使用SSL(HTTPS)保护JBoss管理控制台不起作用

wixjitnu 于 2023-10-20 发布在其他

关注(0)|答案(2)|浏览(144)

我正在域模式下运行jboss-as-7.1.1.Final。当我将更改应用到host.xml和domain.xml时，我收到了以下错误：
[Host控制器]原因：javax.xml.stream.XMLStreamException:[row，col]处的分析错误：[25，17] [Host Controller]消息：JBAS 014789：遇到意外元素“{urn：jboss：domain：1.2}socket-binding”

HOST.XML

<host name="master" xmlns="urn:jboss:domain:1.2">

    <management>
        <security-realms>
            <security-realm name="ManagementRealm">
                <server-identities>
                    <ssl protocol="TLS">
                        <keystore path="keystore" relative-to="jboss.server.config.dir" password="password"/>
                    </ssl>
                </server-identities>
                <authentication>
                    <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
                </authentication>
            </security-realm>
            <security-realm name="ApplicationRealm">
                <authentication>
                    <properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
                </authentication>
            </security-realm>
        </security-realms>
        <management-interfaces>
            <native-interface security-realm="ManagementRealm">
                <socket-binding native="management-native"/> 
            </native-interface>
            <http-interface security-realm="ManagementRealm">
                <socket-binding http="management-console-https"/> 
            </http-interface>
        </management-interfaces>
    </management>

DOMAIN.XML

<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host">
                <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
                <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
                    <ssl password="password" certificate-key-file="$PATH/keystore" protocol="TLSv1" verify-client="false" certificate-file="$PATH/keystore"/>
                </connector>
                <virtual-server name="default-host" enable-welcome-root="true">
                    <alias name="localhost"/>
                    <alias name="example.com"/>
                </virtual-server>
            </subsystem>

    <socket-binding-groups>
        <socket-binding-group name="full-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
            <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
            <socket-binding name="management-console-https" interface="management" port="${jboss.management.console.https.port:9143}"/>
            <socket-binding name="ajp" port="8009"/>
            <socket-binding name="http" port="8080"/>
            <socket-binding name="https" port="8443"/>

jboss

来源：https://stackoverflow.com/questions/77053910/securing-jboss-admin-console-with-ssl-https-not-working

2条答案

按热度按时间

9q78igpj1#

您应该使用jboss-xml而不是手动更新XML。也就是说，你不能在管理界面中使用socket-binding，而应该使用socket元素：

<http-interface security-realm="ManagementRealm">
    <socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface>

赞(0）回复(0）举报 2023-10-20

yhxst69z2#

在host.xml中的“http-interface”标签中添加“secure-port”对我来说很有效：
<socket interface=“management”port="${jboss.management.http.port：9990}”secure-port=“9143”/>

域名.xml

<socket-binding name=“management-https”interface=“management”port=“9143”/>

赞(0）回复(0）举报 2023-10-20

我来回答

使用SSL(HTTPS)保护JBoss管理控制台不起作用

HOST.XML

DOMAIN.XML

2条答案

相关问题

热门标签

最新问答