax.validation.api"/>
        <module name="javax.xml.bind.api"/>
        <module name="org.antlr"/>
        <module name="org.apache.commons.collections"/>
        <module name="org.dom4j"/>
        <module name="org.javassist" export="true"/>
        <module name="org.jboss.as.jpa.spi"/>
        <module name="org.jboss.jandex"/>
        <module name="org.jboss.logging"/>
        <module name="org.jboss.vfs"/>
        <module name="org.slf4j"/>      
    </dependencies>
    </module>
  • jboss-deployment-structure.xml中排除org.hibernate,引入3.5
    <jboss-deployment-structure>
    <deployment>
        <exclusions>
            <module name="org.hibernate"/>
        </exclusions>
        <dependencies>
            <module name="org.hibernate" slot="3.5" export="true"/>
            <module name="org.antlr" export="true"/>
            <module name="org.javassist" export="true"/>
        </dependencies>
    </deployment>
    <sub-deployment name="ejb.jar">
        <exclusions>
            <module name="org.hibernate"/>
        </exclusions>
        <dependencies>
            <module name="org.hibernate" slot="3.5"/>
            <module name="org.javassist"/>
        </dependencies>
    </sub-deployment>
    </jboss-deployment-structure>
  • 修改persistence.xml
    <?xml version="1.0" encoding="UTF-8"?>
    <persistence xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd" version="2.0">
    <persistence-unit name="schedule">
        <provider>org.hibernate.ejb.HibernatePersistence</provider>
        <jta-data-source>java:jboss/datasources/scheduleDatasource</jta-data-source>
        <class>...</class>
        <properties>
            <property name="jboss.as.jpa.providerModule" value="org.hibernate:3.5"/>
            <property name="hibernate.transaction.manager_lookup_class" value="org.hibernate.transaction.JBossTransactionManagerLookup"/>
            ...
        </properties>
    </persistence-unit>
    </persistence>

    HornetQ

    EAP 7 使用了ActiveMQ Artemis取代了HornetQ,原Message-Driven Bean不需更改,需更改配置和客户端调用代码。

  • jms-destinations
    EAP 6中jms-destinations配置如下:
    <hornetq-server>
    ...
    <jms-destinations>
     <jms-queue name="testQueue">
        <entry name="queue/test"/>
         <entry name="java:jboss/exported/jms/queue/test"/>
      </jms-queue>
    </jms-destinations>
    ...
    </hornetq-server>

    更改为:

    <subsystem xmlns="urn:jboss:domain:messaging-activemq:2.0">
    <server name="default">
     ...
     <jms-queue name="testQueue" entries="queue/test java:jboss/exported/jms/queue/test"/>
     ...
    </server>
    </subsystem>
  • security
    如不启用security,增加如下配置:
    <subsystem xmlns="urn:jboss:domain:messaging-activemq:2.0">
    <server name="default">
     <security enabled="false"/>
     ...
    </server>
    </subsystem>
  • Dependency
    <dependency>
    <groupId>org.apache.activemq</groupId>
    <artifactId>artemis-jms-client</artifactId>
    <scope>provided</scope>
    </dependency>
    <dependency>
    <groupId>org.jboss.spec.javax.jms</groupId>
    <artifactId>jboss-jms-api_2.0_spec</artifactId>
    <scope>provided</scope>
    </dependency>
    <dependency>
    <groupId>org.jboss.spec.javax.json</groupId>
    <artifactId>jboss-json-api_1.0_spec</artifactId>
    <scope>provided</scope>
    </dependency>
  • org.apache.activemq.artemis module取代org.hornetq
  • 客户端代码
    EAP 7,默认connector从remote改为http-remoting,使用undertow default http-listener、http端口,这也是推荐的方式:
    <subsystem xmlns="urn:jboss:domain:messaging-activemq:2.0">
    <server name="default">
    ...
    <http-connector name="http-connector" socket-binding="http" endpoint="http-acceptor"/>
    <http-acceptor name="http-acceptor" http-listener="default"/>
    ...
    </server>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:undertow:4.0">
    ...
    <server name="default-server">
       <ajp-listener name="ajp" socket-binding="ajp"/>
       <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
       ...
    </server>
    ...
    </subsystem>

    客户端代码要做以下修改:remote connection port从4447改为8080,PROVIDER_URL从remote://localhost:4447改为http-remoting://localhost:8080。INITIAL_CONTEXT_FACTORY从org.jboss.naming.remote.client.InitialContextFactory改为org.wildfly.naming.client.WildFlyInitialContextFactory。
    EAP 6:

    java.naming.factory.initial=org.jboss.naming.remote.client.InitialContextFactory
    java.naming.provider.url=remote://localhost:4447

    EAP 7:

    java.naming.factory.initial=org.wildfly.naming.client.WildFlyInitialContextFactory
    java.naming.provider.url=http-remoting://localhost:8080

    EJB

  • Connector
    EAP 7,默认connector从remote改为http-remoting,使用undertow default http-listener、http端口。
    EAP 6:
    <subsystem xmlns="urn:jboss:domain:remoting:1.2">
    <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
    </subsystem>

    EAP 7:

    <subsystem xmlns="urn:jboss:domain:remoting:4.0">
    <endpoint/>
    <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
    </subsystem>
  • Dependency
    <dependency>
    <groupId>org.jboss</groupId>
    <artifactId>jboss-ejb-client</artifactId>
    <scope>provided</scope>
    </dependency>
    <dependency>
    <groupId>org.jboss.remoting</groupId>
    <artifactId>jboss-remoting</artifactId>
    <scope>provided</scope>
    </dependency>
    <dependency>
    <groupId>org.wildfly</groupId>
    <artifactId>wildfly-naming-client</artifactId>
    <scope>provided</scope>
    </dependency>
    <dependency>
    <groupId>org.jboss.spec.javax.ejb</groupId>
    <artifactId>jboss-ejb-api_3.2_spec</artifactId>
    <scope>provided</scope>
    </dependency>
    <dependency>
    <groupId>org.jboss.spec.javax.transaction</groupId>
    <artifactId>jboss-transaction-api_1.2_spec</artifactId>
    <scope>provided</scope>
    </dependency>
    <dependency>
    <groupId>org.jboss.marshalling</groupId>
    <artifactId>jboss-marshalling-river</artifactId>
    <scope>provided</scope>
    </dependency>
    <dependency>
    <groupId>org.jboss.xnio</groupId>
    <artifactId>xnio-api</artifactId>
    <scope>provided</scope>
    </dependency>
    <dependency>
    <groupId>org.jboss.xnio</groupId>
    <artifactId>xnio-nio</artifactId>
    <scope>provided</scope>
    </dependency>
  • jboss-ejb-client.properties
    EAP 6:
    remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
    remote.connections=default
    remote.connection.default.protocol=remote
    remote.connection.default.host=localhost
    remote.connection.default.port=4447
    remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
    remote.connection.default.username=quickuser
    remote.connection.default.password=quick-123

    EAP 7:

    remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
    remote.connections=default
    remote.connection.default.protocol=http-remoting
    remote.connection.default.host=localhost
    remote.connection.default.port=8080
    remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
    remote.connection.default.username=quickuser
    remote.connection.default.password=quick-123
  • 客户端代码
    EAP 6:
    java.naming.factory.initial=org.jboss.naming.remote.client.InitialContextFactory
    java.naming.provider.url=remote://localhost:4447

    EAP 7:

    java.naming.factory.initial=org.wildfly.naming.client.WildFlyInitialContextFactory
    java.naming.provider.url=http-remoting://localhost:8080
  • Standalone Client
    EAP 7.1引入新的配置文件wildfly-config.xml,统一了所有客户端的配置,在standalone client中推荐使用这种方式。wildfly-config.xml放在classpath或META-INF目录下,也可用-Dwildfly.config.url指定路径(优先级:wildfly.config.url > classpath > META-INF)。
    wildfly-config.xml:
    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
    <authentication-client xmlns="urn:elytron:1.0.1">
        <authentication-rules>
            <rule use-configuration="ejb"/>
        </authentication-rules>
        <authentication-configurations>
            <configuration name="ejb">
                <sasl-mechanism-selector selector="DIGEST-MD5"/>
                <set-user-name name="quickuser"/>
                <credentials>
                    <clear-password password="quick-123"/>
                </credentials>
                <providers>
                    <use-service-loader/>
                </providers>
                <set-mechanism-realm name="ApplicationRealm"/>
            </configuration>
        </authentication-configurations>
    </authentication-client>
    </configuration>

    使用wildfly-config.xml时的Java代码:

    Properties properties = new Properties();
    properties.put(Context.INITIAL_CONTEXT_FACTORY, WildFlyInitialContextFactory.class.getName());
    properties.put(Context.PROVIDER_URL, "http-remoting://localhost:8080");
    Context context = new InitialContext(properties);
    Object theRemote = context.lookup(jndiName);
    ...

    代码很简单,多个PROVIDER_URL时用逗号分隔。注意运行之前要添加ApplicationRealm用户:

    add-user.sh -a -u quickuser -p quick-123
  • Server-to-Server
    利用remote-outbound-connection,在standalone.xml中增加如下配置:
    增加security-realm,密码需经Base64编码
    <management>
    <security-realms>
        <security-realm name="ejb-security-realm">
            <server-identities>
                <secret value="cXVpY2stMTIz"/>
            </server-identities>
        </security-realm>
        ...
    </security-realms>
    ...
    </management>

    配置remote-outbound-connection

    <subsystem xmlns="urn:jboss:domain:remoting:4.0">
    <endpoint/>
    <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
    <outbound-connections>
        <remote-outbound-connection name="remote-ejb-connection1" outbound-socket-binding-ref="remote-ejb1" username="quickuser" security-realm="ejb-security-realm" protocol="http-remoting">
            <properties>
                <property name="SASL_POLICY_NOANONYMOUS" value="false"/>
                <property name="SSL_ENABLED" value="false"/>
            </properties>
        </remote-outbound-connection>
    </outbound-connections>
    </subsystem>

    配置Socket

    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
    ...
    <outbound-socket-binding name="remote-ejb1">
        <remote-destination host="127.0.0.1" port="8080"/>
    </outbound-socket-binding>
    </socket-binding-group>

    在war的WEB-INF或ear的META-INF中新建文件jboss-ejb-client.xml:

    <jboss-ejb-client xmlns="urn:jboss:ejb-client:1.2">  
    <client-context>  
        <ejb-receivers>  
            <remoting-ejb-receiver outbound-connection-ref="remote-ejb-connection1" connect-timeout="10000"/>  
        </ejb-receivers>  
    </client-context>  
    </jboss-ejb-client>

    Java代码

    Properties props = new Properties();  
    props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");  
    Context context = new javax.naming.InitialContext(props);  
    Object theRemote = context.lookup(jndiName);

    Seam 2.2.2.Final

    seam 2.2可以运行在Jboss EAP 7,同在EAP 6中一样,需修改org.jboss.seam.transaction.Transaction:

    protected javax.transaction.UserTransaction getUserTransaction() throws NamingException
    {
      InitialContext context = Naming.getInitialContext();
      try
      {
         return (javax.transaction.UserTransaction) context.lookup("java:comp/UserTransaction");
      }
      catch (NamingException ne)
      {
         try
         {
            //Embedded JBoss has no java:comp/UserTransaction
            javax.transaction.UserTransaction ut = (javax.transaction.UserTransaction) context.lookup("UserTransaction");
            ut.getStatus(); //for glassfish, which can return an unusable UT
            return ut;
         }
         catch (NamingException nnfe2) {
             // Try the other JBoss location in JBoss AS7
             return (javax.transaction.UserTransaction) context.lookup("java:jboss/UserTransaction");
         }
         catch (Exception e)
         {
            throw ne;
         }
      }
    }

    如使用了seam-resteasy,需排除jaxrs子系统,使用EAP 6中的resteasy版本即可。

    <jboss-deployment-structure>
    <deployment>
        <exclude-subsystems>
            <subsystem name="jaxrs"/>
        </exclude-subsystems>
        ...
    </deployment>
    </jboss-deployment-structure>

    PicketLink

    配置Subsystem

    EAP 7默认是不支持picketlink的,需要配置picketlink subsystem。
    增加extension

    <extensions>
    ...
    <extension module="org.wildfly.extension.picketlink"/>
    ...
    </extensions>

    配置subsystem

    <profile>
    ...
    <subsystem xmlns="urn:jboss:domain:picketlink-federation:2.0"/>
    ...
    </profile>

    配置security-domain

    将EAP 6中相应配置迁移过来即可。

    <security-domain name="sp" cache-type="default">
    <authentication>
        <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required"/>
    </authentication>
    </security-domain>
    <security-domain name="idp" cache-type="default">
    <authentication>
        <login-module code="UsersRoles" flag="required">
            <module-option name="usersProperties" value="users.properties"/>
            <module-option name="rolesProperties" value="roles.properties"/>
        </login-module>
    </authentication>
    </security-domain>

    配置jboss-deployment-structure

    <jboss-deployment-structure>
    <deployment>
        <dependencies>
            ...
            <module name="org.picketlink" services="import"/>
        </dependencies>
    </deployment>
    </jboss-deployment-structure>

    注意:必须要添加services="import"。

    配置Federation

    EAP 7,valve不再使用:

    <?xml version="1.0" encoding="UTF-8"?>
    <jboss-web>
    <security-domain>sp</security-domain>
    <valve>
        <class-name>org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator</class-name>
        <param>
            <param-name>characterEncoding</param-name>
            <param-value>UTF-8</param-value>
        </param>
    </valve>
    </jboss-web>
    <jboss-web>
    <security-domain>idp</security-domain>
    <context-root>idp-sig</context-root>
    <valve>
        <class-name>org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve</class-name>
    </valve>
    </jboss-web>

    删除valve,参数需迁移到web.xml中:

    <context-param>
    <param-name>org.picketlink.federation.saml.CHARACTER_ENCODING</param-name>
    <param-value>UTF-8</param-value>
    </context-param>

    web.xml中必须配置login-config

    <web-app>
    ...
    <login-config>
    <auth-method>FORM</auth-method>
    </login-config>
    </web-app>

    注意:idp、sp都要配置auth-method
    picketlink.xml sample:

    <PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
    <PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1" BindingType="POST" SupportsSignatures="true"
                  ErrorPage="/sso/error.seam" LogOutPage="/sso/logout.seam">
        <IdentityURL>http://localhost:8080/idp-sig/</IdentityURL>
        <ServiceURL>https://localhost:8443/sso/</ServiceURL>
        <KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
            <Auth Key="KeyStoreURL" Value="/test.jks"/>
            <Auth Key="KeyStorePass" Value="store123"/>
            <Auth Key="SigningKeyPass" Value="test123"/>
            <Auth Key="SigningKeyAlias" Value="servercert"/>
            <ValidatingAlias Key="localhost" Value="servercert"/>
        </KeyProvider>
    </PicketLinkSP>
    <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler">
            <Option Key="NAMEID_FORMAT" Value="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
            <Option Key="CLOCK_SKEW_MILIS" Value="120000"/>
        </Handler>
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler"/>
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler"/>
        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler"/>
    </Handlers>
    </PicketLink>

    注意:

    1. 如果升级到EAP 7.1.2后使用picketlink可能会报如下错误:
      Error during the logout.: java.lang.NullPointerException
      at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.lambda$authenticate$0(SPFormAuthenticationMechanism.java:275)
      建议7.1.3发布后再升级。
    2. Undertow Servlet Container有一属性proactive-authentication,默认为true,会拦截所有含有SAMLResponse参数的请求。当项目中使用了其他custom portal时,将其设为"false";
      <servlet-container name="default" default-encoding="UTF-8" use-listener-encoding="true" proactive-authentication="false">
      <jsp-config/>
      <websockets/>
      </servlet-container>

      Patching EAP

      使用CLI应用、回滚、清除Patch

      Applying a Patch

      patch apply /path/to/downloaded-patch.zip --override-all
      shutdown --restart=true

      Rolling Backe a Patch

      先使用patch history查询出patch id,然后调用rollback命令:

      patch history
      patch rollback --patch-id=PATCH_ID --reset-configuration=TRUE
      shutdown --restart=true

      Clearing Patch History

      多次打Patch后会占用磁盘空间,可进行清理,但当前应用的Patch是不能删除的。

      /core-service=patching:ageout-history

      参考文档

      Jboss EAP 7.1 Migration Guide
      Using the JBoss Server Migration Tool
      Configuration Guide
      Configuring Messaging
      Developing EJB Applications
      How to Configure Identity Management
      How to Configure Server Security
      How To Set Up SSO with SAML v2
      Patching and Upgrading Guide

广告06

微信