host.xml

<management> 
     <security-realms> 
      <security-realm name="ManagementRealm"> 
       <authentication> 
        <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/> 
       </authentication> 
<server-identities> 
<ssl> 
<keystore path=".keystore" relative-to="jboss.home.dir" password="changeit"/> 
</ssl> 
</server-identities> 
      </security-realm> 
      <security-realm name="ApplicationRealm"> 
       <authentication> 
        <properties path="application-users.properties" relative-to="jboss.domain.config.dir" /> 
       </authentication> 
      </security-realm> 
     </security-realms> 
     <management-interfaces> 
      <native-interface security-realm="ManagementRealm"> 
       <socket interface="management" port="${jboss.management.native.port:9999}"/> 
      </native-interface> 
      <http-interface security-realm="ManagementRealm"> 
       <socket interface="management" port="${jboss.management.http.port:9990}"/> 
       <socket-binding https="management-https"/> 
      </http-interface> 
     </management-interfaces> 
    </management>

谢谢！

来源

2012-09-12 Will L

有没有人使用控制台设置SSL？欢迎任何反馈。谢谢。 –

看来，JBoss不允许<套接字绑定>标签。无论如何要在<管理界面>或选项卡上的控制台上启用SSL？非常感谢。 –

使在特定的行和列的配置文件正确的变化在[row,col]:[x,y]

来源

2013-12-26 00:26:00 krish3

我一直在处理同样的问题显示在堆栈跟踪ParseError，这是棘手的一些原因。我列出了standalone.xml的更改，这些更改让我有所收获。毫无疑问，你需要构建一个keystore来引用。

这种配置的最成问题的是，在management.security-realms.security-境界的<ssl>元件使用不同的语法在<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host">配置<ssl>元件时相比。我在这里列出了这两个元素来显示对比。您实际上并不需要为Web服务配置SSL来保护您的控制台。我添加了额外的细节以显示它们的不同之处。

<management> 
    <security-realms> 
     <security-realm name="ManagementRealm"> 
      <server-identities> 
       <ssl protocol="TLS"> 
        <keystore path="/my/path/to/certs/my_cert.jks" keystore-password="mypass"/> 
       </ssl> 
      </server-identities> 
      <authentication> 
       <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> 
      </authentication> 
     </security-realm> 
    </security-realms> 
    <management-interfaces> 
     <native-interface security-realm="ManagementRealm"> 
      <socket-binding native="management-native"/> 
     </native-interface> 
     <http-interface security-realm="ManagementRealm"> 
      <socket-binding http="management-console-https"/> 
     </http-interface> 
    </management-interfaces> 
</management> 
. 
. 
. 
<profile> 
. 
. 
. 
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host"> 
    <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/> 
    <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true"> 
     <ssl password="mypass" certificate-key-file="/my/path/to/certs/my_cert.jks" protocol="TLSv1" verify-client="false" certificate-file="/my/path/to/certs/my_cert.jks"/> 
    </connector> 
    <virtual-server name="default-host" enable-welcome-root="true"> 
     <alias name="localhost"/> 
     <alias name="example.com"/> 
    </virtual-server> 
</subsystem> 
. 
. 
. 
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> 
    <socket-binding name="http" port="8080"/> 
    <socket-binding name="https" port="8443"/> 
. 
. 
. 
    <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/> 
    <socket-binding name="management-console-https" interface="management" port="${jboss.management.console.https.port:9991}"/>

而且，因为你不会使用它，删除旧的插座结合：

<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>

我希望这有助于。

来源

2014-01-04 02:34:02 Organus

保护JBoss管理控制台SSL不工作

host.xml

回答

相关问题