我在域模式下运行JBosss AS 7。当我将更改应用到host.xml时,我收到以下错误。
[Host Controller]消息:JBAS014789:遇到意外元素'{urn:jboss:domain:1.2} socket-binding'
我遵循了这个参考指南。
https://community.jboss.org/wiki/SecuringAdministrationConsoleWithHttps
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<server-identities>
<ssl>
<keystore path=".keystore" relative-to="jboss.home.dir" password="changeit"/>
</ssl>
</server-identities>
</security-realm>
<security-realm name="ApplicationRealm">
<authentication>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir" />
</authentication>
</security-realm>
</security-realms>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
<http-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.http.port:9990}"/>
<socket-binding https="management-https"/>
</http-interface>
</management-interfaces>
</management>
谢谢!
答案 0 :(得分:0)
在特定行和列上的配置文件中进行正确更改,如[row,col]:[x,y]
处的堆栈跟踪ParseError所示
答案 1 :(得分:0)
我一直在处理同样的问题,但由于种种原因这很棘手。我已经将对 standalone.xml 的更改列入了我的目标。不言而喻,您需要构建一个密钥库来引用。
此配置中最棘手的部分是 management.security-realms.security-realm 中的<ssl>
元素使用的语法与配置<ssl>
元素时的语法不同在<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host">
。我在这里列出了两个元素以显示对比度。您实际上不需要为Web服务配置SSL以确保您的控制台安全。我添加了额外的细节,以显示它们的不同之处。
<management>
<security-realms>
<security-realm name="ManagementRealm">
<server-identities>
<ssl protocol="TLS">
<keystore path="/my/path/to/certs/my_cert.jks" keystore-password="mypass"/>
</ssl>
</server-identities>
<authentication>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
</security-realm>
</security-realms>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket-binding native="management-native"/>
</native-interface>
<http-interface security-realm="ManagementRealm">
<socket-binding http="management-console-https"/>
</http-interface>
</management-interfaces>
</management>
.
.
.
<profile>
.
.
.
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
<ssl password="mypass" certificate-key-file="/my/path/to/certs/my_cert.jks" protocol="TLSv1" verify-client="false" certificate-file="/my/path/to/certs/my_cert.jks"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
.
.
.
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="http" port="8080"/>
<socket-binding name="https" port="8443"/>
.
.
.
<socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
<socket-binding name="management-console-https" interface="management" port="${jboss.management.console.https.port:9991}"/>
此外,由于您不会使用它,请删除旧的套接字绑定:
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
我希望这会有所帮助。