현재 두 개의 프로필이있는 jboss 서버가 있습니다. 각 프로파일에는 다른 어플리케이션이 있으며, 어플리케이션 A와 어플리케이션 B는 프로파일에 있습니다. App B에서 SSL을 사용할 때 App A에는 세션 시간 초과가 있고 그 반대의 경우도 있습니다. 누구나 이런 일이 일어나는 이유를 알고 있거나 아는 사람이 있습니까?응용 프로그램에 SSL을 사용할 때 세션 시간 초과
서버에서 App B는 원격 EJB 호출을 App A에 보내 데이터를 보냅니다. 즉, App B는 App A에 의존합니다. 또한 App B App을 시작하려면 시작해야합니다.
App B에 SSL이 활성화되어 있어야하며 이는 IBE 프로파일의 JBOSS 웹 배포자 폴더에있는 server.xml 파일을 통해 수행됩니다.
앱 A와 앱 B 모두 (SSL없이)를 사용하는 경우 서버 시간 초과가 없지만 앱 A (SSL없이 앱 A에 SSL을 사용하지 않으므로)를 사용하고 SSL을 사용하는 앱 B에는 세션 타임 아웃. 예
- 로드 앱 A (없음 SSL)
- 액세스 화면 또는 응용 프로그램 B에 인앱
- 이동에 어떤 기능을하고 클릭을 응용 프로그램 A와 응용 프로그램 B 모두
- 로그인까지 버튼이
- 앱 B 세션이 세션은 ,691 시간이 종료되었습니다 다른 기능
- 앱을을 앱 할
- 이동 시간이 초과되었습니다 (SSL) 일부 기능을 수행하는 여기
363,210 여기
<Server>
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Use a custom version of StandardService that allows the
connectors to be started independent of the normal lifecycle
start to allow web apps to be deployed before starting the
connectors.
-->
<Service name="jboss.web">
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" address="${jboss.bind.address}"
maxThreads="350" maxHttpHeaderSize="8192"
emptySessionPath="true" protocol="HTTP/1.1"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" compression="on" />
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3"
emptySessionPath="true" enableLookups="false" redirectPort="8443" />
<Engine name="jboss.web" defaultHost="localhost">
<!-- The JAAS based authentication and authorization realm implementation
that is compatible with the jboss 3.2.x realm implementation.
- certificatePrincipal : the class name of the
org.jboss.security.auth.certs.CertificatePrincipal impl
used for mapping X509[] cert chains to a Princpal.
- allRolesMode : how to handle an auth-constraint with a role-name=*,
one of strict, authOnly, strictAuthOnly
+ strict = Use the strict servlet spec interpretation which requires
that the user have one of the web-app/security-role/role-name
+ authOnly = Allow any authenticated user
+ strictAuthOnly = Allow any authenticated user only if there are no
web-app/security-roles
-->
<Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
allRolesMode="authOnly"
/>
<!-- A subclass of JBossSecurityMgrRealm that uses the authentication
behavior of JBossSecurityMgrRealm, but overrides the authorization
checks to use JACC permissions with the current java.security.Policy
to determine authorized access.
- allRolesMode : how to handle an auth-constraint with a role-name=*,
one of strict, authOnly, strictAuthOnly
+ strict = Use the strict servlet spec interpretation which requires
that the user have one of the web-app/security-role/role-name
+ authOnly = Allow any authenticated user
+ strictAuthOnly = Allow any authenticated user only if there are no
web-app/security-roles
<Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
allRolesMode="authOnly"
/>
-->
<Host name="localhost"
autoDeploy="false" deployOnStartup="false" deployXML="false"
configClass="org.jboss.web.tomcat.security.config.JBossContextConfig"
>
<!-- Uncomment to enable request dumper. This Valve "logs interesting
contents from the specified Request (before processing) and the
corresponding Response (after processing). It is especially useful
in debugging problems related to headers and cookies."
-->
<!--
<Valve className="org.apache.catalina.valves.RequestDumperValve" />
-->
<!-- Access logger -->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve"
prefix="localhost_access_log." suffix=".log"
pattern="common" directory="${jboss.server.log.dir}"
resolveHosts="false" />
-->
<!-- Uncomment to enable single sign-on across web apps
deployed to this host. Does not provide SSO across a cluster.
If this valve is used, do not use the JBoss ClusteredSingleSignOn
valve shown below.
A new configuration attribute is available beginning with
release 4.0.4:
cookieDomain configures the domain to which the SSO cookie
will be scoped (i.e. the set of hosts to
which the cookie will be presented). By default
the cookie is scoped to "/", meaning the host
that presented it. Set cookieDomain to a
wider domain (e.g. "xyz.com") to allow an SSO
to span more than one hostname.
-->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Uncomment to enable single sign-on across web apps
deployed to this host AND to all other hosts in the cluster.
If this valve is used, do not use the standard Tomcat SingleSignOn
valve shown above.
Valve uses a JBossCache instance to support SSO credential
caching and replication across the cluster. The JBossCache
instance must be configured separately. By default, the valve
shares a JBossCache with the service that supports HttpSession
replication. See the "jboss-web-cluster-service.xml" file in the
server/all/deploy directory for cache configuration details.
Besides the attributes supported by the standard Tomcat
SingleSignOn valve (see the Tomcat docs), this version also
supports the following attributes:
cookieDomain see above
treeCacheName JMX ObjectName of the JBossCache MBean used to
support credential caching and replication across
the cluster. If not set, the default value is
"jboss.cache:service=TomcatClusteringCache", the
standard ObjectName of the JBossCache MBean used
to support session replication.
-->
<!--
<Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
-->
<!-- Check for unclosed connections and transaction terminated checks
in servlets/jsps.
Important: The dependency on the CachedConnectionManager
in META-INF/jboss-service.xml must be uncommented, too
-->
<Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"
cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
transactionManagerObjectName="jboss:service=TransactionManager" />
</Host>
</Engine>
</Service>
</Server>
이 SSL은
<Server>
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Use a custom version of StandardService that allows the
connectors to be started independent of the normal lifecycle
start to allow web apps to be deployed before starting the
connectors.
-->
<Service name="jboss.web">
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8180" address="${jboss.bind.address}"
maxThreads="350" maxHttpHeaderSize="8192"
emptySessionPath="false" protocol="HTTP/1.1"
enableLookups="false" redirectPort="8543" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" compression="on" />
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8543" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" connectionTimeout="20000"
clientAuth="false" sslProtocol="TLS" disableUploadTimeout="true"
keystoreFile="${jboss.server.home.dir}/conf/application.keystore"
keystorePass="application"
/>
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8010" address="${jboss.bind.address}" protocol="AJP/1.3"
emptySessionPath="true" enableLookups="false" redirectPort="8543" />
<Engine name="jboss.web" defaultHost="localhost">
<!-- The JAAS based authentication and authorization realm implementation
that is compatible with the jboss 3.2.x realm implementation.
- certificatePrincipal : the class name of the
org.jboss.security.auth.certs.CertificatePrincipal impl
used for mapping X509[] cert chains to a Princpal.
- allRolesMode : how to handle an auth-constraint with a role-name=*,
one of strict, authOnly, strictAuthOnly
+ strict = Use the strict servlet spec interpretation which requires
that the user have one of the web-app/security-role/role-name
+ authOnly = Allow any authenticated user
+ strictAuthOnly = Allow any authenticated user only if there are no
web-app/security-roles
-->
<Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
allRolesMode="authOnly"
/>
<!-- A subclass of JBossSecurityMgrRealm that uses the authentication
behavior of JBossSecurityMgrRealm, but overrides the authorization
checks to use JACC permissions with the current java.security.Policy
to determine authorized access.
- allRolesMode : how to handle an auth-constraint with a role-name=*,
one of strict, authOnly, strictAuthOnly
+ strict = Use the strict servlet spec interpretation which requires
that the user have one of the web-app/security-role/role-name
+ authOnly = Allow any authenticated user
+ strictAuthOnly = Allow any authenticated user only if there are no
web-app/security-roles
<Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
allRolesMode="authOnly"
/>
-->
<Host name="localhost"
autoDeploy="false" deployOnStartup="false" deployXML="false"
configClass="org.jboss.web.tomcat.security.config.JBossContextConfig"
>
<!-- Uncomment to enable request dumper. This Valve "logs interesting
contents from the specified Request (before processing) and the
corresponding Response (after processing). It is especially useful
in debugging problems related to headers and cookies."
-->
<!--
<Valve className="org.apache.catalina.valves.RequestDumperValve" />
-->
<!-- Access logger -->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve"
prefix="localhost_access_log." suffix=".log"
pattern="common" directory="${jboss.server.log.dir}"
resolveHosts="false" />
-->
<!-- Uncomment to enable single sign-on across web apps
deployed to this host. Does not provide SSO across a cluster.
If this valve is used, do not use the JBoss ClusteredSingleSignOn
valve shown below.
A new configuration attribute is available beginning with
release 4.0.4:
cookieDomain configures the domain to which the SSO cookie
will be scoped (i.e. the set of hosts to
which the cookie will be presented). By default
the cookie is scoped to "/", meaning the host
that presented it. Set cookieDomain to a
wider domain (e.g. "xyz.com") to allow an SSO
to span more than one hostname.
-->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Uncomment to enable single sign-on across web apps
deployed to this host AND to all other hosts in the cluster.
If this valve is used, do not use the standard Tomcat SingleSignOn
valve shown above.
Valve uses a JBossCache instance to support SSO credential
caching and replication across the cluster. The JBossCache
instance must be configured separately. By default, the valve
shares a JBossCache with the service that supports HttpSession
replication. See the "jboss-web-cluster-service.xml" file in the
server/all/deploy directory for cache configuration details.
Besides the attributes supported by the standard Tomcat
SingleSignOn valve (see the Tomcat docs), this version also
supports the following attributes:
cookieDomain see above
treeCacheName JMX ObjectName of the JBossCache MBean used to
support credential caching and replication across
the cluster. If not set, the default value is
"jboss.cache:service=TomcatClusteringCache", the
standard ObjectName of the JBossCache MBean used
to support session replication.
-->
<!--
<Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
-->
<!-- Check for unclosed connections and transaction terminated checks
in servlets/jsps.
Important: The dependency on the CachedConnectionManager
in META-INF/jboss-service.xml must be uncommented, too
-->
<Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"
cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
transactionManagerObjectName="jboss:service=TransactionManager" />
</Host>
</Engine>
</Service>
</Server>
감사 Milinda