JBoss EnterpriseApplication Platform 5
Installation Guidefor Use with JBoss Enterprise Application Platform 5
Jared Morgan
Laura Bailey
Joshua Wulf
Installation Guide
JBoss Enterprise Application Platform 5 Installation Guidefor Use with JBoss Enterprise Application Platform 5Edition 512
Author Jared MorganAuthor Laura BaileyAuthor Joshua Wulf
Copyright copy 2011 Red Hat Inc
The text of and illustrations in this document are licensed by Red Hat under a Creative CommonsAttributionndashShare Alike 30 Unported license (CC-BY-SA) An explanation of CC-BY-SA is availableat httpcreativecommonsorglicensesby-sa30 In accordance with CC-BY-SA if you distribute thisdocument or an adaptation of it you must provide the URL for the original version
Red Hat as the licensor of this document waives the right to enforce and agrees not to assertSection 4d of CC-BY-SA to the fullest extent permitted by applicable law
Red Hat Red Hat Enterprise Linux the Shadowman logo JBoss MetaMatrix Fedora the InfinityLogo and RHCE are trademarks of Red Hat Inc registered in the United States and other countries
Linuxreg is the registered trademark of Linus Torvalds in the United States and other countries
Javareg is a registered trademark of Oracle andor its affiliates
XFSreg is a trademark of Silicon Graphics International Corp or its subsidiaries in the United Statesandor other countries
MySQLreg is a registered trademark of MySQL AB in the United States the European Union and othercountries
All other trademarks are the property of their respective owners
This Installation Guide documents relevant information regarding the installation of JBoss EnterpriseApplication Platform 5 and its patch releases
iii
Preface v1 Document Conventions v
11 Typographic Conventions v12 Pull-quote Conventions vi13 Notes and Warnings vii
2 Getting Help and Giving Feedback vii21 Do You Need Help vii22 Give us Feedback viii
1 Introduction 111 Other Manuals 1
2 Migrating to Enterprise Application Platform 5 321 Whats New in Enterprise Application Platform 5 3
211 JBoss Application Server 5 GA 3212 Enterprise Java Beans (EJB) 30 4213 Java Enterprise Edition 5 Compliance 4214 Seam 220GA 4215 RESTEasy 11GA 4216 Enhanced Enterprise GUI Installer 4217 Enterprise Application Platform Admin Console 4218 JBoss Transactions includes Java Transaction Service 4219 Distribution with Red Hat Signed JARs 5
22 Whats Different in Enterprise Application Platform 5 5221 Differences in the Distribution Layout 5222 Standard and Web Configuration 8223 Differences in Application Server Configuration Files 8
23 Admin Console 1124 Applications 12
241 Classloading 13242 EAR Scoping 14
3 RPM Upgrade from JBoss Enterprise Application Platform 43 to Version 51 15
4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines 17
5 New Installation 1951 Pre-Requisites 19
511 Hardware Operating System and JVM Requirements 19512 Configuring Your Java Environment 19
6 Installation Options 2161 Web Services Stack 2162 PicketLink Federation 2163 Installation Methods 21
7 ZIP Installation from the Red Hat Customer Portal 2371 HornetQ 24
8 RPM Installation via Red Hat Network 2581 Red Hat Network 2582 Install on Red Hat Enterprise Linux 4 2583 Install on Red Hat Enterprise Linux 5 2684 Install on Red Hat Enterprise Linux 6 27
9 Installation using the Graphical Installer 29
10 Install Native Components 31101 Red Hat Enterprise Linux-specific notes 31
Installation Guide
iv
102 Solaris-specific notes 32103 Native Components Installation 32
11 Post Installation Configuration 35111 Post Installation Security Configuration 35
1111 Security Configuration JMX Console Admin Console HttpInvoker 351112 Securing the HTTPInvoker 361113 Security Configuration Web Console 361114 Security Configuration JBoss Messaging 37
112 Default Database 39113 Memory Settings for the Enterprise Application Platform 39114 Run the Enterprise Application Platform as a Service 41
1141 Run the Enterprise Application Platform as a Service on Microsoft Windows 411142 Run the Enterprise Application Platform as a Service on Red Hat EnterpriseLinux 42
12 Test your Installation 43
13 Remove JBoss Enterprise Application Platform 45
A Disabling Authentication 47
B The Red Hat Customer Portal 51
C Installing a Java Development Kit on Red Hat Enterprise Linux 53C1 OpenJDK on Red Hat Enterprise Linux 5 53C2 Sun Java Development Kit on Red Hat Enterprise Linux 5 53C3 Sun JDK on Red Hat Enterprise Linux ASES 4 54C4 Setting the default JDK with the usrsbinalternatives Utility 55
D Installing the Sun JDK on Microsoft Windows 57
E Installing Apache Ant 59
F Revision History 61
v
Preface
1 Document ConventionsThis manual uses several conventions to highlight certain words and phrases and draw attention tospecific pieces of information
In PDF and paper editions this manual uses typefaces drawn from the Liberation Fonts1 set TheLiberation Fonts set is also used in HTML editions if the set is installed on your system If notalternative but equivalent typefaces are displayed Note Red Hat Enterprise Linux 5 and later includesthe Liberation Fonts set by default
11 Typographic ConventionsFour typographic conventions are used to call attention to specific words and phrases Theseconventions and the circumstances they apply to are as follows
Mono-spaced Bold
Used to highlight system input including shell commands file names and paths Also used to highlightkeycaps and key combinations For example
To see the contents of the file my_next_bestselling_novel in your currentworking directory enter the cat my_next_bestselling_novel command at theshell prompt and press Enter to execute the command
The above includes a file name a shell command and a keycap all presented in mono-spaced boldand all distinguishable thanks to context
Key combinations can be distinguished from keycaps by the hyphen connecting each part of a keycombination For example
Press Enter to execute the command
Press Ctrl+Alt+F2 to switch to the first virtual terminal Press Ctrl+Alt+F1 toreturn to your X-Windows session
The first paragraph highlights the particular keycap to press The second highlights two keycombinations (each a set of three keycaps with each set pressed simultaneously)
If source code is discussed class names methods functions variable names and returned valuesmentioned within a paragraph will be presented as above in mono-spaced bold For example
File-related classes include filesystem for file systems file for files and dir fordirectories Each class has its own associated set of permissions
Proportional Bold
This denotes words or phrases encountered on a system including application names dialog box textlabeled buttons check-box and radio button labels menu titles and sub-menu titles For example
Choose System rarr Preferences rarr Mouse from the main menu bar to launch MousePreferences In the Buttons tab click the Left-handed mouse check box and click
1 httpsfedorahostedorgliberation-fonts
Preface
vi
Close to switch the primary mouse button from the left to the right (making the mousesuitable for use in the left hand)
To insert a special character into a gedit file choose Applications rarr Accessoriesrarr Character Map from the main menu bar Next choose Search rarr Findhellip from theCharacter Map menu bar type the name of the character in the Search field and clickNext The character you sought will be highlighted in the Character Table Double-click this highlighted character to place it in the Text to copy field and then click the
Copy button Now switch back to your document and choose Edit rarr Paste from thegedit menu bar
The above text includes application names system-wide menu names and items application-specificmenu names and buttons and text found within a GUI interface all presented in proportional bold andall distinguishable by context
Mono-spaced Bold Italic or Proportional Bold Italic
Whether mono-spaced bold or proportional bold the addition of italics indicates replaceable orvariable text Italics denotes text you do not input literally or displayed text that changes depending oncircumstance For example
To connect to a remote machine using ssh type ssh usernamedomainname ata shell prompt If the remote machine is examplecom and your username on thatmachine is john type ssh johnexamplecom
The mount -o remount file-system command remounts the named filesystem For example to remount the home file system the command is mount -oremount home
To see the version of a currently installed package use the rpm -q packagecommand It will return a result as follows package-version-release
Note the words in bold italics above mdash username domainname file-system package version andrelease Each word is a placeholder either for text you enter when issuing a command or for textdisplayed by the system
Aside from standard usage for presenting the title of a work italics denotes the first use of a new andimportant term For example
Publican is a DocBook publishing system
12 Pull-quote ConventionsTerminal output and source code listings are set off visually from the surrounding text
Output sent to a terminal is set in mono-spaced roman and presented thus
books Desktop documentation drafts mss photos stuff svnbooks_tests Desktop1 downloads images notes scripts svgs
Source-code listings are also set in mono-spaced roman but add syntax highlighting as follows
package orgjbossbookjcaex1
import javaxnamingInitialContext
Notes and Warnings
vii
public class ExClient public static void main(String args[]) throws Exception InitialContext iniCtx = new InitialContext() Object ref = iniCtxlookup(EchoBean) EchoHome home = (EchoHome) ref Echo echo = homecreate()
Systemoutprintln(Created Echo)
Systemoutprintln(Echoecho(Hello) = + echoecho(Hello))
13 Notes and WarningsFinally we use three visual styles to draw attention to information that might otherwise be overlooked
Note
Notes are tips shortcuts or alternative approaches to the task at hand Ignoring a note shouldhave no negative consequences but you might miss out on a trick that makes your life easier
Important
Important boxes detail things that are easily missed configuration changes that only apply tothe current session or services that need restarting before an update will apply Ignoring a boxlabeled Important will not cause data loss but may cause irritation and frustration
Warning
Warnings should not be ignored Ignoring warnings will most likely cause data loss
2 Getting Help and Giving Feedback
21 Do You Need Help
If you experience difficulty with a procedure described in this documentation visit the Red HatCustomer Portal at httpaccessredhatcom Through the customer portal you can
bull search or browse through a knowledgebase of technical support articles about Red Hat products
bull submit a support case to Red Hat Global Support Services (GSS)
Preface
viii
bull access other product documentation
Red Hat also hosts a large number of electronic mailing lists for discussion of Red Hat software andtechnology You can find a list of publicly available mailing lists at httpswwwredhatcommailmanlistinfo Click on the name of any mailing list to subscribe to that list or to access the list archives
22 Give us Feedback
If you find a typographical error or know how this guide can be improved we would love to hear fromyou Submit a report in Bugzilla against the product JBoss Enterprise Application Platform5 and the component doc-Installation_Guide The following link will take you to a pre-filled bugreport for this product httpbugzillaredhatcom2
Fill out the following template in Bugzillas Description field Be as specific as possible whendescribing the issue this will help ensure that we can fix it quickly
Document URL
Section Number and Name
Describe the issue
Suggestions for improvement
Additional information
Be sure to give us your name so that you can receive full credit for reporting the issue
2 httpsbugzillaredhatcomenter_bugcgiproduct=JBoss20Enterprise20Application20Platform205ampcomponent=doc-Installation_Guideampversion=512ampshort_desc=Bug20in20Installation20Guide
Chapter 1
1
IntroductionJBoss Enterprise Application Platform is the open source implementation of the Java EE suite ofservices It comprises a set of offerings for enterprise customers who are looking for preconfiguredprofiles of JBoss Enterprise Middleware components that have been tested and certified togetherto provide an integrated experience Its easy-to-use server architecture and high flexibility makesJBoss the ideal choice for users just starting out with J2EE as well as senior architects looking for acustomizable middleware platform
Because it is Java-based JBoss Enterprise Application Platform is cross-platform easy to installand use on any operating system that supports Java The readily available source code is a powerfullearning tool to debug the server and understand it It also gives you the flexibility to create customizedversions for your personal or business use
Installing JBoss Enterprise Web Platform is simple and easy You can have it installed and running inno time This guide will teach you to install and uninstall JBoss
11 Other ManualsIf you are looking for detailed product information refer to the manuals available online at httpdocsredhatcom
2
Chapter 2
3
Migrating to Enterprise ApplicationPlatform 5This chapter provides information for administrators who plan to move their enterprise servers fromJBoss Enterprise Application Platform 42 or 43 to the new Enterprise Application Platform 5
The first section covers new features available in Enterprise Application Platform 5 The secondsection covers the changes to configuration administration and application deployment betweenEnterprise Application Platform 4x and Enterprise Application Platform 5
If you require further information refer to the relevant guides provided in this release
21 Whats New in Enterprise Application Platform 5This section provides an overview of the components of Enterprise Application Platform 5 and thechanges to each component between version 4x and 5
211 JBoss Application Server 5 GAJBoss Application Server 5 is the next generation of the JBoss Application Server built on top of a newkernel architecture the JBoss Microcontainer The JBoss Microcontainer is a lightweight containerfor managing the deployment configuration and lifecycle of Plain Old Java Objects (POJOs) Whileremaining compatible with the 4x-based JMX kernel the Microcontainer integrates with the JBossframework for Aspect Oriented Programming JBoss AOP JMX support remains strong in JBossAS 5 and MBean services written against the old Microkernel work as expected Further it lays thegroundwork for Java EE 6 profile-oriented configurations and embedded JBoss AS which will allow forfine grained selection of services for both unit testing and embedded scenarios
2111 ProfileService-based Deployment ConfigurationDefinitions for both non-kernel deployers and their deployment are now contained in a Profile obtainedfrom the ProfileService The ProfileService replaces JBoss AS 4x server configuration In JBossAS 4x a server configuration was a collection of services and applications loaded from the deploydirectory by the deployment scanner service Enterprise Application Platform 5 uses more activeprofiles which may depend on other sub-profiles
The main profile is the server profile which is based on the $jbossservername This profilehas three sub-profiles
bull bootstrap mdash representing confjboss-servicexml
bull deployers mdash the deployers directory
bull applications mdash a hot-deployment profile for the deploy and additional user directories
A profile generally represents a named collection of deployments on a server A profile can also applycertain behaviors to the deployments that it manages Some profiles such as the applicationprofile provide hot-deployment checks and allow remote distribution of deployed applications viathe DeploymentManager Other profiles can provide a farming service to distribute deploymentsover a cluster The ProfileService also provides the ManagementView for ManagedDeploymentsManagedObjects used by the Enterprise Application Admin Console (admin-console)
Chapter 2 Migrating to Enterprise Application Platform 5
4
212 Enterprise Java Beans (EJB) 30JBoss EJB 30 an implementation of the latest revision of the EJB specification is a deep overhauland simplification of earlier versions of the EJB specification It simplifies development facilitates atest driven approach and focuses more on writing POJOs rather than coding against complex EJBAPIs
213 Java Enterprise Edition 5 ComplianceJBoss Enterprise Application Platform 5 is a fully-certified Java EE 5 implementation It uses themicrocontainer to integrate enterprise services with a ServletJSP container EJB container deployersand management utilities providing a standard Java EE environment with the flexibility to deployadditional services on top of Java EE to give you the functionality you need For further compatibilitydetails read httpjavasuncomjavaeeoverviewcompatibilityjsp page
214 Seam 220GASeam is an application framework for Java Enterprise Edition It integrates technologies such asAsynchronous JavaScript and XML (AJAX) JavaServer Faces (JSF) Java Persistence (JPA)Enterprise JavaBeans 30 (EJB) and Business Process Management (BPM) Seam enablesdevelopers to assemble complex web applications using simple annotated Java classes a rich set ofUI components and very little XML
215 RESTEasy 11GARESTEasy provides several frameworks to help you build RESTful Web Services and RESTful Javaapplications It is a fully-certified portable implementation of the JAX-RS1 specification which definesa Java API for RESTful Web Services over the Hypertext Transfer Protocol (HTTP)
216 Enhanced Enterprise GUI InstallerThe Enterprise Installer retains the familiar Enterprise Application Platform 43 interface but includesenhancements to provide you with a complete Enterprise Application Platform 5 installation Theinstaller is localized and provides you with secure JMX Web and Admin Consoles
The new Enterprise Installer also presents users with the opportunity to install the optional Nativepackage which includes JBoss Native and mod_jk The Native package helps users who wish to useTomcat or JBoss Web with the HTTP daemon
217 Enterprise Application Platform Admin ConsoleA new Admin Console is being introduced in this Enterprise Application Platform release The admin-console enables configuration and management of a single Enterprise Application Platform serverinstance See Section 23 ldquoAdmin Consolerdquo for more information about this new managementconsole
218 JBoss Transactions includes Java Transaction ServiceJBoss Transactions now includes the Java Transaction Service and the XML Transaction ServiceThe Java Transaction Service handles distributed interoperable transactions between EnterpriseJavaBean containers The XML Transaction Service handles transactions for Web Services
1 httpjsr311devjavanet
Distribution with Red Hat Signed JARs
5
219 Distribution with Red Hat Signed JARsJAR files included with JBoss Enterprise Application Platform are digitally signed by Red Hat Thisgives you an additional level of security about the source and identity of the code executing on yoursystems
For the complete technology matrix and information on the revision level of included componentsplease refer to the Release Notes
22 Whats Different in Enterprise Application Platform 5The distribution layout and configuration information in the Enterprise Application Platform 5distribution are similar to the Enterprise Application Platform 4x series with some notable differencesThis section highlights the differences at a glance
221 Differences in the Distribution LayoutThe directory structure of jboss-as directory is summarized below
bull bin mdash contains start scripts and runjar
bull client mdash contains client JARs
Note
Previously JBoss client libraries were bundled in jbossall-clientjar Rather thanincluding them jbossall-clientjar now references them through a Classpath manifestentry This enables granular updating of libraries without requiring replacement of all librariesIt requires that you have the jbossall-clientjar which now acts as a map or index aswell as the actual clientjar libraries
bull commonlib mdash contains shared libraries common to various configurations have been movedto this new shared location This eliminates the need for multiple copies of the same library in thedistribution
The location of the common library directory is controlled with the following properties
bull jbosscommonbaseurl mdash the default value is $jbosshomeurlcommon
bull jbosscommonliburl mdash the default value is $jbosscommonbaseurllib
You can set these properties in runconf under JAVA_OPTS with the -D flag
JAVA_OPTS=[] -Djbosscommonbaseurl=$URL1 -Djbosscommonliburl=$URL2
The common library directory is shared by all configuration types except for the minimalconfiguration The common library is referenced at the beginning of every configurations confjboss-servicexml
ltclasspath codebase=$jbossserverliburl archives=gt
Chapter 2 Migrating to Enterprise Application Platform 5
6
The library directory of the individual directory remains in place although in some cases (as in$JBOSS_HOMEserverdefaultlib) it is an empty directory
bull docs mdash contains schemas document type declarations examples and licenses Most deploymentdescriptors now use XML Schema Definitions (XSDs) One exception is jboss-app which usesjboss-app_5_0dtd JBoss Web uses jboss-web_5_1xsd For Enterprise JavaBeans30 deployments jboss_5_1xsd is the recommended schema Enterprise JavaBeans 20deployments must use jboss_x_xdtd
bull lib mdash contains the core bootstrap JARs These have been changed slightly to accommodate theMicrocontainer and the division of jboss-common
bull server mdash contains directories for configuring the server
bull $PROFILE mdash contains the configuration details of a particular server profile
bull conf
bull bootstrapxml mdash a new kernel bootstrap configuration that refers to other configurationfiles containing the beans to set up each individual subsystem
bull bindingservicebeans
bull META-INF
bull bindings-jboss-beansxml mdash contains required port bindings
bull jboss-bindingservicejar
bull bootstrap
bull vfsxml mdash initializes the virtual file system
bull classloaderxml
bull aopxml
bull jmxxml mdash legacy JMX support
bull deployersxml
bull profile-repositoryxml mdash the ProfileService enabled deployment repository
bull jax-ws-catalogxml mdash an Oasis Catalog-driven SchemaDTD namespace configurationfile
bull jbossts-propertiesxml mdash contains new JBossTS properties
bull jboss-servicexml mdash contains legacy static managed beans to retain compatibility
bull jndiproperties mdash contains JNDI configuration properties
bull log4jxml mdash contains log4j configuration information
bull login-configxml mdash contains JAAS login configuration information
bull props mdash contains default JAAS login properties files
bull standardjbosscmp-jdbcxml mdash contains CMP2 configuration information
Differences in the Distribution Layout
7
bull standardjbossxml mdash contains Enterprise JavaBean 20 configuration information
bull xmdesc mdash contains legacy XML managed bean descriptors
bull deploy
bull jca-jboss-beansxml
bull hdscanner-jboss-beansxml mdash contains the hot-deployment scanner
bull legacy-invokers-servicexml
bull profileservice-jboss-beansxml
bull remoting-jboss-beansxml
bull transaction-jboss-beansxml
bull vfs-jboss-beansxml
bull deployers mdash contains new VDF deployers
bull bsh-deployer mdash contains the beanshell deployer
bull ejb3deployer mdash contains Enterprise JavaBean 30 deployers
bull jboss-aop-jboss5deployer mdash contains the aspect deployer
bull jboss-jcadeployer mdash contains the JCA deployers
bull jbosswebdeployer mdash contains the WAR deployers
bull jbosswsdeployer mdash contains the web service deployers
bull seamdeployer mdash contains the Seam deployer
bull clustering-deployers-jboss-beansxml
bull dependency-deployers-jboss-beansxml
bull directory-deployer-jboss-beansxml
bull ear-deployer-jboss-beansxml
bull ejb-deployer-jboss-beansxml
bull hibernate-deployer-jboss-beansxml
bull logbridge-boss-beansxml
bull jsr77-deployers-jboss-beansxml mdash contains JSR-77 (J2EE Management) support
bull metadata-deployer-jboss-beansxml mdash contains the metadata handlers
bull messaging-definitions-jboss-beansxml mdash contains data required to map JMSdestinations to managed objects
bull security-deployer-jboss-beansxml mdash contains the security deployers
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Installation Guide
JBoss Enterprise Application Platform 5 Installation Guidefor Use with JBoss Enterprise Application Platform 5Edition 512
Author Jared MorganAuthor Laura BaileyAuthor Joshua Wulf
Copyright copy 2011 Red Hat Inc
The text of and illustrations in this document are licensed by Red Hat under a Creative CommonsAttributionndashShare Alike 30 Unported license (CC-BY-SA) An explanation of CC-BY-SA is availableat httpcreativecommonsorglicensesby-sa30 In accordance with CC-BY-SA if you distribute thisdocument or an adaptation of it you must provide the URL for the original version
Red Hat as the licensor of this document waives the right to enforce and agrees not to assertSection 4d of CC-BY-SA to the fullest extent permitted by applicable law
Red Hat Red Hat Enterprise Linux the Shadowman logo JBoss MetaMatrix Fedora the InfinityLogo and RHCE are trademarks of Red Hat Inc registered in the United States and other countries
Linuxreg is the registered trademark of Linus Torvalds in the United States and other countries
Javareg is a registered trademark of Oracle andor its affiliates
XFSreg is a trademark of Silicon Graphics International Corp or its subsidiaries in the United Statesandor other countries
MySQLreg is a registered trademark of MySQL AB in the United States the European Union and othercountries
All other trademarks are the property of their respective owners
This Installation Guide documents relevant information regarding the installation of JBoss EnterpriseApplication Platform 5 and its patch releases
iii
Preface v1 Document Conventions v
11 Typographic Conventions v12 Pull-quote Conventions vi13 Notes and Warnings vii
2 Getting Help and Giving Feedback vii21 Do You Need Help vii22 Give us Feedback viii
1 Introduction 111 Other Manuals 1
2 Migrating to Enterprise Application Platform 5 321 Whats New in Enterprise Application Platform 5 3
211 JBoss Application Server 5 GA 3212 Enterprise Java Beans (EJB) 30 4213 Java Enterprise Edition 5 Compliance 4214 Seam 220GA 4215 RESTEasy 11GA 4216 Enhanced Enterprise GUI Installer 4217 Enterprise Application Platform Admin Console 4218 JBoss Transactions includes Java Transaction Service 4219 Distribution with Red Hat Signed JARs 5
22 Whats Different in Enterprise Application Platform 5 5221 Differences in the Distribution Layout 5222 Standard and Web Configuration 8223 Differences in Application Server Configuration Files 8
23 Admin Console 1124 Applications 12
241 Classloading 13242 EAR Scoping 14
3 RPM Upgrade from JBoss Enterprise Application Platform 43 to Version 51 15
4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines 17
5 New Installation 1951 Pre-Requisites 19
511 Hardware Operating System and JVM Requirements 19512 Configuring Your Java Environment 19
6 Installation Options 2161 Web Services Stack 2162 PicketLink Federation 2163 Installation Methods 21
7 ZIP Installation from the Red Hat Customer Portal 2371 HornetQ 24
8 RPM Installation via Red Hat Network 2581 Red Hat Network 2582 Install on Red Hat Enterprise Linux 4 2583 Install on Red Hat Enterprise Linux 5 2684 Install on Red Hat Enterprise Linux 6 27
9 Installation using the Graphical Installer 29
10 Install Native Components 31101 Red Hat Enterprise Linux-specific notes 31
Installation Guide
iv
102 Solaris-specific notes 32103 Native Components Installation 32
11 Post Installation Configuration 35111 Post Installation Security Configuration 35
1111 Security Configuration JMX Console Admin Console HttpInvoker 351112 Securing the HTTPInvoker 361113 Security Configuration Web Console 361114 Security Configuration JBoss Messaging 37
112 Default Database 39113 Memory Settings for the Enterprise Application Platform 39114 Run the Enterprise Application Platform as a Service 41
1141 Run the Enterprise Application Platform as a Service on Microsoft Windows 411142 Run the Enterprise Application Platform as a Service on Red Hat EnterpriseLinux 42
12 Test your Installation 43
13 Remove JBoss Enterprise Application Platform 45
A Disabling Authentication 47
B The Red Hat Customer Portal 51
C Installing a Java Development Kit on Red Hat Enterprise Linux 53C1 OpenJDK on Red Hat Enterprise Linux 5 53C2 Sun Java Development Kit on Red Hat Enterprise Linux 5 53C3 Sun JDK on Red Hat Enterprise Linux ASES 4 54C4 Setting the default JDK with the usrsbinalternatives Utility 55
D Installing the Sun JDK on Microsoft Windows 57
E Installing Apache Ant 59
F Revision History 61
v
Preface
1 Document ConventionsThis manual uses several conventions to highlight certain words and phrases and draw attention tospecific pieces of information
In PDF and paper editions this manual uses typefaces drawn from the Liberation Fonts1 set TheLiberation Fonts set is also used in HTML editions if the set is installed on your system If notalternative but equivalent typefaces are displayed Note Red Hat Enterprise Linux 5 and later includesthe Liberation Fonts set by default
11 Typographic ConventionsFour typographic conventions are used to call attention to specific words and phrases Theseconventions and the circumstances they apply to are as follows
Mono-spaced Bold
Used to highlight system input including shell commands file names and paths Also used to highlightkeycaps and key combinations For example
To see the contents of the file my_next_bestselling_novel in your currentworking directory enter the cat my_next_bestselling_novel command at theshell prompt and press Enter to execute the command
The above includes a file name a shell command and a keycap all presented in mono-spaced boldand all distinguishable thanks to context
Key combinations can be distinguished from keycaps by the hyphen connecting each part of a keycombination For example
Press Enter to execute the command
Press Ctrl+Alt+F2 to switch to the first virtual terminal Press Ctrl+Alt+F1 toreturn to your X-Windows session
The first paragraph highlights the particular keycap to press The second highlights two keycombinations (each a set of three keycaps with each set pressed simultaneously)
If source code is discussed class names methods functions variable names and returned valuesmentioned within a paragraph will be presented as above in mono-spaced bold For example
File-related classes include filesystem for file systems file for files and dir fordirectories Each class has its own associated set of permissions
Proportional Bold
This denotes words or phrases encountered on a system including application names dialog box textlabeled buttons check-box and radio button labels menu titles and sub-menu titles For example
Choose System rarr Preferences rarr Mouse from the main menu bar to launch MousePreferences In the Buttons tab click the Left-handed mouse check box and click
1 httpsfedorahostedorgliberation-fonts
Preface
vi
Close to switch the primary mouse button from the left to the right (making the mousesuitable for use in the left hand)
To insert a special character into a gedit file choose Applications rarr Accessoriesrarr Character Map from the main menu bar Next choose Search rarr Findhellip from theCharacter Map menu bar type the name of the character in the Search field and clickNext The character you sought will be highlighted in the Character Table Double-click this highlighted character to place it in the Text to copy field and then click the
Copy button Now switch back to your document and choose Edit rarr Paste from thegedit menu bar
The above text includes application names system-wide menu names and items application-specificmenu names and buttons and text found within a GUI interface all presented in proportional bold andall distinguishable by context
Mono-spaced Bold Italic or Proportional Bold Italic
Whether mono-spaced bold or proportional bold the addition of italics indicates replaceable orvariable text Italics denotes text you do not input literally or displayed text that changes depending oncircumstance For example
To connect to a remote machine using ssh type ssh usernamedomainname ata shell prompt If the remote machine is examplecom and your username on thatmachine is john type ssh johnexamplecom
The mount -o remount file-system command remounts the named filesystem For example to remount the home file system the command is mount -oremount home
To see the version of a currently installed package use the rpm -q packagecommand It will return a result as follows package-version-release
Note the words in bold italics above mdash username domainname file-system package version andrelease Each word is a placeholder either for text you enter when issuing a command or for textdisplayed by the system
Aside from standard usage for presenting the title of a work italics denotes the first use of a new andimportant term For example
Publican is a DocBook publishing system
12 Pull-quote ConventionsTerminal output and source code listings are set off visually from the surrounding text
Output sent to a terminal is set in mono-spaced roman and presented thus
books Desktop documentation drafts mss photos stuff svnbooks_tests Desktop1 downloads images notes scripts svgs
Source-code listings are also set in mono-spaced roman but add syntax highlighting as follows
package orgjbossbookjcaex1
import javaxnamingInitialContext
Notes and Warnings
vii
public class ExClient public static void main(String args[]) throws Exception InitialContext iniCtx = new InitialContext() Object ref = iniCtxlookup(EchoBean) EchoHome home = (EchoHome) ref Echo echo = homecreate()
Systemoutprintln(Created Echo)
Systemoutprintln(Echoecho(Hello) = + echoecho(Hello))
13 Notes and WarningsFinally we use three visual styles to draw attention to information that might otherwise be overlooked
Note
Notes are tips shortcuts or alternative approaches to the task at hand Ignoring a note shouldhave no negative consequences but you might miss out on a trick that makes your life easier
Important
Important boxes detail things that are easily missed configuration changes that only apply tothe current session or services that need restarting before an update will apply Ignoring a boxlabeled Important will not cause data loss but may cause irritation and frustration
Warning
Warnings should not be ignored Ignoring warnings will most likely cause data loss
2 Getting Help and Giving Feedback
21 Do You Need Help
If you experience difficulty with a procedure described in this documentation visit the Red HatCustomer Portal at httpaccessredhatcom Through the customer portal you can
bull search or browse through a knowledgebase of technical support articles about Red Hat products
bull submit a support case to Red Hat Global Support Services (GSS)
Preface
viii
bull access other product documentation
Red Hat also hosts a large number of electronic mailing lists for discussion of Red Hat software andtechnology You can find a list of publicly available mailing lists at httpswwwredhatcommailmanlistinfo Click on the name of any mailing list to subscribe to that list or to access the list archives
22 Give us Feedback
If you find a typographical error or know how this guide can be improved we would love to hear fromyou Submit a report in Bugzilla against the product JBoss Enterprise Application Platform5 and the component doc-Installation_Guide The following link will take you to a pre-filled bugreport for this product httpbugzillaredhatcom2
Fill out the following template in Bugzillas Description field Be as specific as possible whendescribing the issue this will help ensure that we can fix it quickly
Document URL
Section Number and Name
Describe the issue
Suggestions for improvement
Additional information
Be sure to give us your name so that you can receive full credit for reporting the issue
2 httpsbugzillaredhatcomenter_bugcgiproduct=JBoss20Enterprise20Application20Platform205ampcomponent=doc-Installation_Guideampversion=512ampshort_desc=Bug20in20Installation20Guide
Chapter 1
1
IntroductionJBoss Enterprise Application Platform is the open source implementation of the Java EE suite ofservices It comprises a set of offerings for enterprise customers who are looking for preconfiguredprofiles of JBoss Enterprise Middleware components that have been tested and certified togetherto provide an integrated experience Its easy-to-use server architecture and high flexibility makesJBoss the ideal choice for users just starting out with J2EE as well as senior architects looking for acustomizable middleware platform
Because it is Java-based JBoss Enterprise Application Platform is cross-platform easy to installand use on any operating system that supports Java The readily available source code is a powerfullearning tool to debug the server and understand it It also gives you the flexibility to create customizedversions for your personal or business use
Installing JBoss Enterprise Web Platform is simple and easy You can have it installed and running inno time This guide will teach you to install and uninstall JBoss
11 Other ManualsIf you are looking for detailed product information refer to the manuals available online at httpdocsredhatcom
2
Chapter 2
3
Migrating to Enterprise ApplicationPlatform 5This chapter provides information for administrators who plan to move their enterprise servers fromJBoss Enterprise Application Platform 42 or 43 to the new Enterprise Application Platform 5
The first section covers new features available in Enterprise Application Platform 5 The secondsection covers the changes to configuration administration and application deployment betweenEnterprise Application Platform 4x and Enterprise Application Platform 5
If you require further information refer to the relevant guides provided in this release
21 Whats New in Enterprise Application Platform 5This section provides an overview of the components of Enterprise Application Platform 5 and thechanges to each component between version 4x and 5
211 JBoss Application Server 5 GAJBoss Application Server 5 is the next generation of the JBoss Application Server built on top of a newkernel architecture the JBoss Microcontainer The JBoss Microcontainer is a lightweight containerfor managing the deployment configuration and lifecycle of Plain Old Java Objects (POJOs) Whileremaining compatible with the 4x-based JMX kernel the Microcontainer integrates with the JBossframework for Aspect Oriented Programming JBoss AOP JMX support remains strong in JBossAS 5 and MBean services written against the old Microkernel work as expected Further it lays thegroundwork for Java EE 6 profile-oriented configurations and embedded JBoss AS which will allow forfine grained selection of services for both unit testing and embedded scenarios
2111 ProfileService-based Deployment ConfigurationDefinitions for both non-kernel deployers and their deployment are now contained in a Profile obtainedfrom the ProfileService The ProfileService replaces JBoss AS 4x server configuration In JBossAS 4x a server configuration was a collection of services and applications loaded from the deploydirectory by the deployment scanner service Enterprise Application Platform 5 uses more activeprofiles which may depend on other sub-profiles
The main profile is the server profile which is based on the $jbossservername This profilehas three sub-profiles
bull bootstrap mdash representing confjboss-servicexml
bull deployers mdash the deployers directory
bull applications mdash a hot-deployment profile for the deploy and additional user directories
A profile generally represents a named collection of deployments on a server A profile can also applycertain behaviors to the deployments that it manages Some profiles such as the applicationprofile provide hot-deployment checks and allow remote distribution of deployed applications viathe DeploymentManager Other profiles can provide a farming service to distribute deploymentsover a cluster The ProfileService also provides the ManagementView for ManagedDeploymentsManagedObjects used by the Enterprise Application Admin Console (admin-console)
Chapter 2 Migrating to Enterprise Application Platform 5
4
212 Enterprise Java Beans (EJB) 30JBoss EJB 30 an implementation of the latest revision of the EJB specification is a deep overhauland simplification of earlier versions of the EJB specification It simplifies development facilitates atest driven approach and focuses more on writing POJOs rather than coding against complex EJBAPIs
213 Java Enterprise Edition 5 ComplianceJBoss Enterprise Application Platform 5 is a fully-certified Java EE 5 implementation It uses themicrocontainer to integrate enterprise services with a ServletJSP container EJB container deployersand management utilities providing a standard Java EE environment with the flexibility to deployadditional services on top of Java EE to give you the functionality you need For further compatibilitydetails read httpjavasuncomjavaeeoverviewcompatibilityjsp page
214 Seam 220GASeam is an application framework for Java Enterprise Edition It integrates technologies such asAsynchronous JavaScript and XML (AJAX) JavaServer Faces (JSF) Java Persistence (JPA)Enterprise JavaBeans 30 (EJB) and Business Process Management (BPM) Seam enablesdevelopers to assemble complex web applications using simple annotated Java classes a rich set ofUI components and very little XML
215 RESTEasy 11GARESTEasy provides several frameworks to help you build RESTful Web Services and RESTful Javaapplications It is a fully-certified portable implementation of the JAX-RS1 specification which definesa Java API for RESTful Web Services over the Hypertext Transfer Protocol (HTTP)
216 Enhanced Enterprise GUI InstallerThe Enterprise Installer retains the familiar Enterprise Application Platform 43 interface but includesenhancements to provide you with a complete Enterprise Application Platform 5 installation Theinstaller is localized and provides you with secure JMX Web and Admin Consoles
The new Enterprise Installer also presents users with the opportunity to install the optional Nativepackage which includes JBoss Native and mod_jk The Native package helps users who wish to useTomcat or JBoss Web with the HTTP daemon
217 Enterprise Application Platform Admin ConsoleA new Admin Console is being introduced in this Enterprise Application Platform release The admin-console enables configuration and management of a single Enterprise Application Platform serverinstance See Section 23 ldquoAdmin Consolerdquo for more information about this new managementconsole
218 JBoss Transactions includes Java Transaction ServiceJBoss Transactions now includes the Java Transaction Service and the XML Transaction ServiceThe Java Transaction Service handles distributed interoperable transactions between EnterpriseJavaBean containers The XML Transaction Service handles transactions for Web Services
1 httpjsr311devjavanet
Distribution with Red Hat Signed JARs
5
219 Distribution with Red Hat Signed JARsJAR files included with JBoss Enterprise Application Platform are digitally signed by Red Hat Thisgives you an additional level of security about the source and identity of the code executing on yoursystems
For the complete technology matrix and information on the revision level of included componentsplease refer to the Release Notes
22 Whats Different in Enterprise Application Platform 5The distribution layout and configuration information in the Enterprise Application Platform 5distribution are similar to the Enterprise Application Platform 4x series with some notable differencesThis section highlights the differences at a glance
221 Differences in the Distribution LayoutThe directory structure of jboss-as directory is summarized below
bull bin mdash contains start scripts and runjar
bull client mdash contains client JARs
Note
Previously JBoss client libraries were bundled in jbossall-clientjar Rather thanincluding them jbossall-clientjar now references them through a Classpath manifestentry This enables granular updating of libraries without requiring replacement of all librariesIt requires that you have the jbossall-clientjar which now acts as a map or index aswell as the actual clientjar libraries
bull commonlib mdash contains shared libraries common to various configurations have been movedto this new shared location This eliminates the need for multiple copies of the same library in thedistribution
The location of the common library directory is controlled with the following properties
bull jbosscommonbaseurl mdash the default value is $jbosshomeurlcommon
bull jbosscommonliburl mdash the default value is $jbosscommonbaseurllib
You can set these properties in runconf under JAVA_OPTS with the -D flag
JAVA_OPTS=[] -Djbosscommonbaseurl=$URL1 -Djbosscommonliburl=$URL2
The common library directory is shared by all configuration types except for the minimalconfiguration The common library is referenced at the beginning of every configurations confjboss-servicexml
ltclasspath codebase=$jbossserverliburl archives=gt
Chapter 2 Migrating to Enterprise Application Platform 5
6
The library directory of the individual directory remains in place although in some cases (as in$JBOSS_HOMEserverdefaultlib) it is an empty directory
bull docs mdash contains schemas document type declarations examples and licenses Most deploymentdescriptors now use XML Schema Definitions (XSDs) One exception is jboss-app which usesjboss-app_5_0dtd JBoss Web uses jboss-web_5_1xsd For Enterprise JavaBeans30 deployments jboss_5_1xsd is the recommended schema Enterprise JavaBeans 20deployments must use jboss_x_xdtd
bull lib mdash contains the core bootstrap JARs These have been changed slightly to accommodate theMicrocontainer and the division of jboss-common
bull server mdash contains directories for configuring the server
bull $PROFILE mdash contains the configuration details of a particular server profile
bull conf
bull bootstrapxml mdash a new kernel bootstrap configuration that refers to other configurationfiles containing the beans to set up each individual subsystem
bull bindingservicebeans
bull META-INF
bull bindings-jboss-beansxml mdash contains required port bindings
bull jboss-bindingservicejar
bull bootstrap
bull vfsxml mdash initializes the virtual file system
bull classloaderxml
bull aopxml
bull jmxxml mdash legacy JMX support
bull deployersxml
bull profile-repositoryxml mdash the ProfileService enabled deployment repository
bull jax-ws-catalogxml mdash an Oasis Catalog-driven SchemaDTD namespace configurationfile
bull jbossts-propertiesxml mdash contains new JBossTS properties
bull jboss-servicexml mdash contains legacy static managed beans to retain compatibility
bull jndiproperties mdash contains JNDI configuration properties
bull log4jxml mdash contains log4j configuration information
bull login-configxml mdash contains JAAS login configuration information
bull props mdash contains default JAAS login properties files
bull standardjbosscmp-jdbcxml mdash contains CMP2 configuration information
Differences in the Distribution Layout
7
bull standardjbossxml mdash contains Enterprise JavaBean 20 configuration information
bull xmdesc mdash contains legacy XML managed bean descriptors
bull deploy
bull jca-jboss-beansxml
bull hdscanner-jboss-beansxml mdash contains the hot-deployment scanner
bull legacy-invokers-servicexml
bull profileservice-jboss-beansxml
bull remoting-jboss-beansxml
bull transaction-jboss-beansxml
bull vfs-jboss-beansxml
bull deployers mdash contains new VDF deployers
bull bsh-deployer mdash contains the beanshell deployer
bull ejb3deployer mdash contains Enterprise JavaBean 30 deployers
bull jboss-aop-jboss5deployer mdash contains the aspect deployer
bull jboss-jcadeployer mdash contains the JCA deployers
bull jbosswebdeployer mdash contains the WAR deployers
bull jbosswsdeployer mdash contains the web service deployers
bull seamdeployer mdash contains the Seam deployer
bull clustering-deployers-jboss-beansxml
bull dependency-deployers-jboss-beansxml
bull directory-deployer-jboss-beansxml
bull ear-deployer-jboss-beansxml
bull ejb-deployer-jboss-beansxml
bull hibernate-deployer-jboss-beansxml
bull logbridge-boss-beansxml
bull jsr77-deployers-jboss-beansxml mdash contains JSR-77 (J2EE Management) support
bull metadata-deployer-jboss-beansxml mdash contains the metadata handlers
bull messaging-definitions-jboss-beansxml mdash contains data required to map JMSdestinations to managed objects
bull security-deployer-jboss-beansxml mdash contains the security deployers
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
iii
Preface v1 Document Conventions v
11 Typographic Conventions v12 Pull-quote Conventions vi13 Notes and Warnings vii
2 Getting Help and Giving Feedback vii21 Do You Need Help vii22 Give us Feedback viii
1 Introduction 111 Other Manuals 1
2 Migrating to Enterprise Application Platform 5 321 Whats New in Enterprise Application Platform 5 3
211 JBoss Application Server 5 GA 3212 Enterprise Java Beans (EJB) 30 4213 Java Enterprise Edition 5 Compliance 4214 Seam 220GA 4215 RESTEasy 11GA 4216 Enhanced Enterprise GUI Installer 4217 Enterprise Application Platform Admin Console 4218 JBoss Transactions includes Java Transaction Service 4219 Distribution with Red Hat Signed JARs 5
22 Whats Different in Enterprise Application Platform 5 5221 Differences in the Distribution Layout 5222 Standard and Web Configuration 8223 Differences in Application Server Configuration Files 8
23 Admin Console 1124 Applications 12
241 Classloading 13242 EAR Scoping 14
3 RPM Upgrade from JBoss Enterprise Application Platform 43 to Version 51 15
4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines 17
5 New Installation 1951 Pre-Requisites 19
511 Hardware Operating System and JVM Requirements 19512 Configuring Your Java Environment 19
6 Installation Options 2161 Web Services Stack 2162 PicketLink Federation 2163 Installation Methods 21
7 ZIP Installation from the Red Hat Customer Portal 2371 HornetQ 24
8 RPM Installation via Red Hat Network 2581 Red Hat Network 2582 Install on Red Hat Enterprise Linux 4 2583 Install on Red Hat Enterprise Linux 5 2684 Install on Red Hat Enterprise Linux 6 27
9 Installation using the Graphical Installer 29
10 Install Native Components 31101 Red Hat Enterprise Linux-specific notes 31
Installation Guide
iv
102 Solaris-specific notes 32103 Native Components Installation 32
11 Post Installation Configuration 35111 Post Installation Security Configuration 35
1111 Security Configuration JMX Console Admin Console HttpInvoker 351112 Securing the HTTPInvoker 361113 Security Configuration Web Console 361114 Security Configuration JBoss Messaging 37
112 Default Database 39113 Memory Settings for the Enterprise Application Platform 39114 Run the Enterprise Application Platform as a Service 41
1141 Run the Enterprise Application Platform as a Service on Microsoft Windows 411142 Run the Enterprise Application Platform as a Service on Red Hat EnterpriseLinux 42
12 Test your Installation 43
13 Remove JBoss Enterprise Application Platform 45
A Disabling Authentication 47
B The Red Hat Customer Portal 51
C Installing a Java Development Kit on Red Hat Enterprise Linux 53C1 OpenJDK on Red Hat Enterprise Linux 5 53C2 Sun Java Development Kit on Red Hat Enterprise Linux 5 53C3 Sun JDK on Red Hat Enterprise Linux ASES 4 54C4 Setting the default JDK with the usrsbinalternatives Utility 55
D Installing the Sun JDK on Microsoft Windows 57
E Installing Apache Ant 59
F Revision History 61
v
Preface
1 Document ConventionsThis manual uses several conventions to highlight certain words and phrases and draw attention tospecific pieces of information
In PDF and paper editions this manual uses typefaces drawn from the Liberation Fonts1 set TheLiberation Fonts set is also used in HTML editions if the set is installed on your system If notalternative but equivalent typefaces are displayed Note Red Hat Enterprise Linux 5 and later includesthe Liberation Fonts set by default
11 Typographic ConventionsFour typographic conventions are used to call attention to specific words and phrases Theseconventions and the circumstances they apply to are as follows
Mono-spaced Bold
Used to highlight system input including shell commands file names and paths Also used to highlightkeycaps and key combinations For example
To see the contents of the file my_next_bestselling_novel in your currentworking directory enter the cat my_next_bestselling_novel command at theshell prompt and press Enter to execute the command
The above includes a file name a shell command and a keycap all presented in mono-spaced boldand all distinguishable thanks to context
Key combinations can be distinguished from keycaps by the hyphen connecting each part of a keycombination For example
Press Enter to execute the command
Press Ctrl+Alt+F2 to switch to the first virtual terminal Press Ctrl+Alt+F1 toreturn to your X-Windows session
The first paragraph highlights the particular keycap to press The second highlights two keycombinations (each a set of three keycaps with each set pressed simultaneously)
If source code is discussed class names methods functions variable names and returned valuesmentioned within a paragraph will be presented as above in mono-spaced bold For example
File-related classes include filesystem for file systems file for files and dir fordirectories Each class has its own associated set of permissions
Proportional Bold
This denotes words or phrases encountered on a system including application names dialog box textlabeled buttons check-box and radio button labels menu titles and sub-menu titles For example
Choose System rarr Preferences rarr Mouse from the main menu bar to launch MousePreferences In the Buttons tab click the Left-handed mouse check box and click
1 httpsfedorahostedorgliberation-fonts
Preface
vi
Close to switch the primary mouse button from the left to the right (making the mousesuitable for use in the left hand)
To insert a special character into a gedit file choose Applications rarr Accessoriesrarr Character Map from the main menu bar Next choose Search rarr Findhellip from theCharacter Map menu bar type the name of the character in the Search field and clickNext The character you sought will be highlighted in the Character Table Double-click this highlighted character to place it in the Text to copy field and then click the
Copy button Now switch back to your document and choose Edit rarr Paste from thegedit menu bar
The above text includes application names system-wide menu names and items application-specificmenu names and buttons and text found within a GUI interface all presented in proportional bold andall distinguishable by context
Mono-spaced Bold Italic or Proportional Bold Italic
Whether mono-spaced bold or proportional bold the addition of italics indicates replaceable orvariable text Italics denotes text you do not input literally or displayed text that changes depending oncircumstance For example
To connect to a remote machine using ssh type ssh usernamedomainname ata shell prompt If the remote machine is examplecom and your username on thatmachine is john type ssh johnexamplecom
The mount -o remount file-system command remounts the named filesystem For example to remount the home file system the command is mount -oremount home
To see the version of a currently installed package use the rpm -q packagecommand It will return a result as follows package-version-release
Note the words in bold italics above mdash username domainname file-system package version andrelease Each word is a placeholder either for text you enter when issuing a command or for textdisplayed by the system
Aside from standard usage for presenting the title of a work italics denotes the first use of a new andimportant term For example
Publican is a DocBook publishing system
12 Pull-quote ConventionsTerminal output and source code listings are set off visually from the surrounding text
Output sent to a terminal is set in mono-spaced roman and presented thus
books Desktop documentation drafts mss photos stuff svnbooks_tests Desktop1 downloads images notes scripts svgs
Source-code listings are also set in mono-spaced roman but add syntax highlighting as follows
package orgjbossbookjcaex1
import javaxnamingInitialContext
Notes and Warnings
vii
public class ExClient public static void main(String args[]) throws Exception InitialContext iniCtx = new InitialContext() Object ref = iniCtxlookup(EchoBean) EchoHome home = (EchoHome) ref Echo echo = homecreate()
Systemoutprintln(Created Echo)
Systemoutprintln(Echoecho(Hello) = + echoecho(Hello))
13 Notes and WarningsFinally we use three visual styles to draw attention to information that might otherwise be overlooked
Note
Notes are tips shortcuts or alternative approaches to the task at hand Ignoring a note shouldhave no negative consequences but you might miss out on a trick that makes your life easier
Important
Important boxes detail things that are easily missed configuration changes that only apply tothe current session or services that need restarting before an update will apply Ignoring a boxlabeled Important will not cause data loss but may cause irritation and frustration
Warning
Warnings should not be ignored Ignoring warnings will most likely cause data loss
2 Getting Help and Giving Feedback
21 Do You Need Help
If you experience difficulty with a procedure described in this documentation visit the Red HatCustomer Portal at httpaccessredhatcom Through the customer portal you can
bull search or browse through a knowledgebase of technical support articles about Red Hat products
bull submit a support case to Red Hat Global Support Services (GSS)
Preface
viii
bull access other product documentation
Red Hat also hosts a large number of electronic mailing lists for discussion of Red Hat software andtechnology You can find a list of publicly available mailing lists at httpswwwredhatcommailmanlistinfo Click on the name of any mailing list to subscribe to that list or to access the list archives
22 Give us Feedback
If you find a typographical error or know how this guide can be improved we would love to hear fromyou Submit a report in Bugzilla against the product JBoss Enterprise Application Platform5 and the component doc-Installation_Guide The following link will take you to a pre-filled bugreport for this product httpbugzillaredhatcom2
Fill out the following template in Bugzillas Description field Be as specific as possible whendescribing the issue this will help ensure that we can fix it quickly
Document URL
Section Number and Name
Describe the issue
Suggestions for improvement
Additional information
Be sure to give us your name so that you can receive full credit for reporting the issue
2 httpsbugzillaredhatcomenter_bugcgiproduct=JBoss20Enterprise20Application20Platform205ampcomponent=doc-Installation_Guideampversion=512ampshort_desc=Bug20in20Installation20Guide
Chapter 1
1
IntroductionJBoss Enterprise Application Platform is the open source implementation of the Java EE suite ofservices It comprises a set of offerings for enterprise customers who are looking for preconfiguredprofiles of JBoss Enterprise Middleware components that have been tested and certified togetherto provide an integrated experience Its easy-to-use server architecture and high flexibility makesJBoss the ideal choice for users just starting out with J2EE as well as senior architects looking for acustomizable middleware platform
Because it is Java-based JBoss Enterprise Application Platform is cross-platform easy to installand use on any operating system that supports Java The readily available source code is a powerfullearning tool to debug the server and understand it It also gives you the flexibility to create customizedversions for your personal or business use
Installing JBoss Enterprise Web Platform is simple and easy You can have it installed and running inno time This guide will teach you to install and uninstall JBoss
11 Other ManualsIf you are looking for detailed product information refer to the manuals available online at httpdocsredhatcom
2
Chapter 2
3
Migrating to Enterprise ApplicationPlatform 5This chapter provides information for administrators who plan to move their enterprise servers fromJBoss Enterprise Application Platform 42 or 43 to the new Enterprise Application Platform 5
The first section covers new features available in Enterprise Application Platform 5 The secondsection covers the changes to configuration administration and application deployment betweenEnterprise Application Platform 4x and Enterprise Application Platform 5
If you require further information refer to the relevant guides provided in this release
21 Whats New in Enterprise Application Platform 5This section provides an overview of the components of Enterprise Application Platform 5 and thechanges to each component between version 4x and 5
211 JBoss Application Server 5 GAJBoss Application Server 5 is the next generation of the JBoss Application Server built on top of a newkernel architecture the JBoss Microcontainer The JBoss Microcontainer is a lightweight containerfor managing the deployment configuration and lifecycle of Plain Old Java Objects (POJOs) Whileremaining compatible with the 4x-based JMX kernel the Microcontainer integrates with the JBossframework for Aspect Oriented Programming JBoss AOP JMX support remains strong in JBossAS 5 and MBean services written against the old Microkernel work as expected Further it lays thegroundwork for Java EE 6 profile-oriented configurations and embedded JBoss AS which will allow forfine grained selection of services for both unit testing and embedded scenarios
2111 ProfileService-based Deployment ConfigurationDefinitions for both non-kernel deployers and their deployment are now contained in a Profile obtainedfrom the ProfileService The ProfileService replaces JBoss AS 4x server configuration In JBossAS 4x a server configuration was a collection of services and applications loaded from the deploydirectory by the deployment scanner service Enterprise Application Platform 5 uses more activeprofiles which may depend on other sub-profiles
The main profile is the server profile which is based on the $jbossservername This profilehas three sub-profiles
bull bootstrap mdash representing confjboss-servicexml
bull deployers mdash the deployers directory
bull applications mdash a hot-deployment profile for the deploy and additional user directories
A profile generally represents a named collection of deployments on a server A profile can also applycertain behaviors to the deployments that it manages Some profiles such as the applicationprofile provide hot-deployment checks and allow remote distribution of deployed applications viathe DeploymentManager Other profiles can provide a farming service to distribute deploymentsover a cluster The ProfileService also provides the ManagementView for ManagedDeploymentsManagedObjects used by the Enterprise Application Admin Console (admin-console)
Chapter 2 Migrating to Enterprise Application Platform 5
4
212 Enterprise Java Beans (EJB) 30JBoss EJB 30 an implementation of the latest revision of the EJB specification is a deep overhauland simplification of earlier versions of the EJB specification It simplifies development facilitates atest driven approach and focuses more on writing POJOs rather than coding against complex EJBAPIs
213 Java Enterprise Edition 5 ComplianceJBoss Enterprise Application Platform 5 is a fully-certified Java EE 5 implementation It uses themicrocontainer to integrate enterprise services with a ServletJSP container EJB container deployersand management utilities providing a standard Java EE environment with the flexibility to deployadditional services on top of Java EE to give you the functionality you need For further compatibilitydetails read httpjavasuncomjavaeeoverviewcompatibilityjsp page
214 Seam 220GASeam is an application framework for Java Enterprise Edition It integrates technologies such asAsynchronous JavaScript and XML (AJAX) JavaServer Faces (JSF) Java Persistence (JPA)Enterprise JavaBeans 30 (EJB) and Business Process Management (BPM) Seam enablesdevelopers to assemble complex web applications using simple annotated Java classes a rich set ofUI components and very little XML
215 RESTEasy 11GARESTEasy provides several frameworks to help you build RESTful Web Services and RESTful Javaapplications It is a fully-certified portable implementation of the JAX-RS1 specification which definesa Java API for RESTful Web Services over the Hypertext Transfer Protocol (HTTP)
216 Enhanced Enterprise GUI InstallerThe Enterprise Installer retains the familiar Enterprise Application Platform 43 interface but includesenhancements to provide you with a complete Enterprise Application Platform 5 installation Theinstaller is localized and provides you with secure JMX Web and Admin Consoles
The new Enterprise Installer also presents users with the opportunity to install the optional Nativepackage which includes JBoss Native and mod_jk The Native package helps users who wish to useTomcat or JBoss Web with the HTTP daemon
217 Enterprise Application Platform Admin ConsoleA new Admin Console is being introduced in this Enterprise Application Platform release The admin-console enables configuration and management of a single Enterprise Application Platform serverinstance See Section 23 ldquoAdmin Consolerdquo for more information about this new managementconsole
218 JBoss Transactions includes Java Transaction ServiceJBoss Transactions now includes the Java Transaction Service and the XML Transaction ServiceThe Java Transaction Service handles distributed interoperable transactions between EnterpriseJavaBean containers The XML Transaction Service handles transactions for Web Services
1 httpjsr311devjavanet
Distribution with Red Hat Signed JARs
5
219 Distribution with Red Hat Signed JARsJAR files included with JBoss Enterprise Application Platform are digitally signed by Red Hat Thisgives you an additional level of security about the source and identity of the code executing on yoursystems
For the complete technology matrix and information on the revision level of included componentsplease refer to the Release Notes
22 Whats Different in Enterprise Application Platform 5The distribution layout and configuration information in the Enterprise Application Platform 5distribution are similar to the Enterprise Application Platform 4x series with some notable differencesThis section highlights the differences at a glance
221 Differences in the Distribution LayoutThe directory structure of jboss-as directory is summarized below
bull bin mdash contains start scripts and runjar
bull client mdash contains client JARs
Note
Previously JBoss client libraries were bundled in jbossall-clientjar Rather thanincluding them jbossall-clientjar now references them through a Classpath manifestentry This enables granular updating of libraries without requiring replacement of all librariesIt requires that you have the jbossall-clientjar which now acts as a map or index aswell as the actual clientjar libraries
bull commonlib mdash contains shared libraries common to various configurations have been movedto this new shared location This eliminates the need for multiple copies of the same library in thedistribution
The location of the common library directory is controlled with the following properties
bull jbosscommonbaseurl mdash the default value is $jbosshomeurlcommon
bull jbosscommonliburl mdash the default value is $jbosscommonbaseurllib
You can set these properties in runconf under JAVA_OPTS with the -D flag
JAVA_OPTS=[] -Djbosscommonbaseurl=$URL1 -Djbosscommonliburl=$URL2
The common library directory is shared by all configuration types except for the minimalconfiguration The common library is referenced at the beginning of every configurations confjboss-servicexml
ltclasspath codebase=$jbossserverliburl archives=gt
Chapter 2 Migrating to Enterprise Application Platform 5
6
The library directory of the individual directory remains in place although in some cases (as in$JBOSS_HOMEserverdefaultlib) it is an empty directory
bull docs mdash contains schemas document type declarations examples and licenses Most deploymentdescriptors now use XML Schema Definitions (XSDs) One exception is jboss-app which usesjboss-app_5_0dtd JBoss Web uses jboss-web_5_1xsd For Enterprise JavaBeans30 deployments jboss_5_1xsd is the recommended schema Enterprise JavaBeans 20deployments must use jboss_x_xdtd
bull lib mdash contains the core bootstrap JARs These have been changed slightly to accommodate theMicrocontainer and the division of jboss-common
bull server mdash contains directories for configuring the server
bull $PROFILE mdash contains the configuration details of a particular server profile
bull conf
bull bootstrapxml mdash a new kernel bootstrap configuration that refers to other configurationfiles containing the beans to set up each individual subsystem
bull bindingservicebeans
bull META-INF
bull bindings-jboss-beansxml mdash contains required port bindings
bull jboss-bindingservicejar
bull bootstrap
bull vfsxml mdash initializes the virtual file system
bull classloaderxml
bull aopxml
bull jmxxml mdash legacy JMX support
bull deployersxml
bull profile-repositoryxml mdash the ProfileService enabled deployment repository
bull jax-ws-catalogxml mdash an Oasis Catalog-driven SchemaDTD namespace configurationfile
bull jbossts-propertiesxml mdash contains new JBossTS properties
bull jboss-servicexml mdash contains legacy static managed beans to retain compatibility
bull jndiproperties mdash contains JNDI configuration properties
bull log4jxml mdash contains log4j configuration information
bull login-configxml mdash contains JAAS login configuration information
bull props mdash contains default JAAS login properties files
bull standardjbosscmp-jdbcxml mdash contains CMP2 configuration information
Differences in the Distribution Layout
7
bull standardjbossxml mdash contains Enterprise JavaBean 20 configuration information
bull xmdesc mdash contains legacy XML managed bean descriptors
bull deploy
bull jca-jboss-beansxml
bull hdscanner-jboss-beansxml mdash contains the hot-deployment scanner
bull legacy-invokers-servicexml
bull profileservice-jboss-beansxml
bull remoting-jboss-beansxml
bull transaction-jboss-beansxml
bull vfs-jboss-beansxml
bull deployers mdash contains new VDF deployers
bull bsh-deployer mdash contains the beanshell deployer
bull ejb3deployer mdash contains Enterprise JavaBean 30 deployers
bull jboss-aop-jboss5deployer mdash contains the aspect deployer
bull jboss-jcadeployer mdash contains the JCA deployers
bull jbosswebdeployer mdash contains the WAR deployers
bull jbosswsdeployer mdash contains the web service deployers
bull seamdeployer mdash contains the Seam deployer
bull clustering-deployers-jboss-beansxml
bull dependency-deployers-jboss-beansxml
bull directory-deployer-jboss-beansxml
bull ear-deployer-jboss-beansxml
bull ejb-deployer-jboss-beansxml
bull hibernate-deployer-jboss-beansxml
bull logbridge-boss-beansxml
bull jsr77-deployers-jboss-beansxml mdash contains JSR-77 (J2EE Management) support
bull metadata-deployer-jboss-beansxml mdash contains the metadata handlers
bull messaging-definitions-jboss-beansxml mdash contains data required to map JMSdestinations to managed objects
bull security-deployer-jboss-beansxml mdash contains the security deployers
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Installation Guide
iv
102 Solaris-specific notes 32103 Native Components Installation 32
11 Post Installation Configuration 35111 Post Installation Security Configuration 35
1111 Security Configuration JMX Console Admin Console HttpInvoker 351112 Securing the HTTPInvoker 361113 Security Configuration Web Console 361114 Security Configuration JBoss Messaging 37
112 Default Database 39113 Memory Settings for the Enterprise Application Platform 39114 Run the Enterprise Application Platform as a Service 41
1141 Run the Enterprise Application Platform as a Service on Microsoft Windows 411142 Run the Enterprise Application Platform as a Service on Red Hat EnterpriseLinux 42
12 Test your Installation 43
13 Remove JBoss Enterprise Application Platform 45
A Disabling Authentication 47
B The Red Hat Customer Portal 51
C Installing a Java Development Kit on Red Hat Enterprise Linux 53C1 OpenJDK on Red Hat Enterprise Linux 5 53C2 Sun Java Development Kit on Red Hat Enterprise Linux 5 53C3 Sun JDK on Red Hat Enterprise Linux ASES 4 54C4 Setting the default JDK with the usrsbinalternatives Utility 55
D Installing the Sun JDK on Microsoft Windows 57
E Installing Apache Ant 59
F Revision History 61
v
Preface
1 Document ConventionsThis manual uses several conventions to highlight certain words and phrases and draw attention tospecific pieces of information
In PDF and paper editions this manual uses typefaces drawn from the Liberation Fonts1 set TheLiberation Fonts set is also used in HTML editions if the set is installed on your system If notalternative but equivalent typefaces are displayed Note Red Hat Enterprise Linux 5 and later includesthe Liberation Fonts set by default
11 Typographic ConventionsFour typographic conventions are used to call attention to specific words and phrases Theseconventions and the circumstances they apply to are as follows
Mono-spaced Bold
Used to highlight system input including shell commands file names and paths Also used to highlightkeycaps and key combinations For example
To see the contents of the file my_next_bestselling_novel in your currentworking directory enter the cat my_next_bestselling_novel command at theshell prompt and press Enter to execute the command
The above includes a file name a shell command and a keycap all presented in mono-spaced boldand all distinguishable thanks to context
Key combinations can be distinguished from keycaps by the hyphen connecting each part of a keycombination For example
Press Enter to execute the command
Press Ctrl+Alt+F2 to switch to the first virtual terminal Press Ctrl+Alt+F1 toreturn to your X-Windows session
The first paragraph highlights the particular keycap to press The second highlights two keycombinations (each a set of three keycaps with each set pressed simultaneously)
If source code is discussed class names methods functions variable names and returned valuesmentioned within a paragraph will be presented as above in mono-spaced bold For example
File-related classes include filesystem for file systems file for files and dir fordirectories Each class has its own associated set of permissions
Proportional Bold
This denotes words or phrases encountered on a system including application names dialog box textlabeled buttons check-box and radio button labels menu titles and sub-menu titles For example
Choose System rarr Preferences rarr Mouse from the main menu bar to launch MousePreferences In the Buttons tab click the Left-handed mouse check box and click
1 httpsfedorahostedorgliberation-fonts
Preface
vi
Close to switch the primary mouse button from the left to the right (making the mousesuitable for use in the left hand)
To insert a special character into a gedit file choose Applications rarr Accessoriesrarr Character Map from the main menu bar Next choose Search rarr Findhellip from theCharacter Map menu bar type the name of the character in the Search field and clickNext The character you sought will be highlighted in the Character Table Double-click this highlighted character to place it in the Text to copy field and then click the
Copy button Now switch back to your document and choose Edit rarr Paste from thegedit menu bar
The above text includes application names system-wide menu names and items application-specificmenu names and buttons and text found within a GUI interface all presented in proportional bold andall distinguishable by context
Mono-spaced Bold Italic or Proportional Bold Italic
Whether mono-spaced bold or proportional bold the addition of italics indicates replaceable orvariable text Italics denotes text you do not input literally or displayed text that changes depending oncircumstance For example
To connect to a remote machine using ssh type ssh usernamedomainname ata shell prompt If the remote machine is examplecom and your username on thatmachine is john type ssh johnexamplecom
The mount -o remount file-system command remounts the named filesystem For example to remount the home file system the command is mount -oremount home
To see the version of a currently installed package use the rpm -q packagecommand It will return a result as follows package-version-release
Note the words in bold italics above mdash username domainname file-system package version andrelease Each word is a placeholder either for text you enter when issuing a command or for textdisplayed by the system
Aside from standard usage for presenting the title of a work italics denotes the first use of a new andimportant term For example
Publican is a DocBook publishing system
12 Pull-quote ConventionsTerminal output and source code listings are set off visually from the surrounding text
Output sent to a terminal is set in mono-spaced roman and presented thus
books Desktop documentation drafts mss photos stuff svnbooks_tests Desktop1 downloads images notes scripts svgs
Source-code listings are also set in mono-spaced roman but add syntax highlighting as follows
package orgjbossbookjcaex1
import javaxnamingInitialContext
Notes and Warnings
vii
public class ExClient public static void main(String args[]) throws Exception InitialContext iniCtx = new InitialContext() Object ref = iniCtxlookup(EchoBean) EchoHome home = (EchoHome) ref Echo echo = homecreate()
Systemoutprintln(Created Echo)
Systemoutprintln(Echoecho(Hello) = + echoecho(Hello))
13 Notes and WarningsFinally we use three visual styles to draw attention to information that might otherwise be overlooked
Note
Notes are tips shortcuts or alternative approaches to the task at hand Ignoring a note shouldhave no negative consequences but you might miss out on a trick that makes your life easier
Important
Important boxes detail things that are easily missed configuration changes that only apply tothe current session or services that need restarting before an update will apply Ignoring a boxlabeled Important will not cause data loss but may cause irritation and frustration
Warning
Warnings should not be ignored Ignoring warnings will most likely cause data loss
2 Getting Help and Giving Feedback
21 Do You Need Help
If you experience difficulty with a procedure described in this documentation visit the Red HatCustomer Portal at httpaccessredhatcom Through the customer portal you can
bull search or browse through a knowledgebase of technical support articles about Red Hat products
bull submit a support case to Red Hat Global Support Services (GSS)
Preface
viii
bull access other product documentation
Red Hat also hosts a large number of electronic mailing lists for discussion of Red Hat software andtechnology You can find a list of publicly available mailing lists at httpswwwredhatcommailmanlistinfo Click on the name of any mailing list to subscribe to that list or to access the list archives
22 Give us Feedback
If you find a typographical error or know how this guide can be improved we would love to hear fromyou Submit a report in Bugzilla against the product JBoss Enterprise Application Platform5 and the component doc-Installation_Guide The following link will take you to a pre-filled bugreport for this product httpbugzillaredhatcom2
Fill out the following template in Bugzillas Description field Be as specific as possible whendescribing the issue this will help ensure that we can fix it quickly
Document URL
Section Number and Name
Describe the issue
Suggestions for improvement
Additional information
Be sure to give us your name so that you can receive full credit for reporting the issue
2 httpsbugzillaredhatcomenter_bugcgiproduct=JBoss20Enterprise20Application20Platform205ampcomponent=doc-Installation_Guideampversion=512ampshort_desc=Bug20in20Installation20Guide
Chapter 1
1
IntroductionJBoss Enterprise Application Platform is the open source implementation of the Java EE suite ofservices It comprises a set of offerings for enterprise customers who are looking for preconfiguredprofiles of JBoss Enterprise Middleware components that have been tested and certified togetherto provide an integrated experience Its easy-to-use server architecture and high flexibility makesJBoss the ideal choice for users just starting out with J2EE as well as senior architects looking for acustomizable middleware platform
Because it is Java-based JBoss Enterprise Application Platform is cross-platform easy to installand use on any operating system that supports Java The readily available source code is a powerfullearning tool to debug the server and understand it It also gives you the flexibility to create customizedversions for your personal or business use
Installing JBoss Enterprise Web Platform is simple and easy You can have it installed and running inno time This guide will teach you to install and uninstall JBoss
11 Other ManualsIf you are looking for detailed product information refer to the manuals available online at httpdocsredhatcom
2
Chapter 2
3
Migrating to Enterprise ApplicationPlatform 5This chapter provides information for administrators who plan to move their enterprise servers fromJBoss Enterprise Application Platform 42 or 43 to the new Enterprise Application Platform 5
The first section covers new features available in Enterprise Application Platform 5 The secondsection covers the changes to configuration administration and application deployment betweenEnterprise Application Platform 4x and Enterprise Application Platform 5
If you require further information refer to the relevant guides provided in this release
21 Whats New in Enterprise Application Platform 5This section provides an overview of the components of Enterprise Application Platform 5 and thechanges to each component between version 4x and 5
211 JBoss Application Server 5 GAJBoss Application Server 5 is the next generation of the JBoss Application Server built on top of a newkernel architecture the JBoss Microcontainer The JBoss Microcontainer is a lightweight containerfor managing the deployment configuration and lifecycle of Plain Old Java Objects (POJOs) Whileremaining compatible with the 4x-based JMX kernel the Microcontainer integrates with the JBossframework for Aspect Oriented Programming JBoss AOP JMX support remains strong in JBossAS 5 and MBean services written against the old Microkernel work as expected Further it lays thegroundwork for Java EE 6 profile-oriented configurations and embedded JBoss AS which will allow forfine grained selection of services for both unit testing and embedded scenarios
2111 ProfileService-based Deployment ConfigurationDefinitions for both non-kernel deployers and their deployment are now contained in a Profile obtainedfrom the ProfileService The ProfileService replaces JBoss AS 4x server configuration In JBossAS 4x a server configuration was a collection of services and applications loaded from the deploydirectory by the deployment scanner service Enterprise Application Platform 5 uses more activeprofiles which may depend on other sub-profiles
The main profile is the server profile which is based on the $jbossservername This profilehas three sub-profiles
bull bootstrap mdash representing confjboss-servicexml
bull deployers mdash the deployers directory
bull applications mdash a hot-deployment profile for the deploy and additional user directories
A profile generally represents a named collection of deployments on a server A profile can also applycertain behaviors to the deployments that it manages Some profiles such as the applicationprofile provide hot-deployment checks and allow remote distribution of deployed applications viathe DeploymentManager Other profiles can provide a farming service to distribute deploymentsover a cluster The ProfileService also provides the ManagementView for ManagedDeploymentsManagedObjects used by the Enterprise Application Admin Console (admin-console)
Chapter 2 Migrating to Enterprise Application Platform 5
4
212 Enterprise Java Beans (EJB) 30JBoss EJB 30 an implementation of the latest revision of the EJB specification is a deep overhauland simplification of earlier versions of the EJB specification It simplifies development facilitates atest driven approach and focuses more on writing POJOs rather than coding against complex EJBAPIs
213 Java Enterprise Edition 5 ComplianceJBoss Enterprise Application Platform 5 is a fully-certified Java EE 5 implementation It uses themicrocontainer to integrate enterprise services with a ServletJSP container EJB container deployersand management utilities providing a standard Java EE environment with the flexibility to deployadditional services on top of Java EE to give you the functionality you need For further compatibilitydetails read httpjavasuncomjavaeeoverviewcompatibilityjsp page
214 Seam 220GASeam is an application framework for Java Enterprise Edition It integrates technologies such asAsynchronous JavaScript and XML (AJAX) JavaServer Faces (JSF) Java Persistence (JPA)Enterprise JavaBeans 30 (EJB) and Business Process Management (BPM) Seam enablesdevelopers to assemble complex web applications using simple annotated Java classes a rich set ofUI components and very little XML
215 RESTEasy 11GARESTEasy provides several frameworks to help you build RESTful Web Services and RESTful Javaapplications It is a fully-certified portable implementation of the JAX-RS1 specification which definesa Java API for RESTful Web Services over the Hypertext Transfer Protocol (HTTP)
216 Enhanced Enterprise GUI InstallerThe Enterprise Installer retains the familiar Enterprise Application Platform 43 interface but includesenhancements to provide you with a complete Enterprise Application Platform 5 installation Theinstaller is localized and provides you with secure JMX Web and Admin Consoles
The new Enterprise Installer also presents users with the opportunity to install the optional Nativepackage which includes JBoss Native and mod_jk The Native package helps users who wish to useTomcat or JBoss Web with the HTTP daemon
217 Enterprise Application Platform Admin ConsoleA new Admin Console is being introduced in this Enterprise Application Platform release The admin-console enables configuration and management of a single Enterprise Application Platform serverinstance See Section 23 ldquoAdmin Consolerdquo for more information about this new managementconsole
218 JBoss Transactions includes Java Transaction ServiceJBoss Transactions now includes the Java Transaction Service and the XML Transaction ServiceThe Java Transaction Service handles distributed interoperable transactions between EnterpriseJavaBean containers The XML Transaction Service handles transactions for Web Services
1 httpjsr311devjavanet
Distribution with Red Hat Signed JARs
5
219 Distribution with Red Hat Signed JARsJAR files included with JBoss Enterprise Application Platform are digitally signed by Red Hat Thisgives you an additional level of security about the source and identity of the code executing on yoursystems
For the complete technology matrix and information on the revision level of included componentsplease refer to the Release Notes
22 Whats Different in Enterprise Application Platform 5The distribution layout and configuration information in the Enterprise Application Platform 5distribution are similar to the Enterprise Application Platform 4x series with some notable differencesThis section highlights the differences at a glance
221 Differences in the Distribution LayoutThe directory structure of jboss-as directory is summarized below
bull bin mdash contains start scripts and runjar
bull client mdash contains client JARs
Note
Previously JBoss client libraries were bundled in jbossall-clientjar Rather thanincluding them jbossall-clientjar now references them through a Classpath manifestentry This enables granular updating of libraries without requiring replacement of all librariesIt requires that you have the jbossall-clientjar which now acts as a map or index aswell as the actual clientjar libraries
bull commonlib mdash contains shared libraries common to various configurations have been movedto this new shared location This eliminates the need for multiple copies of the same library in thedistribution
The location of the common library directory is controlled with the following properties
bull jbosscommonbaseurl mdash the default value is $jbosshomeurlcommon
bull jbosscommonliburl mdash the default value is $jbosscommonbaseurllib
You can set these properties in runconf under JAVA_OPTS with the -D flag
JAVA_OPTS=[] -Djbosscommonbaseurl=$URL1 -Djbosscommonliburl=$URL2
The common library directory is shared by all configuration types except for the minimalconfiguration The common library is referenced at the beginning of every configurations confjboss-servicexml
ltclasspath codebase=$jbossserverliburl archives=gt
Chapter 2 Migrating to Enterprise Application Platform 5
6
The library directory of the individual directory remains in place although in some cases (as in$JBOSS_HOMEserverdefaultlib) it is an empty directory
bull docs mdash contains schemas document type declarations examples and licenses Most deploymentdescriptors now use XML Schema Definitions (XSDs) One exception is jboss-app which usesjboss-app_5_0dtd JBoss Web uses jboss-web_5_1xsd For Enterprise JavaBeans30 deployments jboss_5_1xsd is the recommended schema Enterprise JavaBeans 20deployments must use jboss_x_xdtd
bull lib mdash contains the core bootstrap JARs These have been changed slightly to accommodate theMicrocontainer and the division of jboss-common
bull server mdash contains directories for configuring the server
bull $PROFILE mdash contains the configuration details of a particular server profile
bull conf
bull bootstrapxml mdash a new kernel bootstrap configuration that refers to other configurationfiles containing the beans to set up each individual subsystem
bull bindingservicebeans
bull META-INF
bull bindings-jboss-beansxml mdash contains required port bindings
bull jboss-bindingservicejar
bull bootstrap
bull vfsxml mdash initializes the virtual file system
bull classloaderxml
bull aopxml
bull jmxxml mdash legacy JMX support
bull deployersxml
bull profile-repositoryxml mdash the ProfileService enabled deployment repository
bull jax-ws-catalogxml mdash an Oasis Catalog-driven SchemaDTD namespace configurationfile
bull jbossts-propertiesxml mdash contains new JBossTS properties
bull jboss-servicexml mdash contains legacy static managed beans to retain compatibility
bull jndiproperties mdash contains JNDI configuration properties
bull log4jxml mdash contains log4j configuration information
bull login-configxml mdash contains JAAS login configuration information
bull props mdash contains default JAAS login properties files
bull standardjbosscmp-jdbcxml mdash contains CMP2 configuration information
Differences in the Distribution Layout
7
bull standardjbossxml mdash contains Enterprise JavaBean 20 configuration information
bull xmdesc mdash contains legacy XML managed bean descriptors
bull deploy
bull jca-jboss-beansxml
bull hdscanner-jboss-beansxml mdash contains the hot-deployment scanner
bull legacy-invokers-servicexml
bull profileservice-jboss-beansxml
bull remoting-jboss-beansxml
bull transaction-jboss-beansxml
bull vfs-jboss-beansxml
bull deployers mdash contains new VDF deployers
bull bsh-deployer mdash contains the beanshell deployer
bull ejb3deployer mdash contains Enterprise JavaBean 30 deployers
bull jboss-aop-jboss5deployer mdash contains the aspect deployer
bull jboss-jcadeployer mdash contains the JCA deployers
bull jbosswebdeployer mdash contains the WAR deployers
bull jbosswsdeployer mdash contains the web service deployers
bull seamdeployer mdash contains the Seam deployer
bull clustering-deployers-jboss-beansxml
bull dependency-deployers-jboss-beansxml
bull directory-deployer-jboss-beansxml
bull ear-deployer-jboss-beansxml
bull ejb-deployer-jboss-beansxml
bull hibernate-deployer-jboss-beansxml
bull logbridge-boss-beansxml
bull jsr77-deployers-jboss-beansxml mdash contains JSR-77 (J2EE Management) support
bull metadata-deployer-jboss-beansxml mdash contains the metadata handlers
bull messaging-definitions-jboss-beansxml mdash contains data required to map JMSdestinations to managed objects
bull security-deployer-jboss-beansxml mdash contains the security deployers
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
v
Preface
1 Document ConventionsThis manual uses several conventions to highlight certain words and phrases and draw attention tospecific pieces of information
In PDF and paper editions this manual uses typefaces drawn from the Liberation Fonts1 set TheLiberation Fonts set is also used in HTML editions if the set is installed on your system If notalternative but equivalent typefaces are displayed Note Red Hat Enterprise Linux 5 and later includesthe Liberation Fonts set by default
11 Typographic ConventionsFour typographic conventions are used to call attention to specific words and phrases Theseconventions and the circumstances they apply to are as follows
Mono-spaced Bold
Used to highlight system input including shell commands file names and paths Also used to highlightkeycaps and key combinations For example
To see the contents of the file my_next_bestselling_novel in your currentworking directory enter the cat my_next_bestselling_novel command at theshell prompt and press Enter to execute the command
The above includes a file name a shell command and a keycap all presented in mono-spaced boldand all distinguishable thanks to context
Key combinations can be distinguished from keycaps by the hyphen connecting each part of a keycombination For example
Press Enter to execute the command
Press Ctrl+Alt+F2 to switch to the first virtual terminal Press Ctrl+Alt+F1 toreturn to your X-Windows session
The first paragraph highlights the particular keycap to press The second highlights two keycombinations (each a set of three keycaps with each set pressed simultaneously)
If source code is discussed class names methods functions variable names and returned valuesmentioned within a paragraph will be presented as above in mono-spaced bold For example
File-related classes include filesystem for file systems file for files and dir fordirectories Each class has its own associated set of permissions
Proportional Bold
This denotes words or phrases encountered on a system including application names dialog box textlabeled buttons check-box and radio button labels menu titles and sub-menu titles For example
Choose System rarr Preferences rarr Mouse from the main menu bar to launch MousePreferences In the Buttons tab click the Left-handed mouse check box and click
1 httpsfedorahostedorgliberation-fonts
Preface
vi
Close to switch the primary mouse button from the left to the right (making the mousesuitable for use in the left hand)
To insert a special character into a gedit file choose Applications rarr Accessoriesrarr Character Map from the main menu bar Next choose Search rarr Findhellip from theCharacter Map menu bar type the name of the character in the Search field and clickNext The character you sought will be highlighted in the Character Table Double-click this highlighted character to place it in the Text to copy field and then click the
Copy button Now switch back to your document and choose Edit rarr Paste from thegedit menu bar
The above text includes application names system-wide menu names and items application-specificmenu names and buttons and text found within a GUI interface all presented in proportional bold andall distinguishable by context
Mono-spaced Bold Italic or Proportional Bold Italic
Whether mono-spaced bold or proportional bold the addition of italics indicates replaceable orvariable text Italics denotes text you do not input literally or displayed text that changes depending oncircumstance For example
To connect to a remote machine using ssh type ssh usernamedomainname ata shell prompt If the remote machine is examplecom and your username on thatmachine is john type ssh johnexamplecom
The mount -o remount file-system command remounts the named filesystem For example to remount the home file system the command is mount -oremount home
To see the version of a currently installed package use the rpm -q packagecommand It will return a result as follows package-version-release
Note the words in bold italics above mdash username domainname file-system package version andrelease Each word is a placeholder either for text you enter when issuing a command or for textdisplayed by the system
Aside from standard usage for presenting the title of a work italics denotes the first use of a new andimportant term For example
Publican is a DocBook publishing system
12 Pull-quote ConventionsTerminal output and source code listings are set off visually from the surrounding text
Output sent to a terminal is set in mono-spaced roman and presented thus
books Desktop documentation drafts mss photos stuff svnbooks_tests Desktop1 downloads images notes scripts svgs
Source-code listings are also set in mono-spaced roman but add syntax highlighting as follows
package orgjbossbookjcaex1
import javaxnamingInitialContext
Notes and Warnings
vii
public class ExClient public static void main(String args[]) throws Exception InitialContext iniCtx = new InitialContext() Object ref = iniCtxlookup(EchoBean) EchoHome home = (EchoHome) ref Echo echo = homecreate()
Systemoutprintln(Created Echo)
Systemoutprintln(Echoecho(Hello) = + echoecho(Hello))
13 Notes and WarningsFinally we use three visual styles to draw attention to information that might otherwise be overlooked
Note
Notes are tips shortcuts or alternative approaches to the task at hand Ignoring a note shouldhave no negative consequences but you might miss out on a trick that makes your life easier
Important
Important boxes detail things that are easily missed configuration changes that only apply tothe current session or services that need restarting before an update will apply Ignoring a boxlabeled Important will not cause data loss but may cause irritation and frustration
Warning
Warnings should not be ignored Ignoring warnings will most likely cause data loss
2 Getting Help and Giving Feedback
21 Do You Need Help
If you experience difficulty with a procedure described in this documentation visit the Red HatCustomer Portal at httpaccessredhatcom Through the customer portal you can
bull search or browse through a knowledgebase of technical support articles about Red Hat products
bull submit a support case to Red Hat Global Support Services (GSS)
Preface
viii
bull access other product documentation
Red Hat also hosts a large number of electronic mailing lists for discussion of Red Hat software andtechnology You can find a list of publicly available mailing lists at httpswwwredhatcommailmanlistinfo Click on the name of any mailing list to subscribe to that list or to access the list archives
22 Give us Feedback
If you find a typographical error or know how this guide can be improved we would love to hear fromyou Submit a report in Bugzilla against the product JBoss Enterprise Application Platform5 and the component doc-Installation_Guide The following link will take you to a pre-filled bugreport for this product httpbugzillaredhatcom2
Fill out the following template in Bugzillas Description field Be as specific as possible whendescribing the issue this will help ensure that we can fix it quickly
Document URL
Section Number and Name
Describe the issue
Suggestions for improvement
Additional information
Be sure to give us your name so that you can receive full credit for reporting the issue
2 httpsbugzillaredhatcomenter_bugcgiproduct=JBoss20Enterprise20Application20Platform205ampcomponent=doc-Installation_Guideampversion=512ampshort_desc=Bug20in20Installation20Guide
Chapter 1
1
IntroductionJBoss Enterprise Application Platform is the open source implementation of the Java EE suite ofservices It comprises a set of offerings for enterprise customers who are looking for preconfiguredprofiles of JBoss Enterprise Middleware components that have been tested and certified togetherto provide an integrated experience Its easy-to-use server architecture and high flexibility makesJBoss the ideal choice for users just starting out with J2EE as well as senior architects looking for acustomizable middleware platform
Because it is Java-based JBoss Enterprise Application Platform is cross-platform easy to installand use on any operating system that supports Java The readily available source code is a powerfullearning tool to debug the server and understand it It also gives you the flexibility to create customizedversions for your personal or business use
Installing JBoss Enterprise Web Platform is simple and easy You can have it installed and running inno time This guide will teach you to install and uninstall JBoss
11 Other ManualsIf you are looking for detailed product information refer to the manuals available online at httpdocsredhatcom
2
Chapter 2
3
Migrating to Enterprise ApplicationPlatform 5This chapter provides information for administrators who plan to move their enterprise servers fromJBoss Enterprise Application Platform 42 or 43 to the new Enterprise Application Platform 5
The first section covers new features available in Enterprise Application Platform 5 The secondsection covers the changes to configuration administration and application deployment betweenEnterprise Application Platform 4x and Enterprise Application Platform 5
If you require further information refer to the relevant guides provided in this release
21 Whats New in Enterprise Application Platform 5This section provides an overview of the components of Enterprise Application Platform 5 and thechanges to each component between version 4x and 5
211 JBoss Application Server 5 GAJBoss Application Server 5 is the next generation of the JBoss Application Server built on top of a newkernel architecture the JBoss Microcontainer The JBoss Microcontainer is a lightweight containerfor managing the deployment configuration and lifecycle of Plain Old Java Objects (POJOs) Whileremaining compatible with the 4x-based JMX kernel the Microcontainer integrates with the JBossframework for Aspect Oriented Programming JBoss AOP JMX support remains strong in JBossAS 5 and MBean services written against the old Microkernel work as expected Further it lays thegroundwork for Java EE 6 profile-oriented configurations and embedded JBoss AS which will allow forfine grained selection of services for both unit testing and embedded scenarios
2111 ProfileService-based Deployment ConfigurationDefinitions for both non-kernel deployers and their deployment are now contained in a Profile obtainedfrom the ProfileService The ProfileService replaces JBoss AS 4x server configuration In JBossAS 4x a server configuration was a collection of services and applications loaded from the deploydirectory by the deployment scanner service Enterprise Application Platform 5 uses more activeprofiles which may depend on other sub-profiles
The main profile is the server profile which is based on the $jbossservername This profilehas three sub-profiles
bull bootstrap mdash representing confjboss-servicexml
bull deployers mdash the deployers directory
bull applications mdash a hot-deployment profile for the deploy and additional user directories
A profile generally represents a named collection of deployments on a server A profile can also applycertain behaviors to the deployments that it manages Some profiles such as the applicationprofile provide hot-deployment checks and allow remote distribution of deployed applications viathe DeploymentManager Other profiles can provide a farming service to distribute deploymentsover a cluster The ProfileService also provides the ManagementView for ManagedDeploymentsManagedObjects used by the Enterprise Application Admin Console (admin-console)
Chapter 2 Migrating to Enterprise Application Platform 5
4
212 Enterprise Java Beans (EJB) 30JBoss EJB 30 an implementation of the latest revision of the EJB specification is a deep overhauland simplification of earlier versions of the EJB specification It simplifies development facilitates atest driven approach and focuses more on writing POJOs rather than coding against complex EJBAPIs
213 Java Enterprise Edition 5 ComplianceJBoss Enterprise Application Platform 5 is a fully-certified Java EE 5 implementation It uses themicrocontainer to integrate enterprise services with a ServletJSP container EJB container deployersand management utilities providing a standard Java EE environment with the flexibility to deployadditional services on top of Java EE to give you the functionality you need For further compatibilitydetails read httpjavasuncomjavaeeoverviewcompatibilityjsp page
214 Seam 220GASeam is an application framework for Java Enterprise Edition It integrates technologies such asAsynchronous JavaScript and XML (AJAX) JavaServer Faces (JSF) Java Persistence (JPA)Enterprise JavaBeans 30 (EJB) and Business Process Management (BPM) Seam enablesdevelopers to assemble complex web applications using simple annotated Java classes a rich set ofUI components and very little XML
215 RESTEasy 11GARESTEasy provides several frameworks to help you build RESTful Web Services and RESTful Javaapplications It is a fully-certified portable implementation of the JAX-RS1 specification which definesa Java API for RESTful Web Services over the Hypertext Transfer Protocol (HTTP)
216 Enhanced Enterprise GUI InstallerThe Enterprise Installer retains the familiar Enterprise Application Platform 43 interface but includesenhancements to provide you with a complete Enterprise Application Platform 5 installation Theinstaller is localized and provides you with secure JMX Web and Admin Consoles
The new Enterprise Installer also presents users with the opportunity to install the optional Nativepackage which includes JBoss Native and mod_jk The Native package helps users who wish to useTomcat or JBoss Web with the HTTP daemon
217 Enterprise Application Platform Admin ConsoleA new Admin Console is being introduced in this Enterprise Application Platform release The admin-console enables configuration and management of a single Enterprise Application Platform serverinstance See Section 23 ldquoAdmin Consolerdquo for more information about this new managementconsole
218 JBoss Transactions includes Java Transaction ServiceJBoss Transactions now includes the Java Transaction Service and the XML Transaction ServiceThe Java Transaction Service handles distributed interoperable transactions between EnterpriseJavaBean containers The XML Transaction Service handles transactions for Web Services
1 httpjsr311devjavanet
Distribution with Red Hat Signed JARs
5
219 Distribution with Red Hat Signed JARsJAR files included with JBoss Enterprise Application Platform are digitally signed by Red Hat Thisgives you an additional level of security about the source and identity of the code executing on yoursystems
For the complete technology matrix and information on the revision level of included componentsplease refer to the Release Notes
22 Whats Different in Enterprise Application Platform 5The distribution layout and configuration information in the Enterprise Application Platform 5distribution are similar to the Enterprise Application Platform 4x series with some notable differencesThis section highlights the differences at a glance
221 Differences in the Distribution LayoutThe directory structure of jboss-as directory is summarized below
bull bin mdash contains start scripts and runjar
bull client mdash contains client JARs
Note
Previously JBoss client libraries were bundled in jbossall-clientjar Rather thanincluding them jbossall-clientjar now references them through a Classpath manifestentry This enables granular updating of libraries without requiring replacement of all librariesIt requires that you have the jbossall-clientjar which now acts as a map or index aswell as the actual clientjar libraries
bull commonlib mdash contains shared libraries common to various configurations have been movedto this new shared location This eliminates the need for multiple copies of the same library in thedistribution
The location of the common library directory is controlled with the following properties
bull jbosscommonbaseurl mdash the default value is $jbosshomeurlcommon
bull jbosscommonliburl mdash the default value is $jbosscommonbaseurllib
You can set these properties in runconf under JAVA_OPTS with the -D flag
JAVA_OPTS=[] -Djbosscommonbaseurl=$URL1 -Djbosscommonliburl=$URL2
The common library directory is shared by all configuration types except for the minimalconfiguration The common library is referenced at the beginning of every configurations confjboss-servicexml
ltclasspath codebase=$jbossserverliburl archives=gt
Chapter 2 Migrating to Enterprise Application Platform 5
6
The library directory of the individual directory remains in place although in some cases (as in$JBOSS_HOMEserverdefaultlib) it is an empty directory
bull docs mdash contains schemas document type declarations examples and licenses Most deploymentdescriptors now use XML Schema Definitions (XSDs) One exception is jboss-app which usesjboss-app_5_0dtd JBoss Web uses jboss-web_5_1xsd For Enterprise JavaBeans30 deployments jboss_5_1xsd is the recommended schema Enterprise JavaBeans 20deployments must use jboss_x_xdtd
bull lib mdash contains the core bootstrap JARs These have been changed slightly to accommodate theMicrocontainer and the division of jboss-common
bull server mdash contains directories for configuring the server
bull $PROFILE mdash contains the configuration details of a particular server profile
bull conf
bull bootstrapxml mdash a new kernel bootstrap configuration that refers to other configurationfiles containing the beans to set up each individual subsystem
bull bindingservicebeans
bull META-INF
bull bindings-jboss-beansxml mdash contains required port bindings
bull jboss-bindingservicejar
bull bootstrap
bull vfsxml mdash initializes the virtual file system
bull classloaderxml
bull aopxml
bull jmxxml mdash legacy JMX support
bull deployersxml
bull profile-repositoryxml mdash the ProfileService enabled deployment repository
bull jax-ws-catalogxml mdash an Oasis Catalog-driven SchemaDTD namespace configurationfile
bull jbossts-propertiesxml mdash contains new JBossTS properties
bull jboss-servicexml mdash contains legacy static managed beans to retain compatibility
bull jndiproperties mdash contains JNDI configuration properties
bull log4jxml mdash contains log4j configuration information
bull login-configxml mdash contains JAAS login configuration information
bull props mdash contains default JAAS login properties files
bull standardjbosscmp-jdbcxml mdash contains CMP2 configuration information
Differences in the Distribution Layout
7
bull standardjbossxml mdash contains Enterprise JavaBean 20 configuration information
bull xmdesc mdash contains legacy XML managed bean descriptors
bull deploy
bull jca-jboss-beansxml
bull hdscanner-jboss-beansxml mdash contains the hot-deployment scanner
bull legacy-invokers-servicexml
bull profileservice-jboss-beansxml
bull remoting-jboss-beansxml
bull transaction-jboss-beansxml
bull vfs-jboss-beansxml
bull deployers mdash contains new VDF deployers
bull bsh-deployer mdash contains the beanshell deployer
bull ejb3deployer mdash contains Enterprise JavaBean 30 deployers
bull jboss-aop-jboss5deployer mdash contains the aspect deployer
bull jboss-jcadeployer mdash contains the JCA deployers
bull jbosswebdeployer mdash contains the WAR deployers
bull jbosswsdeployer mdash contains the web service deployers
bull seamdeployer mdash contains the Seam deployer
bull clustering-deployers-jboss-beansxml
bull dependency-deployers-jboss-beansxml
bull directory-deployer-jboss-beansxml
bull ear-deployer-jboss-beansxml
bull ejb-deployer-jboss-beansxml
bull hibernate-deployer-jboss-beansxml
bull logbridge-boss-beansxml
bull jsr77-deployers-jboss-beansxml mdash contains JSR-77 (J2EE Management) support
bull metadata-deployer-jboss-beansxml mdash contains the metadata handlers
bull messaging-definitions-jboss-beansxml mdash contains data required to map JMSdestinations to managed objects
bull security-deployer-jboss-beansxml mdash contains the security deployers
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Preface
vi
Close to switch the primary mouse button from the left to the right (making the mousesuitable for use in the left hand)
To insert a special character into a gedit file choose Applications rarr Accessoriesrarr Character Map from the main menu bar Next choose Search rarr Findhellip from theCharacter Map menu bar type the name of the character in the Search field and clickNext The character you sought will be highlighted in the Character Table Double-click this highlighted character to place it in the Text to copy field and then click the
Copy button Now switch back to your document and choose Edit rarr Paste from thegedit menu bar
The above text includes application names system-wide menu names and items application-specificmenu names and buttons and text found within a GUI interface all presented in proportional bold andall distinguishable by context
Mono-spaced Bold Italic or Proportional Bold Italic
Whether mono-spaced bold or proportional bold the addition of italics indicates replaceable orvariable text Italics denotes text you do not input literally or displayed text that changes depending oncircumstance For example
To connect to a remote machine using ssh type ssh usernamedomainname ata shell prompt If the remote machine is examplecom and your username on thatmachine is john type ssh johnexamplecom
The mount -o remount file-system command remounts the named filesystem For example to remount the home file system the command is mount -oremount home
To see the version of a currently installed package use the rpm -q packagecommand It will return a result as follows package-version-release
Note the words in bold italics above mdash username domainname file-system package version andrelease Each word is a placeholder either for text you enter when issuing a command or for textdisplayed by the system
Aside from standard usage for presenting the title of a work italics denotes the first use of a new andimportant term For example
Publican is a DocBook publishing system
12 Pull-quote ConventionsTerminal output and source code listings are set off visually from the surrounding text
Output sent to a terminal is set in mono-spaced roman and presented thus
books Desktop documentation drafts mss photos stuff svnbooks_tests Desktop1 downloads images notes scripts svgs
Source-code listings are also set in mono-spaced roman but add syntax highlighting as follows
package orgjbossbookjcaex1
import javaxnamingInitialContext
Notes and Warnings
vii
public class ExClient public static void main(String args[]) throws Exception InitialContext iniCtx = new InitialContext() Object ref = iniCtxlookup(EchoBean) EchoHome home = (EchoHome) ref Echo echo = homecreate()
Systemoutprintln(Created Echo)
Systemoutprintln(Echoecho(Hello) = + echoecho(Hello))
13 Notes and WarningsFinally we use three visual styles to draw attention to information that might otherwise be overlooked
Note
Notes are tips shortcuts or alternative approaches to the task at hand Ignoring a note shouldhave no negative consequences but you might miss out on a trick that makes your life easier
Important
Important boxes detail things that are easily missed configuration changes that only apply tothe current session or services that need restarting before an update will apply Ignoring a boxlabeled Important will not cause data loss but may cause irritation and frustration
Warning
Warnings should not be ignored Ignoring warnings will most likely cause data loss
2 Getting Help and Giving Feedback
21 Do You Need Help
If you experience difficulty with a procedure described in this documentation visit the Red HatCustomer Portal at httpaccessredhatcom Through the customer portal you can
bull search or browse through a knowledgebase of technical support articles about Red Hat products
bull submit a support case to Red Hat Global Support Services (GSS)
Preface
viii
bull access other product documentation
Red Hat also hosts a large number of electronic mailing lists for discussion of Red Hat software andtechnology You can find a list of publicly available mailing lists at httpswwwredhatcommailmanlistinfo Click on the name of any mailing list to subscribe to that list or to access the list archives
22 Give us Feedback
If you find a typographical error or know how this guide can be improved we would love to hear fromyou Submit a report in Bugzilla against the product JBoss Enterprise Application Platform5 and the component doc-Installation_Guide The following link will take you to a pre-filled bugreport for this product httpbugzillaredhatcom2
Fill out the following template in Bugzillas Description field Be as specific as possible whendescribing the issue this will help ensure that we can fix it quickly
Document URL
Section Number and Name
Describe the issue
Suggestions for improvement
Additional information
Be sure to give us your name so that you can receive full credit for reporting the issue
2 httpsbugzillaredhatcomenter_bugcgiproduct=JBoss20Enterprise20Application20Platform205ampcomponent=doc-Installation_Guideampversion=512ampshort_desc=Bug20in20Installation20Guide
Chapter 1
1
IntroductionJBoss Enterprise Application Platform is the open source implementation of the Java EE suite ofservices It comprises a set of offerings for enterprise customers who are looking for preconfiguredprofiles of JBoss Enterprise Middleware components that have been tested and certified togetherto provide an integrated experience Its easy-to-use server architecture and high flexibility makesJBoss the ideal choice for users just starting out with J2EE as well as senior architects looking for acustomizable middleware platform
Because it is Java-based JBoss Enterprise Application Platform is cross-platform easy to installand use on any operating system that supports Java The readily available source code is a powerfullearning tool to debug the server and understand it It also gives you the flexibility to create customizedversions for your personal or business use
Installing JBoss Enterprise Web Platform is simple and easy You can have it installed and running inno time This guide will teach you to install and uninstall JBoss
11 Other ManualsIf you are looking for detailed product information refer to the manuals available online at httpdocsredhatcom
2
Chapter 2
3
Migrating to Enterprise ApplicationPlatform 5This chapter provides information for administrators who plan to move their enterprise servers fromJBoss Enterprise Application Platform 42 or 43 to the new Enterprise Application Platform 5
The first section covers new features available in Enterprise Application Platform 5 The secondsection covers the changes to configuration administration and application deployment betweenEnterprise Application Platform 4x and Enterprise Application Platform 5
If you require further information refer to the relevant guides provided in this release
21 Whats New in Enterprise Application Platform 5This section provides an overview of the components of Enterprise Application Platform 5 and thechanges to each component between version 4x and 5
211 JBoss Application Server 5 GAJBoss Application Server 5 is the next generation of the JBoss Application Server built on top of a newkernel architecture the JBoss Microcontainer The JBoss Microcontainer is a lightweight containerfor managing the deployment configuration and lifecycle of Plain Old Java Objects (POJOs) Whileremaining compatible with the 4x-based JMX kernel the Microcontainer integrates with the JBossframework for Aspect Oriented Programming JBoss AOP JMX support remains strong in JBossAS 5 and MBean services written against the old Microkernel work as expected Further it lays thegroundwork for Java EE 6 profile-oriented configurations and embedded JBoss AS which will allow forfine grained selection of services for both unit testing and embedded scenarios
2111 ProfileService-based Deployment ConfigurationDefinitions for both non-kernel deployers and their deployment are now contained in a Profile obtainedfrom the ProfileService The ProfileService replaces JBoss AS 4x server configuration In JBossAS 4x a server configuration was a collection of services and applications loaded from the deploydirectory by the deployment scanner service Enterprise Application Platform 5 uses more activeprofiles which may depend on other sub-profiles
The main profile is the server profile which is based on the $jbossservername This profilehas three sub-profiles
bull bootstrap mdash representing confjboss-servicexml
bull deployers mdash the deployers directory
bull applications mdash a hot-deployment profile for the deploy and additional user directories
A profile generally represents a named collection of deployments on a server A profile can also applycertain behaviors to the deployments that it manages Some profiles such as the applicationprofile provide hot-deployment checks and allow remote distribution of deployed applications viathe DeploymentManager Other profiles can provide a farming service to distribute deploymentsover a cluster The ProfileService also provides the ManagementView for ManagedDeploymentsManagedObjects used by the Enterprise Application Admin Console (admin-console)
Chapter 2 Migrating to Enterprise Application Platform 5
4
212 Enterprise Java Beans (EJB) 30JBoss EJB 30 an implementation of the latest revision of the EJB specification is a deep overhauland simplification of earlier versions of the EJB specification It simplifies development facilitates atest driven approach and focuses more on writing POJOs rather than coding against complex EJBAPIs
213 Java Enterprise Edition 5 ComplianceJBoss Enterprise Application Platform 5 is a fully-certified Java EE 5 implementation It uses themicrocontainer to integrate enterprise services with a ServletJSP container EJB container deployersand management utilities providing a standard Java EE environment with the flexibility to deployadditional services on top of Java EE to give you the functionality you need For further compatibilitydetails read httpjavasuncomjavaeeoverviewcompatibilityjsp page
214 Seam 220GASeam is an application framework for Java Enterprise Edition It integrates technologies such asAsynchronous JavaScript and XML (AJAX) JavaServer Faces (JSF) Java Persistence (JPA)Enterprise JavaBeans 30 (EJB) and Business Process Management (BPM) Seam enablesdevelopers to assemble complex web applications using simple annotated Java classes a rich set ofUI components and very little XML
215 RESTEasy 11GARESTEasy provides several frameworks to help you build RESTful Web Services and RESTful Javaapplications It is a fully-certified portable implementation of the JAX-RS1 specification which definesa Java API for RESTful Web Services over the Hypertext Transfer Protocol (HTTP)
216 Enhanced Enterprise GUI InstallerThe Enterprise Installer retains the familiar Enterprise Application Platform 43 interface but includesenhancements to provide you with a complete Enterprise Application Platform 5 installation Theinstaller is localized and provides you with secure JMX Web and Admin Consoles
The new Enterprise Installer also presents users with the opportunity to install the optional Nativepackage which includes JBoss Native and mod_jk The Native package helps users who wish to useTomcat or JBoss Web with the HTTP daemon
217 Enterprise Application Platform Admin ConsoleA new Admin Console is being introduced in this Enterprise Application Platform release The admin-console enables configuration and management of a single Enterprise Application Platform serverinstance See Section 23 ldquoAdmin Consolerdquo for more information about this new managementconsole
218 JBoss Transactions includes Java Transaction ServiceJBoss Transactions now includes the Java Transaction Service and the XML Transaction ServiceThe Java Transaction Service handles distributed interoperable transactions between EnterpriseJavaBean containers The XML Transaction Service handles transactions for Web Services
1 httpjsr311devjavanet
Distribution with Red Hat Signed JARs
5
219 Distribution with Red Hat Signed JARsJAR files included with JBoss Enterprise Application Platform are digitally signed by Red Hat Thisgives you an additional level of security about the source and identity of the code executing on yoursystems
For the complete technology matrix and information on the revision level of included componentsplease refer to the Release Notes
22 Whats Different in Enterprise Application Platform 5The distribution layout and configuration information in the Enterprise Application Platform 5distribution are similar to the Enterprise Application Platform 4x series with some notable differencesThis section highlights the differences at a glance
221 Differences in the Distribution LayoutThe directory structure of jboss-as directory is summarized below
bull bin mdash contains start scripts and runjar
bull client mdash contains client JARs
Note
Previously JBoss client libraries were bundled in jbossall-clientjar Rather thanincluding them jbossall-clientjar now references them through a Classpath manifestentry This enables granular updating of libraries without requiring replacement of all librariesIt requires that you have the jbossall-clientjar which now acts as a map or index aswell as the actual clientjar libraries
bull commonlib mdash contains shared libraries common to various configurations have been movedto this new shared location This eliminates the need for multiple copies of the same library in thedistribution
The location of the common library directory is controlled with the following properties
bull jbosscommonbaseurl mdash the default value is $jbosshomeurlcommon
bull jbosscommonliburl mdash the default value is $jbosscommonbaseurllib
You can set these properties in runconf under JAVA_OPTS with the -D flag
JAVA_OPTS=[] -Djbosscommonbaseurl=$URL1 -Djbosscommonliburl=$URL2
The common library directory is shared by all configuration types except for the minimalconfiguration The common library is referenced at the beginning of every configurations confjboss-servicexml
ltclasspath codebase=$jbossserverliburl archives=gt
Chapter 2 Migrating to Enterprise Application Platform 5
6
The library directory of the individual directory remains in place although in some cases (as in$JBOSS_HOMEserverdefaultlib) it is an empty directory
bull docs mdash contains schemas document type declarations examples and licenses Most deploymentdescriptors now use XML Schema Definitions (XSDs) One exception is jboss-app which usesjboss-app_5_0dtd JBoss Web uses jboss-web_5_1xsd For Enterprise JavaBeans30 deployments jboss_5_1xsd is the recommended schema Enterprise JavaBeans 20deployments must use jboss_x_xdtd
bull lib mdash contains the core bootstrap JARs These have been changed slightly to accommodate theMicrocontainer and the division of jboss-common
bull server mdash contains directories for configuring the server
bull $PROFILE mdash contains the configuration details of a particular server profile
bull conf
bull bootstrapxml mdash a new kernel bootstrap configuration that refers to other configurationfiles containing the beans to set up each individual subsystem
bull bindingservicebeans
bull META-INF
bull bindings-jboss-beansxml mdash contains required port bindings
bull jboss-bindingservicejar
bull bootstrap
bull vfsxml mdash initializes the virtual file system
bull classloaderxml
bull aopxml
bull jmxxml mdash legacy JMX support
bull deployersxml
bull profile-repositoryxml mdash the ProfileService enabled deployment repository
bull jax-ws-catalogxml mdash an Oasis Catalog-driven SchemaDTD namespace configurationfile
bull jbossts-propertiesxml mdash contains new JBossTS properties
bull jboss-servicexml mdash contains legacy static managed beans to retain compatibility
bull jndiproperties mdash contains JNDI configuration properties
bull log4jxml mdash contains log4j configuration information
bull login-configxml mdash contains JAAS login configuration information
bull props mdash contains default JAAS login properties files
bull standardjbosscmp-jdbcxml mdash contains CMP2 configuration information
Differences in the Distribution Layout
7
bull standardjbossxml mdash contains Enterprise JavaBean 20 configuration information
bull xmdesc mdash contains legacy XML managed bean descriptors
bull deploy
bull jca-jboss-beansxml
bull hdscanner-jboss-beansxml mdash contains the hot-deployment scanner
bull legacy-invokers-servicexml
bull profileservice-jboss-beansxml
bull remoting-jboss-beansxml
bull transaction-jboss-beansxml
bull vfs-jboss-beansxml
bull deployers mdash contains new VDF deployers
bull bsh-deployer mdash contains the beanshell deployer
bull ejb3deployer mdash contains Enterprise JavaBean 30 deployers
bull jboss-aop-jboss5deployer mdash contains the aspect deployer
bull jboss-jcadeployer mdash contains the JCA deployers
bull jbosswebdeployer mdash contains the WAR deployers
bull jbosswsdeployer mdash contains the web service deployers
bull seamdeployer mdash contains the Seam deployer
bull clustering-deployers-jboss-beansxml
bull dependency-deployers-jboss-beansxml
bull directory-deployer-jboss-beansxml
bull ear-deployer-jboss-beansxml
bull ejb-deployer-jboss-beansxml
bull hibernate-deployer-jboss-beansxml
bull logbridge-boss-beansxml
bull jsr77-deployers-jboss-beansxml mdash contains JSR-77 (J2EE Management) support
bull metadata-deployer-jboss-beansxml mdash contains the metadata handlers
bull messaging-definitions-jboss-beansxml mdash contains data required to map JMSdestinations to managed objects
bull security-deployer-jboss-beansxml mdash contains the security deployers
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Notes and Warnings
vii
public class ExClient public static void main(String args[]) throws Exception InitialContext iniCtx = new InitialContext() Object ref = iniCtxlookup(EchoBean) EchoHome home = (EchoHome) ref Echo echo = homecreate()
Systemoutprintln(Created Echo)
Systemoutprintln(Echoecho(Hello) = + echoecho(Hello))
13 Notes and WarningsFinally we use three visual styles to draw attention to information that might otherwise be overlooked
Note
Notes are tips shortcuts or alternative approaches to the task at hand Ignoring a note shouldhave no negative consequences but you might miss out on a trick that makes your life easier
Important
Important boxes detail things that are easily missed configuration changes that only apply tothe current session or services that need restarting before an update will apply Ignoring a boxlabeled Important will not cause data loss but may cause irritation and frustration
Warning
Warnings should not be ignored Ignoring warnings will most likely cause data loss
2 Getting Help and Giving Feedback
21 Do You Need Help
If you experience difficulty with a procedure described in this documentation visit the Red HatCustomer Portal at httpaccessredhatcom Through the customer portal you can
bull search or browse through a knowledgebase of technical support articles about Red Hat products
bull submit a support case to Red Hat Global Support Services (GSS)
Preface
viii
bull access other product documentation
Red Hat also hosts a large number of electronic mailing lists for discussion of Red Hat software andtechnology You can find a list of publicly available mailing lists at httpswwwredhatcommailmanlistinfo Click on the name of any mailing list to subscribe to that list or to access the list archives
22 Give us Feedback
If you find a typographical error or know how this guide can be improved we would love to hear fromyou Submit a report in Bugzilla against the product JBoss Enterprise Application Platform5 and the component doc-Installation_Guide The following link will take you to a pre-filled bugreport for this product httpbugzillaredhatcom2
Fill out the following template in Bugzillas Description field Be as specific as possible whendescribing the issue this will help ensure that we can fix it quickly
Document URL
Section Number and Name
Describe the issue
Suggestions for improvement
Additional information
Be sure to give us your name so that you can receive full credit for reporting the issue
2 httpsbugzillaredhatcomenter_bugcgiproduct=JBoss20Enterprise20Application20Platform205ampcomponent=doc-Installation_Guideampversion=512ampshort_desc=Bug20in20Installation20Guide
Chapter 1
1
IntroductionJBoss Enterprise Application Platform is the open source implementation of the Java EE suite ofservices It comprises a set of offerings for enterprise customers who are looking for preconfiguredprofiles of JBoss Enterprise Middleware components that have been tested and certified togetherto provide an integrated experience Its easy-to-use server architecture and high flexibility makesJBoss the ideal choice for users just starting out with J2EE as well as senior architects looking for acustomizable middleware platform
Because it is Java-based JBoss Enterprise Application Platform is cross-platform easy to installand use on any operating system that supports Java The readily available source code is a powerfullearning tool to debug the server and understand it It also gives you the flexibility to create customizedversions for your personal or business use
Installing JBoss Enterprise Web Platform is simple and easy You can have it installed and running inno time This guide will teach you to install and uninstall JBoss
11 Other ManualsIf you are looking for detailed product information refer to the manuals available online at httpdocsredhatcom
2
Chapter 2
3
Migrating to Enterprise ApplicationPlatform 5This chapter provides information for administrators who plan to move their enterprise servers fromJBoss Enterprise Application Platform 42 or 43 to the new Enterprise Application Platform 5
The first section covers new features available in Enterprise Application Platform 5 The secondsection covers the changes to configuration administration and application deployment betweenEnterprise Application Platform 4x and Enterprise Application Platform 5
If you require further information refer to the relevant guides provided in this release
21 Whats New in Enterprise Application Platform 5This section provides an overview of the components of Enterprise Application Platform 5 and thechanges to each component between version 4x and 5
211 JBoss Application Server 5 GAJBoss Application Server 5 is the next generation of the JBoss Application Server built on top of a newkernel architecture the JBoss Microcontainer The JBoss Microcontainer is a lightweight containerfor managing the deployment configuration and lifecycle of Plain Old Java Objects (POJOs) Whileremaining compatible with the 4x-based JMX kernel the Microcontainer integrates with the JBossframework for Aspect Oriented Programming JBoss AOP JMX support remains strong in JBossAS 5 and MBean services written against the old Microkernel work as expected Further it lays thegroundwork for Java EE 6 profile-oriented configurations and embedded JBoss AS which will allow forfine grained selection of services for both unit testing and embedded scenarios
2111 ProfileService-based Deployment ConfigurationDefinitions for both non-kernel deployers and their deployment are now contained in a Profile obtainedfrom the ProfileService The ProfileService replaces JBoss AS 4x server configuration In JBossAS 4x a server configuration was a collection of services and applications loaded from the deploydirectory by the deployment scanner service Enterprise Application Platform 5 uses more activeprofiles which may depend on other sub-profiles
The main profile is the server profile which is based on the $jbossservername This profilehas three sub-profiles
bull bootstrap mdash representing confjboss-servicexml
bull deployers mdash the deployers directory
bull applications mdash a hot-deployment profile for the deploy and additional user directories
A profile generally represents a named collection of deployments on a server A profile can also applycertain behaviors to the deployments that it manages Some profiles such as the applicationprofile provide hot-deployment checks and allow remote distribution of deployed applications viathe DeploymentManager Other profiles can provide a farming service to distribute deploymentsover a cluster The ProfileService also provides the ManagementView for ManagedDeploymentsManagedObjects used by the Enterprise Application Admin Console (admin-console)
Chapter 2 Migrating to Enterprise Application Platform 5
4
212 Enterprise Java Beans (EJB) 30JBoss EJB 30 an implementation of the latest revision of the EJB specification is a deep overhauland simplification of earlier versions of the EJB specification It simplifies development facilitates atest driven approach and focuses more on writing POJOs rather than coding against complex EJBAPIs
213 Java Enterprise Edition 5 ComplianceJBoss Enterprise Application Platform 5 is a fully-certified Java EE 5 implementation It uses themicrocontainer to integrate enterprise services with a ServletJSP container EJB container deployersand management utilities providing a standard Java EE environment with the flexibility to deployadditional services on top of Java EE to give you the functionality you need For further compatibilitydetails read httpjavasuncomjavaeeoverviewcompatibilityjsp page
214 Seam 220GASeam is an application framework for Java Enterprise Edition It integrates technologies such asAsynchronous JavaScript and XML (AJAX) JavaServer Faces (JSF) Java Persistence (JPA)Enterprise JavaBeans 30 (EJB) and Business Process Management (BPM) Seam enablesdevelopers to assemble complex web applications using simple annotated Java classes a rich set ofUI components and very little XML
215 RESTEasy 11GARESTEasy provides several frameworks to help you build RESTful Web Services and RESTful Javaapplications It is a fully-certified portable implementation of the JAX-RS1 specification which definesa Java API for RESTful Web Services over the Hypertext Transfer Protocol (HTTP)
216 Enhanced Enterprise GUI InstallerThe Enterprise Installer retains the familiar Enterprise Application Platform 43 interface but includesenhancements to provide you with a complete Enterprise Application Platform 5 installation Theinstaller is localized and provides you with secure JMX Web and Admin Consoles
The new Enterprise Installer also presents users with the opportunity to install the optional Nativepackage which includes JBoss Native and mod_jk The Native package helps users who wish to useTomcat or JBoss Web with the HTTP daemon
217 Enterprise Application Platform Admin ConsoleA new Admin Console is being introduced in this Enterprise Application Platform release The admin-console enables configuration and management of a single Enterprise Application Platform serverinstance See Section 23 ldquoAdmin Consolerdquo for more information about this new managementconsole
218 JBoss Transactions includes Java Transaction ServiceJBoss Transactions now includes the Java Transaction Service and the XML Transaction ServiceThe Java Transaction Service handles distributed interoperable transactions between EnterpriseJavaBean containers The XML Transaction Service handles transactions for Web Services
1 httpjsr311devjavanet
Distribution with Red Hat Signed JARs
5
219 Distribution with Red Hat Signed JARsJAR files included with JBoss Enterprise Application Platform are digitally signed by Red Hat Thisgives you an additional level of security about the source and identity of the code executing on yoursystems
For the complete technology matrix and information on the revision level of included componentsplease refer to the Release Notes
22 Whats Different in Enterprise Application Platform 5The distribution layout and configuration information in the Enterprise Application Platform 5distribution are similar to the Enterprise Application Platform 4x series with some notable differencesThis section highlights the differences at a glance
221 Differences in the Distribution LayoutThe directory structure of jboss-as directory is summarized below
bull bin mdash contains start scripts and runjar
bull client mdash contains client JARs
Note
Previously JBoss client libraries were bundled in jbossall-clientjar Rather thanincluding them jbossall-clientjar now references them through a Classpath manifestentry This enables granular updating of libraries without requiring replacement of all librariesIt requires that you have the jbossall-clientjar which now acts as a map or index aswell as the actual clientjar libraries
bull commonlib mdash contains shared libraries common to various configurations have been movedto this new shared location This eliminates the need for multiple copies of the same library in thedistribution
The location of the common library directory is controlled with the following properties
bull jbosscommonbaseurl mdash the default value is $jbosshomeurlcommon
bull jbosscommonliburl mdash the default value is $jbosscommonbaseurllib
You can set these properties in runconf under JAVA_OPTS with the -D flag
JAVA_OPTS=[] -Djbosscommonbaseurl=$URL1 -Djbosscommonliburl=$URL2
The common library directory is shared by all configuration types except for the minimalconfiguration The common library is referenced at the beginning of every configurations confjboss-servicexml
ltclasspath codebase=$jbossserverliburl archives=gt
Chapter 2 Migrating to Enterprise Application Platform 5
6
The library directory of the individual directory remains in place although in some cases (as in$JBOSS_HOMEserverdefaultlib) it is an empty directory
bull docs mdash contains schemas document type declarations examples and licenses Most deploymentdescriptors now use XML Schema Definitions (XSDs) One exception is jboss-app which usesjboss-app_5_0dtd JBoss Web uses jboss-web_5_1xsd For Enterprise JavaBeans30 deployments jboss_5_1xsd is the recommended schema Enterprise JavaBeans 20deployments must use jboss_x_xdtd
bull lib mdash contains the core bootstrap JARs These have been changed slightly to accommodate theMicrocontainer and the division of jboss-common
bull server mdash contains directories for configuring the server
bull $PROFILE mdash contains the configuration details of a particular server profile
bull conf
bull bootstrapxml mdash a new kernel bootstrap configuration that refers to other configurationfiles containing the beans to set up each individual subsystem
bull bindingservicebeans
bull META-INF
bull bindings-jboss-beansxml mdash contains required port bindings
bull jboss-bindingservicejar
bull bootstrap
bull vfsxml mdash initializes the virtual file system
bull classloaderxml
bull aopxml
bull jmxxml mdash legacy JMX support
bull deployersxml
bull profile-repositoryxml mdash the ProfileService enabled deployment repository
bull jax-ws-catalogxml mdash an Oasis Catalog-driven SchemaDTD namespace configurationfile
bull jbossts-propertiesxml mdash contains new JBossTS properties
bull jboss-servicexml mdash contains legacy static managed beans to retain compatibility
bull jndiproperties mdash contains JNDI configuration properties
bull log4jxml mdash contains log4j configuration information
bull login-configxml mdash contains JAAS login configuration information
bull props mdash contains default JAAS login properties files
bull standardjbosscmp-jdbcxml mdash contains CMP2 configuration information
Differences in the Distribution Layout
7
bull standardjbossxml mdash contains Enterprise JavaBean 20 configuration information
bull xmdesc mdash contains legacy XML managed bean descriptors
bull deploy
bull jca-jboss-beansxml
bull hdscanner-jboss-beansxml mdash contains the hot-deployment scanner
bull legacy-invokers-servicexml
bull profileservice-jboss-beansxml
bull remoting-jboss-beansxml
bull transaction-jboss-beansxml
bull vfs-jboss-beansxml
bull deployers mdash contains new VDF deployers
bull bsh-deployer mdash contains the beanshell deployer
bull ejb3deployer mdash contains Enterprise JavaBean 30 deployers
bull jboss-aop-jboss5deployer mdash contains the aspect deployer
bull jboss-jcadeployer mdash contains the JCA deployers
bull jbosswebdeployer mdash contains the WAR deployers
bull jbosswsdeployer mdash contains the web service deployers
bull seamdeployer mdash contains the Seam deployer
bull clustering-deployers-jboss-beansxml
bull dependency-deployers-jboss-beansxml
bull directory-deployer-jboss-beansxml
bull ear-deployer-jboss-beansxml
bull ejb-deployer-jboss-beansxml
bull hibernate-deployer-jboss-beansxml
bull logbridge-boss-beansxml
bull jsr77-deployers-jboss-beansxml mdash contains JSR-77 (J2EE Management) support
bull metadata-deployer-jboss-beansxml mdash contains the metadata handlers
bull messaging-definitions-jboss-beansxml mdash contains data required to map JMSdestinations to managed objects
bull security-deployer-jboss-beansxml mdash contains the security deployers
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Preface
viii
bull access other product documentation
Red Hat also hosts a large number of electronic mailing lists for discussion of Red Hat software andtechnology You can find a list of publicly available mailing lists at httpswwwredhatcommailmanlistinfo Click on the name of any mailing list to subscribe to that list or to access the list archives
22 Give us Feedback
If you find a typographical error or know how this guide can be improved we would love to hear fromyou Submit a report in Bugzilla against the product JBoss Enterprise Application Platform5 and the component doc-Installation_Guide The following link will take you to a pre-filled bugreport for this product httpbugzillaredhatcom2
Fill out the following template in Bugzillas Description field Be as specific as possible whendescribing the issue this will help ensure that we can fix it quickly
Document URL
Section Number and Name
Describe the issue
Suggestions for improvement
Additional information
Be sure to give us your name so that you can receive full credit for reporting the issue
2 httpsbugzillaredhatcomenter_bugcgiproduct=JBoss20Enterprise20Application20Platform205ampcomponent=doc-Installation_Guideampversion=512ampshort_desc=Bug20in20Installation20Guide
Chapter 1
1
IntroductionJBoss Enterprise Application Platform is the open source implementation of the Java EE suite ofservices It comprises a set of offerings for enterprise customers who are looking for preconfiguredprofiles of JBoss Enterprise Middleware components that have been tested and certified togetherto provide an integrated experience Its easy-to-use server architecture and high flexibility makesJBoss the ideal choice for users just starting out with J2EE as well as senior architects looking for acustomizable middleware platform
Because it is Java-based JBoss Enterprise Application Platform is cross-platform easy to installand use on any operating system that supports Java The readily available source code is a powerfullearning tool to debug the server and understand it It also gives you the flexibility to create customizedversions for your personal or business use
Installing JBoss Enterprise Web Platform is simple and easy You can have it installed and running inno time This guide will teach you to install and uninstall JBoss
11 Other ManualsIf you are looking for detailed product information refer to the manuals available online at httpdocsredhatcom
2
Chapter 2
3
Migrating to Enterprise ApplicationPlatform 5This chapter provides information for administrators who plan to move their enterprise servers fromJBoss Enterprise Application Platform 42 or 43 to the new Enterprise Application Platform 5
The first section covers new features available in Enterprise Application Platform 5 The secondsection covers the changes to configuration administration and application deployment betweenEnterprise Application Platform 4x and Enterprise Application Platform 5
If you require further information refer to the relevant guides provided in this release
21 Whats New in Enterprise Application Platform 5This section provides an overview of the components of Enterprise Application Platform 5 and thechanges to each component between version 4x and 5
211 JBoss Application Server 5 GAJBoss Application Server 5 is the next generation of the JBoss Application Server built on top of a newkernel architecture the JBoss Microcontainer The JBoss Microcontainer is a lightweight containerfor managing the deployment configuration and lifecycle of Plain Old Java Objects (POJOs) Whileremaining compatible with the 4x-based JMX kernel the Microcontainer integrates with the JBossframework for Aspect Oriented Programming JBoss AOP JMX support remains strong in JBossAS 5 and MBean services written against the old Microkernel work as expected Further it lays thegroundwork for Java EE 6 profile-oriented configurations and embedded JBoss AS which will allow forfine grained selection of services for both unit testing and embedded scenarios
2111 ProfileService-based Deployment ConfigurationDefinitions for both non-kernel deployers and their deployment are now contained in a Profile obtainedfrom the ProfileService The ProfileService replaces JBoss AS 4x server configuration In JBossAS 4x a server configuration was a collection of services and applications loaded from the deploydirectory by the deployment scanner service Enterprise Application Platform 5 uses more activeprofiles which may depend on other sub-profiles
The main profile is the server profile which is based on the $jbossservername This profilehas three sub-profiles
bull bootstrap mdash representing confjboss-servicexml
bull deployers mdash the deployers directory
bull applications mdash a hot-deployment profile for the deploy and additional user directories
A profile generally represents a named collection of deployments on a server A profile can also applycertain behaviors to the deployments that it manages Some profiles such as the applicationprofile provide hot-deployment checks and allow remote distribution of deployed applications viathe DeploymentManager Other profiles can provide a farming service to distribute deploymentsover a cluster The ProfileService also provides the ManagementView for ManagedDeploymentsManagedObjects used by the Enterprise Application Admin Console (admin-console)
Chapter 2 Migrating to Enterprise Application Platform 5
4
212 Enterprise Java Beans (EJB) 30JBoss EJB 30 an implementation of the latest revision of the EJB specification is a deep overhauland simplification of earlier versions of the EJB specification It simplifies development facilitates atest driven approach and focuses more on writing POJOs rather than coding against complex EJBAPIs
213 Java Enterprise Edition 5 ComplianceJBoss Enterprise Application Platform 5 is a fully-certified Java EE 5 implementation It uses themicrocontainer to integrate enterprise services with a ServletJSP container EJB container deployersand management utilities providing a standard Java EE environment with the flexibility to deployadditional services on top of Java EE to give you the functionality you need For further compatibilitydetails read httpjavasuncomjavaeeoverviewcompatibilityjsp page
214 Seam 220GASeam is an application framework for Java Enterprise Edition It integrates technologies such asAsynchronous JavaScript and XML (AJAX) JavaServer Faces (JSF) Java Persistence (JPA)Enterprise JavaBeans 30 (EJB) and Business Process Management (BPM) Seam enablesdevelopers to assemble complex web applications using simple annotated Java classes a rich set ofUI components and very little XML
215 RESTEasy 11GARESTEasy provides several frameworks to help you build RESTful Web Services and RESTful Javaapplications It is a fully-certified portable implementation of the JAX-RS1 specification which definesa Java API for RESTful Web Services over the Hypertext Transfer Protocol (HTTP)
216 Enhanced Enterprise GUI InstallerThe Enterprise Installer retains the familiar Enterprise Application Platform 43 interface but includesenhancements to provide you with a complete Enterprise Application Platform 5 installation Theinstaller is localized and provides you with secure JMX Web and Admin Consoles
The new Enterprise Installer also presents users with the opportunity to install the optional Nativepackage which includes JBoss Native and mod_jk The Native package helps users who wish to useTomcat or JBoss Web with the HTTP daemon
217 Enterprise Application Platform Admin ConsoleA new Admin Console is being introduced in this Enterprise Application Platform release The admin-console enables configuration and management of a single Enterprise Application Platform serverinstance See Section 23 ldquoAdmin Consolerdquo for more information about this new managementconsole
218 JBoss Transactions includes Java Transaction ServiceJBoss Transactions now includes the Java Transaction Service and the XML Transaction ServiceThe Java Transaction Service handles distributed interoperable transactions between EnterpriseJavaBean containers The XML Transaction Service handles transactions for Web Services
1 httpjsr311devjavanet
Distribution with Red Hat Signed JARs
5
219 Distribution with Red Hat Signed JARsJAR files included with JBoss Enterprise Application Platform are digitally signed by Red Hat Thisgives you an additional level of security about the source and identity of the code executing on yoursystems
For the complete technology matrix and information on the revision level of included componentsplease refer to the Release Notes
22 Whats Different in Enterprise Application Platform 5The distribution layout and configuration information in the Enterprise Application Platform 5distribution are similar to the Enterprise Application Platform 4x series with some notable differencesThis section highlights the differences at a glance
221 Differences in the Distribution LayoutThe directory structure of jboss-as directory is summarized below
bull bin mdash contains start scripts and runjar
bull client mdash contains client JARs
Note
Previously JBoss client libraries were bundled in jbossall-clientjar Rather thanincluding them jbossall-clientjar now references them through a Classpath manifestentry This enables granular updating of libraries without requiring replacement of all librariesIt requires that you have the jbossall-clientjar which now acts as a map or index aswell as the actual clientjar libraries
bull commonlib mdash contains shared libraries common to various configurations have been movedto this new shared location This eliminates the need for multiple copies of the same library in thedistribution
The location of the common library directory is controlled with the following properties
bull jbosscommonbaseurl mdash the default value is $jbosshomeurlcommon
bull jbosscommonliburl mdash the default value is $jbosscommonbaseurllib
You can set these properties in runconf under JAVA_OPTS with the -D flag
JAVA_OPTS=[] -Djbosscommonbaseurl=$URL1 -Djbosscommonliburl=$URL2
The common library directory is shared by all configuration types except for the minimalconfiguration The common library is referenced at the beginning of every configurations confjboss-servicexml
ltclasspath codebase=$jbossserverliburl archives=gt
Chapter 2 Migrating to Enterprise Application Platform 5
6
The library directory of the individual directory remains in place although in some cases (as in$JBOSS_HOMEserverdefaultlib) it is an empty directory
bull docs mdash contains schemas document type declarations examples and licenses Most deploymentdescriptors now use XML Schema Definitions (XSDs) One exception is jboss-app which usesjboss-app_5_0dtd JBoss Web uses jboss-web_5_1xsd For Enterprise JavaBeans30 deployments jboss_5_1xsd is the recommended schema Enterprise JavaBeans 20deployments must use jboss_x_xdtd
bull lib mdash contains the core bootstrap JARs These have been changed slightly to accommodate theMicrocontainer and the division of jboss-common
bull server mdash contains directories for configuring the server
bull $PROFILE mdash contains the configuration details of a particular server profile
bull conf
bull bootstrapxml mdash a new kernel bootstrap configuration that refers to other configurationfiles containing the beans to set up each individual subsystem
bull bindingservicebeans
bull META-INF
bull bindings-jboss-beansxml mdash contains required port bindings
bull jboss-bindingservicejar
bull bootstrap
bull vfsxml mdash initializes the virtual file system
bull classloaderxml
bull aopxml
bull jmxxml mdash legacy JMX support
bull deployersxml
bull profile-repositoryxml mdash the ProfileService enabled deployment repository
bull jax-ws-catalogxml mdash an Oasis Catalog-driven SchemaDTD namespace configurationfile
bull jbossts-propertiesxml mdash contains new JBossTS properties
bull jboss-servicexml mdash contains legacy static managed beans to retain compatibility
bull jndiproperties mdash contains JNDI configuration properties
bull log4jxml mdash contains log4j configuration information
bull login-configxml mdash contains JAAS login configuration information
bull props mdash contains default JAAS login properties files
bull standardjbosscmp-jdbcxml mdash contains CMP2 configuration information
Differences in the Distribution Layout
7
bull standardjbossxml mdash contains Enterprise JavaBean 20 configuration information
bull xmdesc mdash contains legacy XML managed bean descriptors
bull deploy
bull jca-jboss-beansxml
bull hdscanner-jboss-beansxml mdash contains the hot-deployment scanner
bull legacy-invokers-servicexml
bull profileservice-jboss-beansxml
bull remoting-jboss-beansxml
bull transaction-jboss-beansxml
bull vfs-jboss-beansxml
bull deployers mdash contains new VDF deployers
bull bsh-deployer mdash contains the beanshell deployer
bull ejb3deployer mdash contains Enterprise JavaBean 30 deployers
bull jboss-aop-jboss5deployer mdash contains the aspect deployer
bull jboss-jcadeployer mdash contains the JCA deployers
bull jbosswebdeployer mdash contains the WAR deployers
bull jbosswsdeployer mdash contains the web service deployers
bull seamdeployer mdash contains the Seam deployer
bull clustering-deployers-jboss-beansxml
bull dependency-deployers-jboss-beansxml
bull directory-deployer-jboss-beansxml
bull ear-deployer-jboss-beansxml
bull ejb-deployer-jboss-beansxml
bull hibernate-deployer-jboss-beansxml
bull logbridge-boss-beansxml
bull jsr77-deployers-jboss-beansxml mdash contains JSR-77 (J2EE Management) support
bull metadata-deployer-jboss-beansxml mdash contains the metadata handlers
bull messaging-definitions-jboss-beansxml mdash contains data required to map JMSdestinations to managed objects
bull security-deployer-jboss-beansxml mdash contains the security deployers
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 1
1
IntroductionJBoss Enterprise Application Platform is the open source implementation of the Java EE suite ofservices It comprises a set of offerings for enterprise customers who are looking for preconfiguredprofiles of JBoss Enterprise Middleware components that have been tested and certified togetherto provide an integrated experience Its easy-to-use server architecture and high flexibility makesJBoss the ideal choice for users just starting out with J2EE as well as senior architects looking for acustomizable middleware platform
Because it is Java-based JBoss Enterprise Application Platform is cross-platform easy to installand use on any operating system that supports Java The readily available source code is a powerfullearning tool to debug the server and understand it It also gives you the flexibility to create customizedversions for your personal or business use
Installing JBoss Enterprise Web Platform is simple and easy You can have it installed and running inno time This guide will teach you to install and uninstall JBoss
11 Other ManualsIf you are looking for detailed product information refer to the manuals available online at httpdocsredhatcom
2
Chapter 2
3
Migrating to Enterprise ApplicationPlatform 5This chapter provides information for administrators who plan to move their enterprise servers fromJBoss Enterprise Application Platform 42 or 43 to the new Enterprise Application Platform 5
The first section covers new features available in Enterprise Application Platform 5 The secondsection covers the changes to configuration administration and application deployment betweenEnterprise Application Platform 4x and Enterprise Application Platform 5
If you require further information refer to the relevant guides provided in this release
21 Whats New in Enterprise Application Platform 5This section provides an overview of the components of Enterprise Application Platform 5 and thechanges to each component between version 4x and 5
211 JBoss Application Server 5 GAJBoss Application Server 5 is the next generation of the JBoss Application Server built on top of a newkernel architecture the JBoss Microcontainer The JBoss Microcontainer is a lightweight containerfor managing the deployment configuration and lifecycle of Plain Old Java Objects (POJOs) Whileremaining compatible with the 4x-based JMX kernel the Microcontainer integrates with the JBossframework for Aspect Oriented Programming JBoss AOP JMX support remains strong in JBossAS 5 and MBean services written against the old Microkernel work as expected Further it lays thegroundwork for Java EE 6 profile-oriented configurations and embedded JBoss AS which will allow forfine grained selection of services for both unit testing and embedded scenarios
2111 ProfileService-based Deployment ConfigurationDefinitions for both non-kernel deployers and their deployment are now contained in a Profile obtainedfrom the ProfileService The ProfileService replaces JBoss AS 4x server configuration In JBossAS 4x a server configuration was a collection of services and applications loaded from the deploydirectory by the deployment scanner service Enterprise Application Platform 5 uses more activeprofiles which may depend on other sub-profiles
The main profile is the server profile which is based on the $jbossservername This profilehas three sub-profiles
bull bootstrap mdash representing confjboss-servicexml
bull deployers mdash the deployers directory
bull applications mdash a hot-deployment profile for the deploy and additional user directories
A profile generally represents a named collection of deployments on a server A profile can also applycertain behaviors to the deployments that it manages Some profiles such as the applicationprofile provide hot-deployment checks and allow remote distribution of deployed applications viathe DeploymentManager Other profiles can provide a farming service to distribute deploymentsover a cluster The ProfileService also provides the ManagementView for ManagedDeploymentsManagedObjects used by the Enterprise Application Admin Console (admin-console)
Chapter 2 Migrating to Enterprise Application Platform 5
4
212 Enterprise Java Beans (EJB) 30JBoss EJB 30 an implementation of the latest revision of the EJB specification is a deep overhauland simplification of earlier versions of the EJB specification It simplifies development facilitates atest driven approach and focuses more on writing POJOs rather than coding against complex EJBAPIs
213 Java Enterprise Edition 5 ComplianceJBoss Enterprise Application Platform 5 is a fully-certified Java EE 5 implementation It uses themicrocontainer to integrate enterprise services with a ServletJSP container EJB container deployersand management utilities providing a standard Java EE environment with the flexibility to deployadditional services on top of Java EE to give you the functionality you need For further compatibilitydetails read httpjavasuncomjavaeeoverviewcompatibilityjsp page
214 Seam 220GASeam is an application framework for Java Enterprise Edition It integrates technologies such asAsynchronous JavaScript and XML (AJAX) JavaServer Faces (JSF) Java Persistence (JPA)Enterprise JavaBeans 30 (EJB) and Business Process Management (BPM) Seam enablesdevelopers to assemble complex web applications using simple annotated Java classes a rich set ofUI components and very little XML
215 RESTEasy 11GARESTEasy provides several frameworks to help you build RESTful Web Services and RESTful Javaapplications It is a fully-certified portable implementation of the JAX-RS1 specification which definesa Java API for RESTful Web Services over the Hypertext Transfer Protocol (HTTP)
216 Enhanced Enterprise GUI InstallerThe Enterprise Installer retains the familiar Enterprise Application Platform 43 interface but includesenhancements to provide you with a complete Enterprise Application Platform 5 installation Theinstaller is localized and provides you with secure JMX Web and Admin Consoles
The new Enterprise Installer also presents users with the opportunity to install the optional Nativepackage which includes JBoss Native and mod_jk The Native package helps users who wish to useTomcat or JBoss Web with the HTTP daemon
217 Enterprise Application Platform Admin ConsoleA new Admin Console is being introduced in this Enterprise Application Platform release The admin-console enables configuration and management of a single Enterprise Application Platform serverinstance See Section 23 ldquoAdmin Consolerdquo for more information about this new managementconsole
218 JBoss Transactions includes Java Transaction ServiceJBoss Transactions now includes the Java Transaction Service and the XML Transaction ServiceThe Java Transaction Service handles distributed interoperable transactions between EnterpriseJavaBean containers The XML Transaction Service handles transactions for Web Services
1 httpjsr311devjavanet
Distribution with Red Hat Signed JARs
5
219 Distribution with Red Hat Signed JARsJAR files included with JBoss Enterprise Application Platform are digitally signed by Red Hat Thisgives you an additional level of security about the source and identity of the code executing on yoursystems
For the complete technology matrix and information on the revision level of included componentsplease refer to the Release Notes
22 Whats Different in Enterprise Application Platform 5The distribution layout and configuration information in the Enterprise Application Platform 5distribution are similar to the Enterprise Application Platform 4x series with some notable differencesThis section highlights the differences at a glance
221 Differences in the Distribution LayoutThe directory structure of jboss-as directory is summarized below
bull bin mdash contains start scripts and runjar
bull client mdash contains client JARs
Note
Previously JBoss client libraries were bundled in jbossall-clientjar Rather thanincluding them jbossall-clientjar now references them through a Classpath manifestentry This enables granular updating of libraries without requiring replacement of all librariesIt requires that you have the jbossall-clientjar which now acts as a map or index aswell as the actual clientjar libraries
bull commonlib mdash contains shared libraries common to various configurations have been movedto this new shared location This eliminates the need for multiple copies of the same library in thedistribution
The location of the common library directory is controlled with the following properties
bull jbosscommonbaseurl mdash the default value is $jbosshomeurlcommon
bull jbosscommonliburl mdash the default value is $jbosscommonbaseurllib
You can set these properties in runconf under JAVA_OPTS with the -D flag
JAVA_OPTS=[] -Djbosscommonbaseurl=$URL1 -Djbosscommonliburl=$URL2
The common library directory is shared by all configuration types except for the minimalconfiguration The common library is referenced at the beginning of every configurations confjboss-servicexml
ltclasspath codebase=$jbossserverliburl archives=gt
Chapter 2 Migrating to Enterprise Application Platform 5
6
The library directory of the individual directory remains in place although in some cases (as in$JBOSS_HOMEserverdefaultlib) it is an empty directory
bull docs mdash contains schemas document type declarations examples and licenses Most deploymentdescriptors now use XML Schema Definitions (XSDs) One exception is jboss-app which usesjboss-app_5_0dtd JBoss Web uses jboss-web_5_1xsd For Enterprise JavaBeans30 deployments jboss_5_1xsd is the recommended schema Enterprise JavaBeans 20deployments must use jboss_x_xdtd
bull lib mdash contains the core bootstrap JARs These have been changed slightly to accommodate theMicrocontainer and the division of jboss-common
bull server mdash contains directories for configuring the server
bull $PROFILE mdash contains the configuration details of a particular server profile
bull conf
bull bootstrapxml mdash a new kernel bootstrap configuration that refers to other configurationfiles containing the beans to set up each individual subsystem
bull bindingservicebeans
bull META-INF
bull bindings-jboss-beansxml mdash contains required port bindings
bull jboss-bindingservicejar
bull bootstrap
bull vfsxml mdash initializes the virtual file system
bull classloaderxml
bull aopxml
bull jmxxml mdash legacy JMX support
bull deployersxml
bull profile-repositoryxml mdash the ProfileService enabled deployment repository
bull jax-ws-catalogxml mdash an Oasis Catalog-driven SchemaDTD namespace configurationfile
bull jbossts-propertiesxml mdash contains new JBossTS properties
bull jboss-servicexml mdash contains legacy static managed beans to retain compatibility
bull jndiproperties mdash contains JNDI configuration properties
bull log4jxml mdash contains log4j configuration information
bull login-configxml mdash contains JAAS login configuration information
bull props mdash contains default JAAS login properties files
bull standardjbosscmp-jdbcxml mdash contains CMP2 configuration information
Differences in the Distribution Layout
7
bull standardjbossxml mdash contains Enterprise JavaBean 20 configuration information
bull xmdesc mdash contains legacy XML managed bean descriptors
bull deploy
bull jca-jboss-beansxml
bull hdscanner-jboss-beansxml mdash contains the hot-deployment scanner
bull legacy-invokers-servicexml
bull profileservice-jboss-beansxml
bull remoting-jboss-beansxml
bull transaction-jboss-beansxml
bull vfs-jboss-beansxml
bull deployers mdash contains new VDF deployers
bull bsh-deployer mdash contains the beanshell deployer
bull ejb3deployer mdash contains Enterprise JavaBean 30 deployers
bull jboss-aop-jboss5deployer mdash contains the aspect deployer
bull jboss-jcadeployer mdash contains the JCA deployers
bull jbosswebdeployer mdash contains the WAR deployers
bull jbosswsdeployer mdash contains the web service deployers
bull seamdeployer mdash contains the Seam deployer
bull clustering-deployers-jboss-beansxml
bull dependency-deployers-jboss-beansxml
bull directory-deployer-jboss-beansxml
bull ear-deployer-jboss-beansxml
bull ejb-deployer-jboss-beansxml
bull hibernate-deployer-jboss-beansxml
bull logbridge-boss-beansxml
bull jsr77-deployers-jboss-beansxml mdash contains JSR-77 (J2EE Management) support
bull metadata-deployer-jboss-beansxml mdash contains the metadata handlers
bull messaging-definitions-jboss-beansxml mdash contains data required to map JMSdestinations to managed objects
bull security-deployer-jboss-beansxml mdash contains the security deployers
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
2
Chapter 2
3
Migrating to Enterprise ApplicationPlatform 5This chapter provides information for administrators who plan to move their enterprise servers fromJBoss Enterprise Application Platform 42 or 43 to the new Enterprise Application Platform 5
The first section covers new features available in Enterprise Application Platform 5 The secondsection covers the changes to configuration administration and application deployment betweenEnterprise Application Platform 4x and Enterprise Application Platform 5
If you require further information refer to the relevant guides provided in this release
21 Whats New in Enterprise Application Platform 5This section provides an overview of the components of Enterprise Application Platform 5 and thechanges to each component between version 4x and 5
211 JBoss Application Server 5 GAJBoss Application Server 5 is the next generation of the JBoss Application Server built on top of a newkernel architecture the JBoss Microcontainer The JBoss Microcontainer is a lightweight containerfor managing the deployment configuration and lifecycle of Plain Old Java Objects (POJOs) Whileremaining compatible with the 4x-based JMX kernel the Microcontainer integrates with the JBossframework for Aspect Oriented Programming JBoss AOP JMX support remains strong in JBossAS 5 and MBean services written against the old Microkernel work as expected Further it lays thegroundwork for Java EE 6 profile-oriented configurations and embedded JBoss AS which will allow forfine grained selection of services for both unit testing and embedded scenarios
2111 ProfileService-based Deployment ConfigurationDefinitions for both non-kernel deployers and their deployment are now contained in a Profile obtainedfrom the ProfileService The ProfileService replaces JBoss AS 4x server configuration In JBossAS 4x a server configuration was a collection of services and applications loaded from the deploydirectory by the deployment scanner service Enterprise Application Platform 5 uses more activeprofiles which may depend on other sub-profiles
The main profile is the server profile which is based on the $jbossservername This profilehas three sub-profiles
bull bootstrap mdash representing confjboss-servicexml
bull deployers mdash the deployers directory
bull applications mdash a hot-deployment profile for the deploy and additional user directories
A profile generally represents a named collection of deployments on a server A profile can also applycertain behaviors to the deployments that it manages Some profiles such as the applicationprofile provide hot-deployment checks and allow remote distribution of deployed applications viathe DeploymentManager Other profiles can provide a farming service to distribute deploymentsover a cluster The ProfileService also provides the ManagementView for ManagedDeploymentsManagedObjects used by the Enterprise Application Admin Console (admin-console)
Chapter 2 Migrating to Enterprise Application Platform 5
4
212 Enterprise Java Beans (EJB) 30JBoss EJB 30 an implementation of the latest revision of the EJB specification is a deep overhauland simplification of earlier versions of the EJB specification It simplifies development facilitates atest driven approach and focuses more on writing POJOs rather than coding against complex EJBAPIs
213 Java Enterprise Edition 5 ComplianceJBoss Enterprise Application Platform 5 is a fully-certified Java EE 5 implementation It uses themicrocontainer to integrate enterprise services with a ServletJSP container EJB container deployersand management utilities providing a standard Java EE environment with the flexibility to deployadditional services on top of Java EE to give you the functionality you need For further compatibilitydetails read httpjavasuncomjavaeeoverviewcompatibilityjsp page
214 Seam 220GASeam is an application framework for Java Enterprise Edition It integrates technologies such asAsynchronous JavaScript and XML (AJAX) JavaServer Faces (JSF) Java Persistence (JPA)Enterprise JavaBeans 30 (EJB) and Business Process Management (BPM) Seam enablesdevelopers to assemble complex web applications using simple annotated Java classes a rich set ofUI components and very little XML
215 RESTEasy 11GARESTEasy provides several frameworks to help you build RESTful Web Services and RESTful Javaapplications It is a fully-certified portable implementation of the JAX-RS1 specification which definesa Java API for RESTful Web Services over the Hypertext Transfer Protocol (HTTP)
216 Enhanced Enterprise GUI InstallerThe Enterprise Installer retains the familiar Enterprise Application Platform 43 interface but includesenhancements to provide you with a complete Enterprise Application Platform 5 installation Theinstaller is localized and provides you with secure JMX Web and Admin Consoles
The new Enterprise Installer also presents users with the opportunity to install the optional Nativepackage which includes JBoss Native and mod_jk The Native package helps users who wish to useTomcat or JBoss Web with the HTTP daemon
217 Enterprise Application Platform Admin ConsoleA new Admin Console is being introduced in this Enterprise Application Platform release The admin-console enables configuration and management of a single Enterprise Application Platform serverinstance See Section 23 ldquoAdmin Consolerdquo for more information about this new managementconsole
218 JBoss Transactions includes Java Transaction ServiceJBoss Transactions now includes the Java Transaction Service and the XML Transaction ServiceThe Java Transaction Service handles distributed interoperable transactions between EnterpriseJavaBean containers The XML Transaction Service handles transactions for Web Services
1 httpjsr311devjavanet
Distribution with Red Hat Signed JARs
5
219 Distribution with Red Hat Signed JARsJAR files included with JBoss Enterprise Application Platform are digitally signed by Red Hat Thisgives you an additional level of security about the source and identity of the code executing on yoursystems
For the complete technology matrix and information on the revision level of included componentsplease refer to the Release Notes
22 Whats Different in Enterprise Application Platform 5The distribution layout and configuration information in the Enterprise Application Platform 5distribution are similar to the Enterprise Application Platform 4x series with some notable differencesThis section highlights the differences at a glance
221 Differences in the Distribution LayoutThe directory structure of jboss-as directory is summarized below
bull bin mdash contains start scripts and runjar
bull client mdash contains client JARs
Note
Previously JBoss client libraries were bundled in jbossall-clientjar Rather thanincluding them jbossall-clientjar now references them through a Classpath manifestentry This enables granular updating of libraries without requiring replacement of all librariesIt requires that you have the jbossall-clientjar which now acts as a map or index aswell as the actual clientjar libraries
bull commonlib mdash contains shared libraries common to various configurations have been movedto this new shared location This eliminates the need for multiple copies of the same library in thedistribution
The location of the common library directory is controlled with the following properties
bull jbosscommonbaseurl mdash the default value is $jbosshomeurlcommon
bull jbosscommonliburl mdash the default value is $jbosscommonbaseurllib
You can set these properties in runconf under JAVA_OPTS with the -D flag
JAVA_OPTS=[] -Djbosscommonbaseurl=$URL1 -Djbosscommonliburl=$URL2
The common library directory is shared by all configuration types except for the minimalconfiguration The common library is referenced at the beginning of every configurations confjboss-servicexml
ltclasspath codebase=$jbossserverliburl archives=gt
Chapter 2 Migrating to Enterprise Application Platform 5
6
The library directory of the individual directory remains in place although in some cases (as in$JBOSS_HOMEserverdefaultlib) it is an empty directory
bull docs mdash contains schemas document type declarations examples and licenses Most deploymentdescriptors now use XML Schema Definitions (XSDs) One exception is jboss-app which usesjboss-app_5_0dtd JBoss Web uses jboss-web_5_1xsd For Enterprise JavaBeans30 deployments jboss_5_1xsd is the recommended schema Enterprise JavaBeans 20deployments must use jboss_x_xdtd
bull lib mdash contains the core bootstrap JARs These have been changed slightly to accommodate theMicrocontainer and the division of jboss-common
bull server mdash contains directories for configuring the server
bull $PROFILE mdash contains the configuration details of a particular server profile
bull conf
bull bootstrapxml mdash a new kernel bootstrap configuration that refers to other configurationfiles containing the beans to set up each individual subsystem
bull bindingservicebeans
bull META-INF
bull bindings-jboss-beansxml mdash contains required port bindings
bull jboss-bindingservicejar
bull bootstrap
bull vfsxml mdash initializes the virtual file system
bull classloaderxml
bull aopxml
bull jmxxml mdash legacy JMX support
bull deployersxml
bull profile-repositoryxml mdash the ProfileService enabled deployment repository
bull jax-ws-catalogxml mdash an Oasis Catalog-driven SchemaDTD namespace configurationfile
bull jbossts-propertiesxml mdash contains new JBossTS properties
bull jboss-servicexml mdash contains legacy static managed beans to retain compatibility
bull jndiproperties mdash contains JNDI configuration properties
bull log4jxml mdash contains log4j configuration information
bull login-configxml mdash contains JAAS login configuration information
bull props mdash contains default JAAS login properties files
bull standardjbosscmp-jdbcxml mdash contains CMP2 configuration information
Differences in the Distribution Layout
7
bull standardjbossxml mdash contains Enterprise JavaBean 20 configuration information
bull xmdesc mdash contains legacy XML managed bean descriptors
bull deploy
bull jca-jboss-beansxml
bull hdscanner-jboss-beansxml mdash contains the hot-deployment scanner
bull legacy-invokers-servicexml
bull profileservice-jboss-beansxml
bull remoting-jboss-beansxml
bull transaction-jboss-beansxml
bull vfs-jboss-beansxml
bull deployers mdash contains new VDF deployers
bull bsh-deployer mdash contains the beanshell deployer
bull ejb3deployer mdash contains Enterprise JavaBean 30 deployers
bull jboss-aop-jboss5deployer mdash contains the aspect deployer
bull jboss-jcadeployer mdash contains the JCA deployers
bull jbosswebdeployer mdash contains the WAR deployers
bull jbosswsdeployer mdash contains the web service deployers
bull seamdeployer mdash contains the Seam deployer
bull clustering-deployers-jboss-beansxml
bull dependency-deployers-jboss-beansxml
bull directory-deployer-jboss-beansxml
bull ear-deployer-jboss-beansxml
bull ejb-deployer-jboss-beansxml
bull hibernate-deployer-jboss-beansxml
bull logbridge-boss-beansxml
bull jsr77-deployers-jboss-beansxml mdash contains JSR-77 (J2EE Management) support
bull metadata-deployer-jboss-beansxml mdash contains the metadata handlers
bull messaging-definitions-jboss-beansxml mdash contains data required to map JMSdestinations to managed objects
bull security-deployer-jboss-beansxml mdash contains the security deployers
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 2
3
Migrating to Enterprise ApplicationPlatform 5This chapter provides information for administrators who plan to move their enterprise servers fromJBoss Enterprise Application Platform 42 or 43 to the new Enterprise Application Platform 5
The first section covers new features available in Enterprise Application Platform 5 The secondsection covers the changes to configuration administration and application deployment betweenEnterprise Application Platform 4x and Enterprise Application Platform 5
If you require further information refer to the relevant guides provided in this release
21 Whats New in Enterprise Application Platform 5This section provides an overview of the components of Enterprise Application Platform 5 and thechanges to each component between version 4x and 5
211 JBoss Application Server 5 GAJBoss Application Server 5 is the next generation of the JBoss Application Server built on top of a newkernel architecture the JBoss Microcontainer The JBoss Microcontainer is a lightweight containerfor managing the deployment configuration and lifecycle of Plain Old Java Objects (POJOs) Whileremaining compatible with the 4x-based JMX kernel the Microcontainer integrates with the JBossframework for Aspect Oriented Programming JBoss AOP JMX support remains strong in JBossAS 5 and MBean services written against the old Microkernel work as expected Further it lays thegroundwork for Java EE 6 profile-oriented configurations and embedded JBoss AS which will allow forfine grained selection of services for both unit testing and embedded scenarios
2111 ProfileService-based Deployment ConfigurationDefinitions for both non-kernel deployers and their deployment are now contained in a Profile obtainedfrom the ProfileService The ProfileService replaces JBoss AS 4x server configuration In JBossAS 4x a server configuration was a collection of services and applications loaded from the deploydirectory by the deployment scanner service Enterprise Application Platform 5 uses more activeprofiles which may depend on other sub-profiles
The main profile is the server profile which is based on the $jbossservername This profilehas three sub-profiles
bull bootstrap mdash representing confjboss-servicexml
bull deployers mdash the deployers directory
bull applications mdash a hot-deployment profile for the deploy and additional user directories
A profile generally represents a named collection of deployments on a server A profile can also applycertain behaviors to the deployments that it manages Some profiles such as the applicationprofile provide hot-deployment checks and allow remote distribution of deployed applications viathe DeploymentManager Other profiles can provide a farming service to distribute deploymentsover a cluster The ProfileService also provides the ManagementView for ManagedDeploymentsManagedObjects used by the Enterprise Application Admin Console (admin-console)
Chapter 2 Migrating to Enterprise Application Platform 5
4
212 Enterprise Java Beans (EJB) 30JBoss EJB 30 an implementation of the latest revision of the EJB specification is a deep overhauland simplification of earlier versions of the EJB specification It simplifies development facilitates atest driven approach and focuses more on writing POJOs rather than coding against complex EJBAPIs
213 Java Enterprise Edition 5 ComplianceJBoss Enterprise Application Platform 5 is a fully-certified Java EE 5 implementation It uses themicrocontainer to integrate enterprise services with a ServletJSP container EJB container deployersand management utilities providing a standard Java EE environment with the flexibility to deployadditional services on top of Java EE to give you the functionality you need For further compatibilitydetails read httpjavasuncomjavaeeoverviewcompatibilityjsp page
214 Seam 220GASeam is an application framework for Java Enterprise Edition It integrates technologies such asAsynchronous JavaScript and XML (AJAX) JavaServer Faces (JSF) Java Persistence (JPA)Enterprise JavaBeans 30 (EJB) and Business Process Management (BPM) Seam enablesdevelopers to assemble complex web applications using simple annotated Java classes a rich set ofUI components and very little XML
215 RESTEasy 11GARESTEasy provides several frameworks to help you build RESTful Web Services and RESTful Javaapplications It is a fully-certified portable implementation of the JAX-RS1 specification which definesa Java API for RESTful Web Services over the Hypertext Transfer Protocol (HTTP)
216 Enhanced Enterprise GUI InstallerThe Enterprise Installer retains the familiar Enterprise Application Platform 43 interface but includesenhancements to provide you with a complete Enterprise Application Platform 5 installation Theinstaller is localized and provides you with secure JMX Web and Admin Consoles
The new Enterprise Installer also presents users with the opportunity to install the optional Nativepackage which includes JBoss Native and mod_jk The Native package helps users who wish to useTomcat or JBoss Web with the HTTP daemon
217 Enterprise Application Platform Admin ConsoleA new Admin Console is being introduced in this Enterprise Application Platform release The admin-console enables configuration and management of a single Enterprise Application Platform serverinstance See Section 23 ldquoAdmin Consolerdquo for more information about this new managementconsole
218 JBoss Transactions includes Java Transaction ServiceJBoss Transactions now includes the Java Transaction Service and the XML Transaction ServiceThe Java Transaction Service handles distributed interoperable transactions between EnterpriseJavaBean containers The XML Transaction Service handles transactions for Web Services
1 httpjsr311devjavanet
Distribution with Red Hat Signed JARs
5
219 Distribution with Red Hat Signed JARsJAR files included with JBoss Enterprise Application Platform are digitally signed by Red Hat Thisgives you an additional level of security about the source and identity of the code executing on yoursystems
For the complete technology matrix and information on the revision level of included componentsplease refer to the Release Notes
22 Whats Different in Enterprise Application Platform 5The distribution layout and configuration information in the Enterprise Application Platform 5distribution are similar to the Enterprise Application Platform 4x series with some notable differencesThis section highlights the differences at a glance
221 Differences in the Distribution LayoutThe directory structure of jboss-as directory is summarized below
bull bin mdash contains start scripts and runjar
bull client mdash contains client JARs
Note
Previously JBoss client libraries were bundled in jbossall-clientjar Rather thanincluding them jbossall-clientjar now references them through a Classpath manifestentry This enables granular updating of libraries without requiring replacement of all librariesIt requires that you have the jbossall-clientjar which now acts as a map or index aswell as the actual clientjar libraries
bull commonlib mdash contains shared libraries common to various configurations have been movedto this new shared location This eliminates the need for multiple copies of the same library in thedistribution
The location of the common library directory is controlled with the following properties
bull jbosscommonbaseurl mdash the default value is $jbosshomeurlcommon
bull jbosscommonliburl mdash the default value is $jbosscommonbaseurllib
You can set these properties in runconf under JAVA_OPTS with the -D flag
JAVA_OPTS=[] -Djbosscommonbaseurl=$URL1 -Djbosscommonliburl=$URL2
The common library directory is shared by all configuration types except for the minimalconfiguration The common library is referenced at the beginning of every configurations confjboss-servicexml
ltclasspath codebase=$jbossserverliburl archives=gt
Chapter 2 Migrating to Enterprise Application Platform 5
6
The library directory of the individual directory remains in place although in some cases (as in$JBOSS_HOMEserverdefaultlib) it is an empty directory
bull docs mdash contains schemas document type declarations examples and licenses Most deploymentdescriptors now use XML Schema Definitions (XSDs) One exception is jboss-app which usesjboss-app_5_0dtd JBoss Web uses jboss-web_5_1xsd For Enterprise JavaBeans30 deployments jboss_5_1xsd is the recommended schema Enterprise JavaBeans 20deployments must use jboss_x_xdtd
bull lib mdash contains the core bootstrap JARs These have been changed slightly to accommodate theMicrocontainer and the division of jboss-common
bull server mdash contains directories for configuring the server
bull $PROFILE mdash contains the configuration details of a particular server profile
bull conf
bull bootstrapxml mdash a new kernel bootstrap configuration that refers to other configurationfiles containing the beans to set up each individual subsystem
bull bindingservicebeans
bull META-INF
bull bindings-jboss-beansxml mdash contains required port bindings
bull jboss-bindingservicejar
bull bootstrap
bull vfsxml mdash initializes the virtual file system
bull classloaderxml
bull aopxml
bull jmxxml mdash legacy JMX support
bull deployersxml
bull profile-repositoryxml mdash the ProfileService enabled deployment repository
bull jax-ws-catalogxml mdash an Oasis Catalog-driven SchemaDTD namespace configurationfile
bull jbossts-propertiesxml mdash contains new JBossTS properties
bull jboss-servicexml mdash contains legacy static managed beans to retain compatibility
bull jndiproperties mdash contains JNDI configuration properties
bull log4jxml mdash contains log4j configuration information
bull login-configxml mdash contains JAAS login configuration information
bull props mdash contains default JAAS login properties files
bull standardjbosscmp-jdbcxml mdash contains CMP2 configuration information
Differences in the Distribution Layout
7
bull standardjbossxml mdash contains Enterprise JavaBean 20 configuration information
bull xmdesc mdash contains legacy XML managed bean descriptors
bull deploy
bull jca-jboss-beansxml
bull hdscanner-jboss-beansxml mdash contains the hot-deployment scanner
bull legacy-invokers-servicexml
bull profileservice-jboss-beansxml
bull remoting-jboss-beansxml
bull transaction-jboss-beansxml
bull vfs-jboss-beansxml
bull deployers mdash contains new VDF deployers
bull bsh-deployer mdash contains the beanshell deployer
bull ejb3deployer mdash contains Enterprise JavaBean 30 deployers
bull jboss-aop-jboss5deployer mdash contains the aspect deployer
bull jboss-jcadeployer mdash contains the JCA deployers
bull jbosswebdeployer mdash contains the WAR deployers
bull jbosswsdeployer mdash contains the web service deployers
bull seamdeployer mdash contains the Seam deployer
bull clustering-deployers-jboss-beansxml
bull dependency-deployers-jboss-beansxml
bull directory-deployer-jboss-beansxml
bull ear-deployer-jboss-beansxml
bull ejb-deployer-jboss-beansxml
bull hibernate-deployer-jboss-beansxml
bull logbridge-boss-beansxml
bull jsr77-deployers-jboss-beansxml mdash contains JSR-77 (J2EE Management) support
bull metadata-deployer-jboss-beansxml mdash contains the metadata handlers
bull messaging-definitions-jboss-beansxml mdash contains data required to map JMSdestinations to managed objects
bull security-deployer-jboss-beansxml mdash contains the security deployers
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 2 Migrating to Enterprise Application Platform 5
4
212 Enterprise Java Beans (EJB) 30JBoss EJB 30 an implementation of the latest revision of the EJB specification is a deep overhauland simplification of earlier versions of the EJB specification It simplifies development facilitates atest driven approach and focuses more on writing POJOs rather than coding against complex EJBAPIs
213 Java Enterprise Edition 5 ComplianceJBoss Enterprise Application Platform 5 is a fully-certified Java EE 5 implementation It uses themicrocontainer to integrate enterprise services with a ServletJSP container EJB container deployersand management utilities providing a standard Java EE environment with the flexibility to deployadditional services on top of Java EE to give you the functionality you need For further compatibilitydetails read httpjavasuncomjavaeeoverviewcompatibilityjsp page
214 Seam 220GASeam is an application framework for Java Enterprise Edition It integrates technologies such asAsynchronous JavaScript and XML (AJAX) JavaServer Faces (JSF) Java Persistence (JPA)Enterprise JavaBeans 30 (EJB) and Business Process Management (BPM) Seam enablesdevelopers to assemble complex web applications using simple annotated Java classes a rich set ofUI components and very little XML
215 RESTEasy 11GARESTEasy provides several frameworks to help you build RESTful Web Services and RESTful Javaapplications It is a fully-certified portable implementation of the JAX-RS1 specification which definesa Java API for RESTful Web Services over the Hypertext Transfer Protocol (HTTP)
216 Enhanced Enterprise GUI InstallerThe Enterprise Installer retains the familiar Enterprise Application Platform 43 interface but includesenhancements to provide you with a complete Enterprise Application Platform 5 installation Theinstaller is localized and provides you with secure JMX Web and Admin Consoles
The new Enterprise Installer also presents users with the opportunity to install the optional Nativepackage which includes JBoss Native and mod_jk The Native package helps users who wish to useTomcat or JBoss Web with the HTTP daemon
217 Enterprise Application Platform Admin ConsoleA new Admin Console is being introduced in this Enterprise Application Platform release The admin-console enables configuration and management of a single Enterprise Application Platform serverinstance See Section 23 ldquoAdmin Consolerdquo for more information about this new managementconsole
218 JBoss Transactions includes Java Transaction ServiceJBoss Transactions now includes the Java Transaction Service and the XML Transaction ServiceThe Java Transaction Service handles distributed interoperable transactions between EnterpriseJavaBean containers The XML Transaction Service handles transactions for Web Services
1 httpjsr311devjavanet
Distribution with Red Hat Signed JARs
5
219 Distribution with Red Hat Signed JARsJAR files included with JBoss Enterprise Application Platform are digitally signed by Red Hat Thisgives you an additional level of security about the source and identity of the code executing on yoursystems
For the complete technology matrix and information on the revision level of included componentsplease refer to the Release Notes
22 Whats Different in Enterprise Application Platform 5The distribution layout and configuration information in the Enterprise Application Platform 5distribution are similar to the Enterprise Application Platform 4x series with some notable differencesThis section highlights the differences at a glance
221 Differences in the Distribution LayoutThe directory structure of jboss-as directory is summarized below
bull bin mdash contains start scripts and runjar
bull client mdash contains client JARs
Note
Previously JBoss client libraries were bundled in jbossall-clientjar Rather thanincluding them jbossall-clientjar now references them through a Classpath manifestentry This enables granular updating of libraries without requiring replacement of all librariesIt requires that you have the jbossall-clientjar which now acts as a map or index aswell as the actual clientjar libraries
bull commonlib mdash contains shared libraries common to various configurations have been movedto this new shared location This eliminates the need for multiple copies of the same library in thedistribution
The location of the common library directory is controlled with the following properties
bull jbosscommonbaseurl mdash the default value is $jbosshomeurlcommon
bull jbosscommonliburl mdash the default value is $jbosscommonbaseurllib
You can set these properties in runconf under JAVA_OPTS with the -D flag
JAVA_OPTS=[] -Djbosscommonbaseurl=$URL1 -Djbosscommonliburl=$URL2
The common library directory is shared by all configuration types except for the minimalconfiguration The common library is referenced at the beginning of every configurations confjboss-servicexml
ltclasspath codebase=$jbossserverliburl archives=gt
Chapter 2 Migrating to Enterprise Application Platform 5
6
The library directory of the individual directory remains in place although in some cases (as in$JBOSS_HOMEserverdefaultlib) it is an empty directory
bull docs mdash contains schemas document type declarations examples and licenses Most deploymentdescriptors now use XML Schema Definitions (XSDs) One exception is jboss-app which usesjboss-app_5_0dtd JBoss Web uses jboss-web_5_1xsd For Enterprise JavaBeans30 deployments jboss_5_1xsd is the recommended schema Enterprise JavaBeans 20deployments must use jboss_x_xdtd
bull lib mdash contains the core bootstrap JARs These have been changed slightly to accommodate theMicrocontainer and the division of jboss-common
bull server mdash contains directories for configuring the server
bull $PROFILE mdash contains the configuration details of a particular server profile
bull conf
bull bootstrapxml mdash a new kernel bootstrap configuration that refers to other configurationfiles containing the beans to set up each individual subsystem
bull bindingservicebeans
bull META-INF
bull bindings-jboss-beansxml mdash contains required port bindings
bull jboss-bindingservicejar
bull bootstrap
bull vfsxml mdash initializes the virtual file system
bull classloaderxml
bull aopxml
bull jmxxml mdash legacy JMX support
bull deployersxml
bull profile-repositoryxml mdash the ProfileService enabled deployment repository
bull jax-ws-catalogxml mdash an Oasis Catalog-driven SchemaDTD namespace configurationfile
bull jbossts-propertiesxml mdash contains new JBossTS properties
bull jboss-servicexml mdash contains legacy static managed beans to retain compatibility
bull jndiproperties mdash contains JNDI configuration properties
bull log4jxml mdash contains log4j configuration information
bull login-configxml mdash contains JAAS login configuration information
bull props mdash contains default JAAS login properties files
bull standardjbosscmp-jdbcxml mdash contains CMP2 configuration information
Differences in the Distribution Layout
7
bull standardjbossxml mdash contains Enterprise JavaBean 20 configuration information
bull xmdesc mdash contains legacy XML managed bean descriptors
bull deploy
bull jca-jboss-beansxml
bull hdscanner-jboss-beansxml mdash contains the hot-deployment scanner
bull legacy-invokers-servicexml
bull profileservice-jboss-beansxml
bull remoting-jboss-beansxml
bull transaction-jboss-beansxml
bull vfs-jboss-beansxml
bull deployers mdash contains new VDF deployers
bull bsh-deployer mdash contains the beanshell deployer
bull ejb3deployer mdash contains Enterprise JavaBean 30 deployers
bull jboss-aop-jboss5deployer mdash contains the aspect deployer
bull jboss-jcadeployer mdash contains the JCA deployers
bull jbosswebdeployer mdash contains the WAR deployers
bull jbosswsdeployer mdash contains the web service deployers
bull seamdeployer mdash contains the Seam deployer
bull clustering-deployers-jboss-beansxml
bull dependency-deployers-jboss-beansxml
bull directory-deployer-jboss-beansxml
bull ear-deployer-jboss-beansxml
bull ejb-deployer-jboss-beansxml
bull hibernate-deployer-jboss-beansxml
bull logbridge-boss-beansxml
bull jsr77-deployers-jboss-beansxml mdash contains JSR-77 (J2EE Management) support
bull metadata-deployer-jboss-beansxml mdash contains the metadata handlers
bull messaging-definitions-jboss-beansxml mdash contains data required to map JMSdestinations to managed objects
bull security-deployer-jboss-beansxml mdash contains the security deployers
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Distribution with Red Hat Signed JARs
5
219 Distribution with Red Hat Signed JARsJAR files included with JBoss Enterprise Application Platform are digitally signed by Red Hat Thisgives you an additional level of security about the source and identity of the code executing on yoursystems
For the complete technology matrix and information on the revision level of included componentsplease refer to the Release Notes
22 Whats Different in Enterprise Application Platform 5The distribution layout and configuration information in the Enterprise Application Platform 5distribution are similar to the Enterprise Application Platform 4x series with some notable differencesThis section highlights the differences at a glance
221 Differences in the Distribution LayoutThe directory structure of jboss-as directory is summarized below
bull bin mdash contains start scripts and runjar
bull client mdash contains client JARs
Note
Previously JBoss client libraries were bundled in jbossall-clientjar Rather thanincluding them jbossall-clientjar now references them through a Classpath manifestentry This enables granular updating of libraries without requiring replacement of all librariesIt requires that you have the jbossall-clientjar which now acts as a map or index aswell as the actual clientjar libraries
bull commonlib mdash contains shared libraries common to various configurations have been movedto this new shared location This eliminates the need for multiple copies of the same library in thedistribution
The location of the common library directory is controlled with the following properties
bull jbosscommonbaseurl mdash the default value is $jbosshomeurlcommon
bull jbosscommonliburl mdash the default value is $jbosscommonbaseurllib
You can set these properties in runconf under JAVA_OPTS with the -D flag
JAVA_OPTS=[] -Djbosscommonbaseurl=$URL1 -Djbosscommonliburl=$URL2
The common library directory is shared by all configuration types except for the minimalconfiguration The common library is referenced at the beginning of every configurations confjboss-servicexml
ltclasspath codebase=$jbossserverliburl archives=gt
Chapter 2 Migrating to Enterprise Application Platform 5
6
The library directory of the individual directory remains in place although in some cases (as in$JBOSS_HOMEserverdefaultlib) it is an empty directory
bull docs mdash contains schemas document type declarations examples and licenses Most deploymentdescriptors now use XML Schema Definitions (XSDs) One exception is jboss-app which usesjboss-app_5_0dtd JBoss Web uses jboss-web_5_1xsd For Enterprise JavaBeans30 deployments jboss_5_1xsd is the recommended schema Enterprise JavaBeans 20deployments must use jboss_x_xdtd
bull lib mdash contains the core bootstrap JARs These have been changed slightly to accommodate theMicrocontainer and the division of jboss-common
bull server mdash contains directories for configuring the server
bull $PROFILE mdash contains the configuration details of a particular server profile
bull conf
bull bootstrapxml mdash a new kernel bootstrap configuration that refers to other configurationfiles containing the beans to set up each individual subsystem
bull bindingservicebeans
bull META-INF
bull bindings-jboss-beansxml mdash contains required port bindings
bull jboss-bindingservicejar
bull bootstrap
bull vfsxml mdash initializes the virtual file system
bull classloaderxml
bull aopxml
bull jmxxml mdash legacy JMX support
bull deployersxml
bull profile-repositoryxml mdash the ProfileService enabled deployment repository
bull jax-ws-catalogxml mdash an Oasis Catalog-driven SchemaDTD namespace configurationfile
bull jbossts-propertiesxml mdash contains new JBossTS properties
bull jboss-servicexml mdash contains legacy static managed beans to retain compatibility
bull jndiproperties mdash contains JNDI configuration properties
bull log4jxml mdash contains log4j configuration information
bull login-configxml mdash contains JAAS login configuration information
bull props mdash contains default JAAS login properties files
bull standardjbosscmp-jdbcxml mdash contains CMP2 configuration information
Differences in the Distribution Layout
7
bull standardjbossxml mdash contains Enterprise JavaBean 20 configuration information
bull xmdesc mdash contains legacy XML managed bean descriptors
bull deploy
bull jca-jboss-beansxml
bull hdscanner-jboss-beansxml mdash contains the hot-deployment scanner
bull legacy-invokers-servicexml
bull profileservice-jboss-beansxml
bull remoting-jboss-beansxml
bull transaction-jboss-beansxml
bull vfs-jboss-beansxml
bull deployers mdash contains new VDF deployers
bull bsh-deployer mdash contains the beanshell deployer
bull ejb3deployer mdash contains Enterprise JavaBean 30 deployers
bull jboss-aop-jboss5deployer mdash contains the aspect deployer
bull jboss-jcadeployer mdash contains the JCA deployers
bull jbosswebdeployer mdash contains the WAR deployers
bull jbosswsdeployer mdash contains the web service deployers
bull seamdeployer mdash contains the Seam deployer
bull clustering-deployers-jboss-beansxml
bull dependency-deployers-jboss-beansxml
bull directory-deployer-jboss-beansxml
bull ear-deployer-jboss-beansxml
bull ejb-deployer-jboss-beansxml
bull hibernate-deployer-jboss-beansxml
bull logbridge-boss-beansxml
bull jsr77-deployers-jboss-beansxml mdash contains JSR-77 (J2EE Management) support
bull metadata-deployer-jboss-beansxml mdash contains the metadata handlers
bull messaging-definitions-jboss-beansxml mdash contains data required to map JMSdestinations to managed objects
bull security-deployer-jboss-beansxml mdash contains the security deployers
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 2 Migrating to Enterprise Application Platform 5
6
The library directory of the individual directory remains in place although in some cases (as in$JBOSS_HOMEserverdefaultlib) it is an empty directory
bull docs mdash contains schemas document type declarations examples and licenses Most deploymentdescriptors now use XML Schema Definitions (XSDs) One exception is jboss-app which usesjboss-app_5_0dtd JBoss Web uses jboss-web_5_1xsd For Enterprise JavaBeans30 deployments jboss_5_1xsd is the recommended schema Enterprise JavaBeans 20deployments must use jboss_x_xdtd
bull lib mdash contains the core bootstrap JARs These have been changed slightly to accommodate theMicrocontainer and the division of jboss-common
bull server mdash contains directories for configuring the server
bull $PROFILE mdash contains the configuration details of a particular server profile
bull conf
bull bootstrapxml mdash a new kernel bootstrap configuration that refers to other configurationfiles containing the beans to set up each individual subsystem
bull bindingservicebeans
bull META-INF
bull bindings-jboss-beansxml mdash contains required port bindings
bull jboss-bindingservicejar
bull bootstrap
bull vfsxml mdash initializes the virtual file system
bull classloaderxml
bull aopxml
bull jmxxml mdash legacy JMX support
bull deployersxml
bull profile-repositoryxml mdash the ProfileService enabled deployment repository
bull jax-ws-catalogxml mdash an Oasis Catalog-driven SchemaDTD namespace configurationfile
bull jbossts-propertiesxml mdash contains new JBossTS properties
bull jboss-servicexml mdash contains legacy static managed beans to retain compatibility
bull jndiproperties mdash contains JNDI configuration properties
bull log4jxml mdash contains log4j configuration information
bull login-configxml mdash contains JAAS login configuration information
bull props mdash contains default JAAS login properties files
bull standardjbosscmp-jdbcxml mdash contains CMP2 configuration information
Differences in the Distribution Layout
7
bull standardjbossxml mdash contains Enterprise JavaBean 20 configuration information
bull xmdesc mdash contains legacy XML managed bean descriptors
bull deploy
bull jca-jboss-beansxml
bull hdscanner-jboss-beansxml mdash contains the hot-deployment scanner
bull legacy-invokers-servicexml
bull profileservice-jboss-beansxml
bull remoting-jboss-beansxml
bull transaction-jboss-beansxml
bull vfs-jboss-beansxml
bull deployers mdash contains new VDF deployers
bull bsh-deployer mdash contains the beanshell deployer
bull ejb3deployer mdash contains Enterprise JavaBean 30 deployers
bull jboss-aop-jboss5deployer mdash contains the aspect deployer
bull jboss-jcadeployer mdash contains the JCA deployers
bull jbosswebdeployer mdash contains the WAR deployers
bull jbosswsdeployer mdash contains the web service deployers
bull seamdeployer mdash contains the Seam deployer
bull clustering-deployers-jboss-beansxml
bull dependency-deployers-jboss-beansxml
bull directory-deployer-jboss-beansxml
bull ear-deployer-jboss-beansxml
bull ejb-deployer-jboss-beansxml
bull hibernate-deployer-jboss-beansxml
bull logbridge-boss-beansxml
bull jsr77-deployers-jboss-beansxml mdash contains JSR-77 (J2EE Management) support
bull metadata-deployer-jboss-beansxml mdash contains the metadata handlers
bull messaging-definitions-jboss-beansxml mdash contains data required to map JMSdestinations to managed objects
bull security-deployer-jboss-beansxml mdash contains the security deployers
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Differences in the Distribution Layout
7
bull standardjbossxml mdash contains Enterprise JavaBean 20 configuration information
bull xmdesc mdash contains legacy XML managed bean descriptors
bull deploy
bull jca-jboss-beansxml
bull hdscanner-jboss-beansxml mdash contains the hot-deployment scanner
bull legacy-invokers-servicexml
bull profileservice-jboss-beansxml
bull remoting-jboss-beansxml
bull transaction-jboss-beansxml
bull vfs-jboss-beansxml
bull deployers mdash contains new VDF deployers
bull bsh-deployer mdash contains the beanshell deployer
bull ejb3deployer mdash contains Enterprise JavaBean 30 deployers
bull jboss-aop-jboss5deployer mdash contains the aspect deployer
bull jboss-jcadeployer mdash contains the JCA deployers
bull jbosswebdeployer mdash contains the WAR deployers
bull jbosswsdeployer mdash contains the web service deployers
bull seamdeployer mdash contains the Seam deployer
bull clustering-deployers-jboss-beansxml
bull dependency-deployers-jboss-beansxml
bull directory-deployer-jboss-beansxml
bull ear-deployer-jboss-beansxml
bull ejb-deployer-jboss-beansxml
bull hibernate-deployer-jboss-beansxml
bull logbridge-boss-beansxml
bull jsr77-deployers-jboss-beansxml mdash contains JSR-77 (J2EE Management) support
bull metadata-deployer-jboss-beansxml mdash contains the metadata handlers
bull messaging-definitions-jboss-beansxml mdash contains data required to map JMSdestinations to managed objects
bull security-deployer-jboss-beansxml mdash contains the security deployers
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 2 Migrating to Enterprise Application Platform 5
8
bull xniodeployer
bull jboss-threadsdeployer
bull lib mdash contains static library JARs Some JARs that were previously located in this directoryhave been moved into the top-level commonlib directory
222 Standard and Web ConfigurationTwo additional server configurations are distributed with Enterprise Application Platform 5 standardand web
The standard configuration is certified for Java EE 5 compliance This configuration enablesboth call-by-value and deployment isolation by default Support for RMI-IIOP (Remote MethodInvocation over the Internet Inter-Orb Protocol) and Java UDDI (Universal Description Discovery andIntegration) as in the all configuration type is also enabled
The web configuration is lightweight It was created around JBoss Web and provides the servicesrequired for web application deployment and only a subset of Java EE technologies This profiledoes not include JBoss Transaction JTS or XTS Enterprise Java Bean 1x or 2x capabilities JBossMessaging JCA or JBoss IIOP
223 Differences in Application Server Configuration Files
2231 Generalbull A reminder that the RPM and ZIP distributions of the Enterprise Application Platform are shipped
with authentication enabled for the JMX Console Web Console JMX Invoker Admin ConsoleHTTP Invoker and Profile Service No user accounts are active by default to assist in preventingdefault user and password-based attacks
bull shutdownsh now accepts a JNDI URL as follows
shutdownsh -s httplocalhost8080invokerJNDIFactory -S
Where -s defines the server name to perform an operation on -S specifies the shutdown operation
bull If a user omits the -c option when starting an instance of JBoss Application Server in EnterpriseApplication Platform 4x the production configuration was started by default In JBoss EnterpriseApplication Platform 5 default configuration is used when a user omits the -c option
bull binrunconf now uses a Java heap size of 1303 MB This is consistent across allconfigurations
bull Document Type and Schema Declarations have been updated
bull The production server profile provided with Enterprise Application Platform 5 restricts the classesserved on port 8083 If Remote Method Invocation (RMI) is being used you may need to make thisport available to clients This option can be set in productionconfjboss-servicexml
lt-- Should non-EJB class files be downloadable --gt ltattribute name=DownloadServerClassesgtfalseltattributegt
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Differences in Application Server Configuration Files
9
bull The cluster-safe UUID generator can now be used from serverproductiondeployuuid-key-generatorsarMETA-INFjboss-servicexml
bull The delay period for serverproductiondeployhdscanner-jboss-beansxml to rescanfor deployment changes has been increased to 60 seconds from the previous 5 second delayperiod
lt-- Frequency in milliseconds to rescan the URLs for changes--gt ltproperty name=scanPeriodgt60000ltpropertygt
2232 J2EE Connector Architecturebull jboss-raxml can now be used to override the properties specified in -raxml
The jboss-raxml file should be in the META-INF directory of the resource adapter whoseproperties you wish to override alongside the -raxml file
Specify a corresponding ltra-config-propertygt in the jboss-raxml file for each propertyyou wish to override An example follows
Example 21 Representative excerpt from resource adapter -raxml file
ltconfig-propertygt ltconfig-property-namegtStringRARltconfig-property-namegt ltconfig-property-typegtjavalangStringltconfig-property-typegt ltconfig-property-valuegtStringFromRARPropertiesltconfig-property-valuegtltconfig-propertygt
Example 22 Representative excerpt from a corresponding jboss-raxml file
ltra-config-propertygt ltra-config-property-namegtStringRARltra-config-property-namegt ltra-config-property-typegtjavalangStringltra-config-property-typegt ltra-config-property-valuegtXMLOVERRIDEltra-config-property-valuegtltra-config-propertygt
The complete source for a working example can be viewed in the test case for this feature at httpsanonsvnjbossorgreposjbossastrunktestsuitesrcresourcesjcapropsxmloverrideMETA-INF
bull Support has been added for defining dependencies in J2EE Connector Architecture (JCA) adapters
bull serverproductiondeployjca-jboss-beansxml disables debug monitoring of JCA anddatabase connections
lt-- Whether to track unclosed connections and close them --gtltproperty name=debuggtfalseltpropertygt
This disables the application servers debug support Disabling this means that the origin of obtaineddatabase connections and connection leaks cannot be tracked Unclosed managed databaseconnections are still returned to the connection pool regardless of this attributes value
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 2 Migrating to Enterprise Application Platform 5
10
2233 Webbull For JavaServer Pages-based pages the default setting for DeleteWorkDirOnContextDestroy
is false Set this to true to enable a faster simpler page recompilation check or if you are usingJSP settings that require recompilation
bull emptySessionPath=true no longer sets the cookie path by default Instead the cookie pathis set via the ltSessionCookie path= gt in the Context element Session cookies are nowscoped to the context by default
bull emptySessionPath no longer affects whether Session IDs are recycled This is now handled bythe orgapachecatalinaconnectorRequestSESSION_ID_CHECK system property Ifset to true the Servlet container verifies that a Session ID does not yet exist in a particular contextbefore creating a session with that ID You can set this property in the jboss-asbinrunconffile using the -D switch
2234 Clusteringbull Clustering configurations have been moved to a new deploycluster directory
cluster |-- deploy-hasingleton-jboss-beansxml |-- farm-deployment-jboss-beansxml |-- ha-legacy-jboss-beansxml |-- hajndi-jboss-beansxml |-- hapartition-jboss-beansxml |-- jboss-cache-managersar | `-- META-INF | |-- jboss-cache-configsxml | `-- jboss-cache-manager-jboss-beansxml |-- jbossweb-clusteraop |-- jgroups-channelfactorysar | `-- META-INF | |-- jgroups-channelfactory-jboss-beansxml | `-- jgroups-channelfactory-stacksxml `-- timestamps-jboss-beansxml
bull A separate cache is now used for Clustered Single Sign-On (SSO)
bull UseJK snapshot mode and snapshot interval can now be configured on a per-application basisThe default value for UseJK depends upon whether the jvmRoute is set
bull The default setting for session replication is now total replication instead of buddy replication
bull loopback is now set to true for all JGroups User Datagram Protocol stacks
bull The jbossjgroupsudpmcast_port property is now used to configure the multicast port The-m option to the runsh or runbat script now sets jbossjgroupsudpmcast_port insteadof jgroupsudpmcast_port
jgroupsudpmcast_port is checked internally by JGroups and is used to override any XML-based configuration If this parameter is set two channels with non-shared transports cannot usedifferent ports The jbossjgroupsudpmcast_port property substitutes system properties inthe default UDP channel configurations
2235 TransactionsThe transaction manager configuration information has moved from confjboss-servicexml todeploytransaction-servicexml
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Admin Console
11
2236 Loggingbull The default confjboss-log4jxml configuration now includes the thread name for logserverlog entries
bull The new jbossserverlogthreshold system property can be used to control the logserverlog threshold The default value is INFO
bull serverlog is appended rather than truncated after a server is restarted
bull The following changes apply only to serverproductionconfjboss-log4jxml
bull the console logger has been commented out by default
bull the async logger is enabled by default
bull a clusterlog file has been added to store cluster output
2237 SecuritySecurity-related configuration files are now found in the deploysecurity directory
security |-- security-jboss-beansxml `-- security-policies-jboss-beansxml
2238 Enterprise JavaBeansbull Enterprise JavaBean configuration information is now located in deployersejb3deployerMETA-INFejb3-deployers-jboss-beansxml
bull Java Persistence API configuration information is now located in deployersejb3deployerMETA-INFjpa-deployers-jboss-beansxml
23 Admin ConsoleThe first release of the JBoss Enterprise Application Platform Admin Console (admin-console)provides the following administrative features
bull configuration information about the system on which the Enterprise Application Platform is running
bull configuration information about the Service Binding Manager
bull deploy undeploy and update Enterprise Applications including
bull Java EE Enterprise Applications (EARs)
bull Web Applications (WARs)
bull Resource Adapters (RARs)
bull Enterprise JavaBean 2 and 3 (JARs)
bull persistent configuration changes for the following resources
bull data sources
bull connection factories
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 2 Migrating to Enterprise Application Platform 5
12
bull JMS queues and topics (based on JBoss Messaging)
bull Control Operations
bull execute scripts to perform tasks against a running instance of the application server
bull stop start and restart applications
bull view resource statistics
bull view resource metric information
The new admin-console provided with JBoss Enterprise Application Platform retains the JMX andweb consoles admin-console supports the production all web and default configurationsout of the box It has also been tested with standard server profile but is not included in standard bydefault To use admin-console in a standard profile copy the admin-consolewar from one ofthe supported server profiles
Note
The Admin Console is not intended for use with the minimal configuration provided with thedistribution Custom configurations based on this configuration should not be used with the AdminConsole either
When the server has been started you can use the admin-console to perform administrative tasksfor your application server To use the admin-console navigate to http$hostname8080admin-console
Refer to the Administration Console User Guide for more information on the Admin Console
24 ApplicationsJBoss Enterprise Application Platform 5 is a fully-compliant implementation of the Java EnterpriseEdition 5 (Java EE 5) Platform Specification Java EE 5 defines the metadata associations of the Javalanguage which can be used to annotate application code and eliminate the need for deploymentdescriptors wherever possible Default behavior is also defined with the ability to override as neededThis is known as configuration by exception
Portable Java EE applications running on Enterprise Application Platform 4x can be deployedto Enterprise Application Platform 5 without any changes However runtime-specific deploymentinformation may be required when migrating from another vendors application server to JBossEnterprise Application Platform 5
Enterprise Application Platform 5 users can take advantage of the simplified packaging anddeployment rules defined in the Java EE 5 Platform Specification such as no longer requiring anapplicationxml file in Enterprise Archives (EARs) Additionally a default library directory (lib) inthe root directory of an EAR makes the JARs available to all components packaged within the EAR Ifan applicationxml file is included the library-directory element can be used to specify thelocation of the lib directory
Enterprise Application Platform 5 also introduces a new deployable unit the MCBeans archive afterJBoss Microcontainer which typically takes the beans or deployer suffix MCBeans archives
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Classloading
13
package a POJO deployment in a JAR file with a META-INFjboss-beansxml descriptor Thisformat is common in Enterprise Application Platform deployers
Application verification for all file types is enabled by default and can be configured in thedeployersear-deployer-jboss-beansxml file specifically
lt-- uncomment to disable xml validation ltproperty name=useValidationgtfalseltproperty --gtlt-- in case xml validation is disabled its also better to turn off schema validation ltproperty name=useSchemaValidationgtfalseltproperty --gt
Enterprise JavaBean 20 archive verification remains the same between Enterprise ApplicationPlatform 4x and Enterprise Application Platform 5 However the properties that control verificationhave been moved from deployejb-deployerxml to deployersejb-deployer-jboss-beansxml
If an enterprise archive contains only an application client and refers to EJBs you must also add theltignore-dependencygt element to the ejb-ref or ejb-local-ref definitions in the jboss-clientxml deployment descriptor This informs the deployer to deploy the archive without resolvingthe referenced dependencies
241 ClassloadingThe new ClassLoader is fully backwards compatible with one exception that does not affectcommon use ( httpwwwjbossorgcommunitydocsDOC-12840 ) All classloading configurationsfrom JBoss AS 4x will still work with the new implementation and most default settings retain thebehavior of the previous version
The new ClassLoader shares many design and implementation details with the originalUnifiedClassLoader but makes the following improvements
bull the classloader no longer depends upon JMX so it can be used in any environment as astandalone
bull it is much easier to implement your own classloader policy
bull increased control over which classloaders your classloader delegates to
bull increased control over which classes are visible to other classloaders
bull hierarchical repositories have been replaced by domains and can now extend beyond a singlelevel
Note
useJBossWebClassLoader=true is not used in JBoss Enterprise Application Platform 5All WAR classloaders in Enterprise Application Platform 5 are JBoss ClassLoader s so theWarDeployer no longer handles the configuration details for web applications
There are several methods available to change the classloading configuration of a WAR
Remove the WarClassLoaderDeployerThe WarClassLoaderDeployer automatically implements the defined classloading rulesfor WARs Each WAR is assigned a scoped classloading domain Its classes are not visible to
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 2 Migrating to Enterprise Application Platform 5
14
other applications or to any parent EAR and where possible the WARs classes are called firstTo remove this behavior and make WAR classloading behave like other deployers commentout the WarClassLoaderDeployer in deployersjbosswebdeployMETA-INFwar-deployers-jboss-beansxml
Define classloading rules explicitly for the WARAdd a WEB-INFjboss-classloadingxml with the following content to your WAR
ltxml version=10 encoding=UTF-8gtltclassloading xmlns=urnjbossclassloading10 name=mywarwar domain=DefaultDomain export-all=NON_EMPTY import-all=truegtltclassloadinggt
This lets you define how the WARs classloader is constructed In this case the WARsclassloader has been placed in the DefaultDomain which is shared with all other applicationsthat do not define their own domain import-all is enabled which means the classloader willlook at all other classes exported by other applications export-all is set to expose all classesin our application to other classes
242 EAR ScopingYou can control how class isolation between deployments behave with the isolated property indeployersear-deployer-jboss-beansxml as follows
lt-- A flag indicating if ear deployments should have their own scoped class loader to isolate theirclasses from other deployments --gt ltproperty name=isolatedgtfalseltpropertygt
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 3
15
RPM Upgrade from JBoss EnterpriseApplication Platform 43 to Version 51JBoss Enterprise Application 5 is a major release and includes major changes from JBoss EnterpriseApplication Platform 43
With the release of JBoss Enterprise Application Platform 511 onwards an RPM upgrade path fromJBoss Enterprise Application Platform 43 is no longer available
JBoss Enterprise Application Platform 43 customers that want to upgrade to JBoss EnterpriseApplication Platform 5 should back-up their production systems and proceed with installing theplatform using an installation option described in Section 63 ldquoInstallation Methodsrdquo
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
16
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 4
17
JBoss Enterprise Application PlatformPre-upgrade Test GuidelinesJBoss Enterprise Application 512 is a minor release of JBoss Enterprise Application Platform 51
An in-place upgrade from version 51x to the latest version is available for customers who haveinstalled the platform using RPM
Important
This is a platform upgrade not an assisted migration
The platform software will be updated to the latest version however you will have to updateconfiguration files and verify the compatibility of your applications
Follow Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM totest and verify the entire process before applying it to a production system
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 4 JBoss Enterprise Application Platform Pre-upgrade Test Guidelines
18
Upgrade JBoss Enterprise Application Platform 51x to the latest 51x version using RPM
Follow the overarching guidelines in this task to perform a non-production system pre-upgrade testComplete this task before upgrading your production systems as a best practice platform upgradetask
Once you are satisfied with the results collected as a result of the task guidelines refer to Chapter 8RPM Installation via Red Hat Network for upgrade commands and prerequisites for different operatingsystems
Prerequisitesbull You have backed-up your JBoss Enterprise Application Platform data and configuration and have
verified you can restore the system to a known state
1 Stop all JBoss instances
2 Upgrade the 51 install to the latest update level
3 Locate and examine all rpmnew files installed on your system by the upgrade process
find $JBOSS_HOME -name rpmnew -ls
Identify the impact of these changes on your infrastructure and your applications
Compare the old versions of the new files and make any necessary changes to the files beforeperforming this upgrade on your production systems
During an RPM upgrade RPM will install new versions of configuration files These new versionswill be saved with the extension rpmnew in order to preserve your existing configuration dataAfter the upgrade look for these files and compare them with your existing configuration filesmaking any necessary changes
4 Start all JBoss instances
5 Systematically test all applications and verify all applications work according to originalspecifications
6 Once satisfied with the results of your testing roll the upgrade out to your production systems
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 5
19
New Installation
51 Pre-RequisitesThe JBoss Enterprise Application Platform 5 binaries require around 500MB of disk space The mainrequirement of the Platform is RAM At least 4GB is necessary to comfortably run a 64-bit developerworkstation running the production server profile with JBoss Developer Studio A 32-bit JVM uses lessresources than a 64-bit JVM but does not provide large heaps A server with 2GB and swap spacecan be used for testing and development
JBoss Enterprise Application Platform requires Java JDK16
511 Hardware Operating System and JVM Requirements
Hardware RequirementsThe following table details the minimum hardware requirements for a JBoss Enterprise ApplicationPlatform installation that allows for all examples to be run correctly
Table 51 Minimum Hardware Requirements
Component Requirement
CPU Intel Pentium 1 GHz or faster for simpleapplications
Hard disk space 15 GB
System RAM 15 GB
Supported Operating SystemsJBoss Enterprise Application Platform 5 is supported on any Operating System with a certified JVMThe Native components are supported only on supported Operating Systems See the JBoss SupportPolicy for certified JVMs and Supported Operating Systems httpwwwjbosscomproductsplatformsapplicationsupportedconfigurations
512 Configuring Your Java EnvironmentEnterprise Application Platform 5 requires a Java 6 JDK or JRE Refer to Appendix C Installing aJava Development Kit on Red Hat Enterprise Linux for instructions on JDK 16 installation
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
20
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 6
21
Installation Options
61 Web Services StackThis release provides two options for the Web Services stack
JBoss Web Services NativeJBoss Web Services Native is the Java EE 5-compliant JBoss implementation of web servicesstandards It is the only web services stack for versions of JBoss Enterprise Application Platformprior to 51 and is the default web services stack in JBoss Enterprise Application Platform 5
JBoss Web Services CXFJBoss Web Services CXF provides most of the features available in Apache CXF (including WS-Security WS-Policy WS-Addressing WS-ReliableMessaging basic WS-Trust MTOM) pluscommon JBoss Web Services stack features like endpoint metrics record management andendpoint address rewrite JBoss Enterprise Application Platform 5 introduces JBoss Web ServicesCXF stack as an optional Web Services stack
Select which Web Services stack to use during installation To change the Web Services stack at alater date reinstall the Platform
62 PicketLink FederationThis release includes PicketLink Federation as a supported product
PicketLink Federation brings Identity Federation and Single Sign-on to the Platform with support forSAML 20 WS-Trust 13 and XACML 20 (via JBossXACML)
Refer to the installation sections for PicketLink installation instructions
63 Installation MethodsThere are three installation methods
ZIP downloadThe ZIP installation method is the easiest and quickest if you are familiar with JBoss technologiesor if you are looking for a light-weight method for testing or development This method requiressome post-installation configuration For ZIP installation instructions refer to Chapter 7 ZIPInstallation from the Red Hat Customer Portal
RPM installationRPM installation is suitable for production deployment on Red Hat Enterprise Linux systems RPMinstallation leverages the benefits of RPM for updating system management and integrationwith administration tools This method requires some post-installation configuration For RPMinstallation instructions refer to Chapter 8 RPM Installation via Red Hat Network
Graphical installerThe graphical installer simplifies the installation and configuration process In addition to installingthe base files the installer offers automation of optional component installation and basic out-of-the-box security configuration For graphical installer instructions refer to Chapter 9 Installationusing the Graphical Installer
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
22
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 7
23
ZIP Installation from the Red HatCustomer PortalProcedure 71 Installation via ZIP fileFollow this procedure to install JBoss Enterprise Application Platform via ZIP file
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
Choose the Application Platform ltreleasegt Binary download If you want touse WS CXF as the Web Services Stack for the Platform download the jboss-ep-ws-cxf-ltreleasegt-installerzip file
2 Unzip jboss-eap-ltreleasegtzip to extract the archive contents into the location of yourchoice
ResultThis creates the jboss-eap-ltreleasegt directory with an installation of JBoss EnterpriseApplication Platform using JBoss WS Native as the Web Services Stack and JBoss Messagingas the messaging provider
3 Optional Use JBoss WS CXF as the Web Service stackYou need Apache Ant installed and configured on your machine to perform this task
a Extract jboss-ep-ws-cxf-ltreleasegtGA-installerzip and move the jbossws-cxf-installer into the jboss-as directory of the Enterprise Platform
b At the command line go to the directory jboss-asjbossws-cxf-installer and run thecommand ant
ResultAn installer script replaces WS Native with WS CXF
4 Optional Install PicketLink Federationa To install PicketLink Federation copy the $JBOSS_HOMEpicketlinkpicketlink-
federationpicketlink-core-ltVERSIONgtjar file to $JBOSS_HOMEcommonlib
b Optionally deploy the PicketLink web applications of your choice to the server by copyingtheir directories to $JBOSS_HOMEjboss-asserverPROFILEdeploy directory To doso run the following command with the WEBAPP substituted with the application directory(idpwar pdpwar or picketlink-stswar)
cp -r $JBOSS_HOMEpicketlinkpicketlink-federation-webappsWEBAPP
5 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
6 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 7 ZIP Installation from the Red Hat Customer Portal
24
71 HornetQHornetQ is included as an alternative JMS provider to JBoss Messaging See the HornetQ User Guidefor this release for further information about HornetQ functionality
Procedure 72 Install HornetQApache Ant must be installed and configured on your machine to perform this task Refer toAppendix E Installing Apache Ant for installation instructions
You must have the correct accessredhatcom1 entitlements to download and install HornetQ
1 Download the HornetQ ZIP (jboss-eap-hornetq-release-installerzip) from theCustomer Support Portal
2 Extract the files from jboss-eap-hornetq-release-installerzip into your EnterpriseApplication Platform installation (the archive contains the entire jboss-eap-51 directorystructure therefore merge the extracted directory with your jboss-eap-version directory)
3 Change to $JBOSS_HOMEjboss-asextrashornetq
4 Verify the switchsh script is configured to be executable
5 From the command line run the HornetQ switching script
[hornetq]$ switchsh
1 httpsaccessredhatcomhome
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 8
25
RPM Installation via Red Hat Network
81 Red Hat NetworkRed Hat Network (httprhnredhatcom) is a complete systems management platform for Red HatEnterprise Linux providing update management and provisioning functionality to Red Hat EnterpriseLinux Customers Red Hat Network is the primary delivery mechanism for subscription software inRPM format
PrerequisiteTo perform the installation from Red Hat Network you must have a Red Hat Network account with avalid entitlement for JBoss Enterprise Application Platform
82 Install on Red Hat Enterprise Linux 4
Procedure 81 Install on Red Hat Enterprise Linux 4This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 4 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)1 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 4 channel names32-bit ES
jbappplatform-5-i386-es-4-rpm
rhel-i386-es-4-extras
32-bit ASjbappplatform-5-i386-as-4-rpm
rhel-i386-as-4-extras
64-bit ESjbappplatform-5-x86_64-es-4-rpm
rhel-x86_64-es-4-extras
64-bit ASjbappplatform-5-x86_64-as-4-rpm
rhel-x86_64-as-4-extras
2 Install JBoss Enterprise Application PlatformRun the following commands replacing MESSAGING_CHOICE with one of jbossas-messagingor jbossas-hornetq and replacing WS_CHOICE with one of jbossas-ws-native orjbossas-ws-cxf
up2date MESSAGING_CHOICE WS_CHOICE jbossasup2date jboss-seam2 resteasy rh-eap-docs
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 8 RPM Installation via Red Hat Network
26
3 Optional Install PicketLinkRun the following command to install PicketLink
up2date picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
83 Install on Red Hat Enterprise Linux 5
Procedure 82 Install on Red Hat Enterprise Linux 5This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 5 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)2 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 5 channel names32-bit
jbappplatform-5-i386-server-5-rpm
rhel-i386-server-supplementary-5
64-bitjbappplatform-5-x86_64-server-5-rpm
rhel-x86_64-server-supplementary-5
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-5 for 64-bt use rhel-x86_64-server-5
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Install on Red Hat Enterprise Linux 6
27
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
84 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine or upgrades a previous version of JBoss Enterprise Application Platformto the latest version
Procedure 83 Install on Red Hat Enterprise Linux 6This procedure installs the latest version of JBoss Enterprise Application Platform 5 on a Red HatEnterprise Linux 6 machine
1 Subscribe the system to the correct channel in the Red Hat NetworkFor instructions to subscribe a system to a channel refer to How do I subscribe a system to asub-channel or a child channel using Red Hat Network (RHN)3 in the Red Hat Knowledgebase
Red Hat Enterprise Linux 6 channel names32-bit
jbappplatform-5-i386-server-6-rpm
rhel-i386-server-supplementary-6
64-bitjbappplatform-5-x86_64-server-6-rpm
rhel-x86_64-server-supplementary-6
2 Install JBoss Enterprise Application PlatformAvailable options arebull CURRENT_REPO for 32-bit use rhel-i386-server-6 for 64-bt use rhel-x86_64-server-6
bull MESSAGING_CHOICE jbossas-messaging or jbossas-hornetq
bull WS_CHOICE jbossas-ws-native or jbossas-ws-cxf
Run these commands with the chosen values for CURRENT_REPO MESSAGING_CHOICE andWS_CHOICE
yum remove classpathx-jafyum install MESSAGING_CHOICE WS_CHOICE jbossasyum install jboss-seam2 resteasy rh-eap-docs
3 Optional Install PicketLinkRun the following command to install PicketLink
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 8 RPM Installation via Red Hat Network
28
yum install picketlink-federation
Optionally install any of the additional picketlink packages picketlink-federation-webapp-idppicketlink-federation-webapp-pdp picketlink-federation-webapp-sts
4 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
5 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 9
29
Installation using the GraphicalInstaller
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 9 Installation using the Graphical Installer
30
Task Install the Platform using the Graphical Installer on Red Hat Enterprise Linux or MicrosoftWindows
Complete this task to install the platform using the Graphical Installer
Prerequisitesbull JAVA_HOME is set on the installation target Refer to Appendix C Installing a Java Development
Kit on Red Hat Enterprise Linux
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install JBoss Enterprise Application Platform via the Graphical Installer choose theApplication Platform ltreleasegt Binary Installer download
2 Run the installerExecute the following command in the directory that contains the downloaded installer JAR
java -jar jboss-eap-installer-ltreleasegtjar
On a Linux system this must be executed as root Under Windows execute it from a commandprompt with elevated privileges
3 LanguageChoose the language for the installation instructions
4 License AgreementRead the License Agreement carefully You must accept the terms of the agreement to proceedwith the installation If you agree to the terms of the agreement select the I accept the terms ofthis license agreement option
5 Installation PathSelect the destination directory for JBoss Enterprise Application Platform Type a complete pathor browse for a destination directory If the directory you enter does not exist the installer createsthe target directory in the specified path If the directory exists already the installer will overwritethe contents of the directory In either case the installer prompts you to confirm the action
The default installation path in Linux is usrlocalEnterprisePlatform-[version]
The default installation path in Windows Server is CProgram FilesEnterprisePlatform-[version]
6 Web ServicesSelect the Web Services stack you wish to install The two choices are WSNative and WSCXFOnly one stack can be selected Changing the Web Services stack after installation requiresreinstalling
Refer to Chapter 6 Installation Options for a description of the alternatives
7 Select PacksThere is one optional component for this release PicketLink
To install PicketLink
a Click on eap-core
b Click the arrow to the left of eap-core to expand the options
c Click the picketlink-federation checkbox
8 JMX SecurityThe installer creates a new JAAS security domain with an active user
Optional secure consoles and invokers using this security domain
a Supply a password for the admin user in the new JAAS security domain
b Optional change the username for the JAAS security domain admin user
c Optional change the name of the JAAS security domain
d Optional secure the JMX and Web consoles and http and jmx invokers using the new JAASsecurity domain The default is to secure all consoles and invokers
ResultThe JAAS security domain is created and used to secure the Admin console and Tomcat consoleThe JAAS security domain is also used to secure any consoles and invokers specified in this step
9 Release NotesUpdated release notes are available at httpdocsredhatcom
10 Confirm SelectionsReview the installation selections then click Next to begin writing files to disk
11 Set up ShortcutsCreate desktop and start menu shortcuts on this screen If you are running the installer as theadministrator (Windows) or root user (Linux) you have the option to create desktop and startmenu shortcuts for all users otherwise you are able to create shortcuts for the currently logged inuser only
12 Optional Install Native ComponentsRefer to Chapter 10 Install Native Components for Native Component installation instructions
13 Perform post-installation configurationRefer to Chapter 11 Post Installation Configuration for post-installation configuration instructions
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 10
31
Install Native Components
The Native Components PackageThe Native Components package is an optional component for the JBoss Enterprise ApplicationPlatform that incorporates native operating system components and connectors for web serversincluding OpenSSL JBoss Native mod_jk mod_cluster NSAPI for Solaris ISAPI for WindowsHornetQ LibAIO Native for Red Hat Enterprise Linux
Installing JBoss Native results in higher server performance as native operating system codebecomes available for the server to optimize tasks
For more information on configuring the web server connectors refer to the HTTP Connectors LoadBalancing Guide
Native Components Manifestbull JBoss Native consists of the Apache Portable Runtime (APR) OpenSSL and Tomcat Native (TC-
native)
bull Apache Portable Runtime (APR) provides superior scalability performance and improvedintegration with native server technologies APR is a highly portable library that is at the heartof Apache HTTP Server 2x It enables access to advanced IO functionality (for examplesendfile epoll and OpenSSL) Operating System level functionality (for example random numbergeneration and system status) and native process handling (shared memory NT pipes and Unixsockets)
bull OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols and includes a basic cryptographic library
bull Tomcat Native (TC-Native) is a Java Native Interface (JNI) that provides much of Tomcatscore functionality in native code rather than Java This allows for an overall increase in the speedof a server
bull mod_jk connects the Tomcat JSP container to the Apache webserver providing load-balancing
bull mod_cluster is an httpd-based load balancer In contrast to mod_jk mod_cluster creates afeedback loop between the proxy server and the worker nodes enabling intelligent load distributionand routing within a load-balancing cluster
bull ISAPI is a connector for the Microsoft IIS web server
bull HornetQ LibAIO is used as a bridge between HornetQ and Linux LibAIO It is used in HornetQs highperformance journal when configured
101 Red Hat Enterprise Linux-specific notesRed Hat Enterprise Linux includes some of the Native Components in the base operating systemThese include OpenSSL and the Apache Portable Runtime (APR) The Apache Portable Runtime isprovided by the packages apr and apr-util
If the server is started without the apr and apr-util packages installed a message similar to thefollowing will appear in logs
WARN [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performancein production environments was not found on the javalibrarypath
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 10 Install Native Components
32
homeeapuserjboss-eap-51nativelib
102 Solaris-specific notesBoth the 32-bit and 64-bit versions of jboss-ep-native can be installed on the same machineThe libraries for each are separated by the directories lib and lib64 respectively and each isautomatically loaded depending on the JVM version that is used
To install both 32-bit and 64-bit versions of jboss-ep-native use unzip -qo The -o optionensures that one version of the package does not replace another during the installation
103 Native Components InstallationThe following procedure describes installing either the mod_cluster or mod_jk load-balancing modulesinto the Enterprise Application Platform
Procedure 101 Install Native Components from RPM1 Subscribe to the JBOSS EAP5 RHN channel
1 Using a web browser navigate to httpaccessredhatcom and log in with your credentials
2 View the list of all systems and find the system on which you have installed the EnterprisePlatform Click to view its subscriptions
3 Add the JBoss Application Platform or JBoss EWP channel appropriate to your version of RedHat Enterprise Linux
2 Install the jboss-eap5-native packageLog into the application servers host system as the root user
Execute the command yum install jboss-eap5-native
3 Install the mod_cluster-jbossas packageLog into the application servers host system as the root user
Execute the command yum install mod_cluster-jbossas
4 Optional Install the mod_jk-ap20 packageFollow this step if you need to use mod_jk instead of mod_cluster
Log into the application servers host system as the root user
Execute the command yum install mod_jk-ap20
Procedure 102 Install Native Components from ZIP archivesThis procedure installs the Native Components for JBoss Enterprise Application Platform
PrerequisiteInstall JBoss Enterprise Application Platform via ZIP RPM or the Graphical installer before carryingout this procedure See Section 63 ldquoInstallation Methodsrdquo for more details
1 Download softwareRefer to Appendix B The Red Hat Customer Portal for file download instructions
To install Native Components choose the Native Components download that corresponds to youroperating system and the architecture of your Java Virtual Machine
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Native Components Installation
33
2 Unzip componentsExtract the native directory from the zip file into the jboss-eap-5x directory so that thenative directory is at the same directory level as the jboss-as directory
ResultThe Native Components are installed
3 Verify installationDuring server startup the server will report the presence of the Native libraries
121229826 INFO [ServerInfo] VM arguments -Dprogramname=runsh -Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true -Djavaprotocolhandlerpkgs=orgjbosshandlersstub -DjavanetpreferIPv4Stack=true -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64 -Djavaendorseddirs=homeeapuserjboss-eap-51jboss-aslibendorsed
The option -Djavalibrarypath=homeeapuserjboss-eap-51nativelib64shows that the server is detecting and loading the Native libraries
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
34
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 11
35
Post Installation Configuration
111 Post Installation Security ConfigurationWhen installed from the zip archive authentication is required to access the majority of JBossservices including administrative services Consoles are secured by the JAAS security domain jmx-console At installation this security domain has no user accounts This is to eliminate the possibilityof default usernamepassword based attacks Refer to Procedure 111 ldquoCreate jmx-console admin-console and http invoker user accountrdquo to create a user account to access the consoles
To disable authentication (useful for development but not recommended for production) refer toAppendix A Disabling Authentication
When installed via the graphical installer a JAAS security domain and a user account is createdas part of the install process Even if you change the name of the JAAS security domain duringinstallation the users are stored in the same place Follow the instructions in Procedure 111 ldquoCreatejmx-console admin-console and http invoker user accountrdquo to edit your user account or create a newone
1111 Security Configuration JMX Console Admin ConsoleHttpInvoker
Procedure 111 Create jmx-console admin-console and http invoker user accountThis procedure creates user with access permissions to the admin and jmx consoles and the httpinvoker
1 Create a user in the default JAAS security domaina Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
usersproperties
b Create a username = password pair
Default admin user configuration
The commented admin=admin username and password pair is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file $JBOSS_HOMEserver$PROFILEconfpropsjmx-console-
rolesproperties
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the JMX Console and Admin Console
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 11 Post Installation Configuration
36
HttpInvokerGrant the user permission to access the httpinvoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1112 Securing the HTTPInvokerThe HTTP Invoker is a service that provides HTTP and Remote Method Invocation (RMI) access forEJBs and the JNDI Naming service Secure this service to prevent unauthorized access
Procedure 112 Secure the HTTP Invoker1 Edit the ltJBOSS_HOMEgtserverltPROFILEgtconfbindingservicebeansMETA-INF
bindings-jboss-beansxml file
2 Add the hostName and fixedHostName properties to the deploylegacy-invokers-servicexmlsection
lt-- deploylegacy-invokers-servicexml --gt
lt-- RMIJRMP invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=jrmpltpropertygt ltproperty name=portgt4444ltpropertygt ltproperty name=descriptiongtSocket for the legacy RMIJRMP invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
lt-- Pooled invoker --gtltbean class=orgjbossservicesbindingServiceBindingMetadatagt ltproperty name=serviceNamegtjbossservice=invokertype=pooledltpropertygt ltproperty name=portgt4445ltpropertygt ltproperty name=descriptiongtSocket for the legacy Pooled invokerltpropertygt ltproperty name=hostNamegtlocalhostltpropertygt ltproperty name=fixedHostNamegttrueltpropertygtltbeangt
1113 Security Configuration Web Console
Procedure 113 Create web console user accountThis procedure creates a user with access permissions to the web console
1 Create a user in the web-console JAAS security domaina Edit the file web-console-usersproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create a username = password pair
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Security Configuration JBoss Messaging
37
Default admin user configuration
The commented admin=admin username and password is an example of theusernamepassword definition syntax Do not use this for your user account
2 Grant permissions to usera Edit the file web-console-rolesproperties in jboss-asserver$PROFILE
deploymanagementconsole-mgrsarweb-consolewarWEB-INFclasses
b Create an entry for the user of the form
username=JBossAdminHttpInvoker
JBossAdminGrant the user permission to access the Web-Console
HttpInvokerGrant the user permission to access the HTTP Invoker
Important
The authentication system applied to the JMX Console Admin Console and Web Console doesnot block brute-force password attacks It is recommended that in production environmentsJBoss servers are protected by firewalls or reverse proxies that include measures to mitigatebrute force attacks
1114 Security Configuration JBoss MessagingJBoss Messaging makes internal connections between nodes in order to redistribute messagesbetween clustered destinations These connections are made with the user name of a specialreserved user whose password is specified in the property suckerPassword in the messaging andserver configuration files
The suckerPassword used by JBoss Messaging in a clustered environment is contained in thejboss-asserver$PROFILEdeploymessagingmessaging-jboss-beansxml fileand the messaging-servicexml file These files contain directives that specify the encryptedsuckerPassword
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 11 Post Installation Configuration
38
Task Chamge the Password in messaging-jboss-beansxml
Complete this task to change the distribution placeholder password in messaging-jboss-beansxml
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
Procedure 114 Set suckerPassword for JBoss Messaging1 Navigate to the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging directory
2 Open the messaging-jboss-beansxml file in your preferred text editor
3 Change the suckerPassword placeholder value from CHANGE ME to a plain textpassword
ltproperty name=suckerPasswordgtCHANGE MEltpropertygt
Make note of the new password it will be used in the next task
4 Save the file
Task Create the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtiltool
Prerequisitesbull Platform installed according to the chosen installation method in Section 63 ldquoInstallation Methodsrdquo
1 In a terminal change to ltJBOSS_HOMEgtserverltPROFILEgtdeploymessaging
2 Run the following command
pathtojavaexecutable -cp JBOSS_HOMEclientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil PLAIN_TEXT_PASSWORD
3 PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beansxml in theprevious task
As an example
Example 111 Test Encrypted PasswordRunning the following command (from the JBOSS_HOMEjboss-asserver$PROFILEdeploymessaging directory)
usrbinjava -cp clientjboss-messaging-clientjar orgjbossmessagingutilSecurityUtil test
produced the following encrypted password
key len 14 length max 2147483647Encoded password 5e2c1ae5a618317
4 Make note of the encrypted password output it will be used in the next task
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Default Database
39
Task Specify an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files
Prerequisitesbull Task Create the encrypted JBoss Messaging suckerPassword
bull You have a terminal open at the ltJBOSS_HOMEgtserverltPROFILEgtdeploymessagingdirectory
1 In a text editor open the messaging-servicexml file
2 Paste the encrypted password from the previous procedure into the SuckerPassword attribute
ltattribute name=SuckerPasswordgtENCRYPTED_PASSWORDltattributegt
3 Save the messaging-servicexml file
112 Default Database
Do not use the Hypersonic database in production
By default persistence is configured to use Hypersonic (HSQLDB) This allows the JBossEnterprise Application Platform to function immediately after installation as a developmentplatform However Hypersonic is not supported in production and should not be used in aproduction environment
The Hypersonic database while useful as a light-weight database for development is not suitable forproduction use Some of its limitations include
bull no transaction isolation
bull thread and socket leaks ( connectionclose() does not tidy up resources)
bull low persistence quality (logs commonly become corrupted after a failure preventing automaticrecovery)
bull database corruption
bull instability under load (database processes cease when dealing with too much data)
bull not viable in clustered environments
Refer to the Getting Started Guide for database configuration instructions
113 Memory Settings for the Enterprise ApplicationPlatformThe optimal memory settings for an application server are highly dependent on the exact applicationsused the number of users the virtual or physical host upon which the installation resides and otherservices running on that host
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 11 Post Installation Configuration
40
The Enterprise Application Platform ships with default values for initial and maximum heap allocationsby the JVM These values are
bull -Xms1303m Initial heap size set in megabytes
bull -Xmx1303m Maximum heap size set in megabytes
Guidelines for memory settings for the Enterprise Application Platform
bull Allocate the same values for initial and maximum heap sizes
bull Use values smaller than the hosts allocatable memory
bull Be aware of other services and applications running on the host and allow for their usage ofmemory
Fine tuning the memory settings beyond these guidelines requires production-like load testing andanalysis of memory usage logs and is highly variable between installations and applications used withthe Enterprise Application Platform
Procedure 115 Changing Memory Settings for the Enterprise Application Platform on Linux1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconf
3 The memory options are set on this line
JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maximum heap sizes for the JVM
JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
Procedure 116 Changing Memory Settings for the Enterprise Application Platform on Windows1 Navigate to JBOSS_DISTjboss-asbin
2 Using a text editor open runconfbat
3 The memory options are set on this line
set JAVA_OPTS=-Xms1303m -Xmx1303m -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
Edit the line to include the new initial and maxium heap sizes for the JVM
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Run the Enterprise Application Platform as a Service
41
set JAVA_OPTS=-XmsINITIAL_HEAP_SIZEm -XmxMAX_HEAP_SIZEm -XXMaxPermSize=256m -Dorgjbossresolverwarning=true -DsunrmidgcclientgcInterval=3600000 -DsunrmidgcservergcInterval=3600000 -DsunlangClassLoaderallowArraySyntax=true
4 The new settings will take effect when the Enterprise Application Platform is shut down andrestarted
114 Run the Enterprise Application Platform as a Service
1141 Run the Enterprise Application Platform as a Service onMicrosoft Windows
Procedure 117 Run as a Service on Microsoft Windows1 Open a command prompt with elevated privileges
Navigate to CWindowsSystem32 and right-click on cmdexe Select Run as Administrator
2 Change to the Enterprise Application Platform directory where the service installationscript is locatedcd JBOSS_DISTnativesbin
3 Optional Edit servicebat to pass parameters to the Application Server at start-upUnder cmdStart alter the following line
call SVCPATHrunbat lt rlock gtgt runlog 2gtamp1
To run the default profile binding to the localhost address change to the following callSVCPATHrunbat -c default -b localhost lt rlock gtgt runlog 2gtamp1
For a full list of parameters for runbat see the Using runsh section of the Getting StartedGuide The commands for runsh and runbat are identical
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
4 Run the service installation scriptservicebat install
5 Check that the service is installedUnder the Windows services list you will find this listed by the short name JBEAP5SVC and thelong name JBoss EAP 5
Procedure 118 Removing the Service1 Stop the service
Stop the service via Service Manager
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 11 Post Installation Configuration
42
2 Delete the serviceIssue the following command from a command prompt with elevated privileges sc deleteJBEAP5SVC
1142 Run the Enterprise Application Platform as a Service on RedHat Enterprise LinuxIf the Enterprise Application Platform is installed using either the RPM Installation via the Red HatNetwork or Installation using the Graphical Installer methods it is installed as a service This is doneby installing a new startup script etcinitdjbossas which is run automatically when Red HatEnterprise Linux starts
The profile used by the service is configured in etcsysconfigjbossas If you want a profileother than default used change the JBOSSCONF= line specifying the required profile The servicemust be restarted for this change to take effect
Note
If this line starts with the character remove it because it marks the line as a comment and thechange wont work if its in place
Note
For a full list of profiles and the services they include refer to the Standard Server Profiles section of the Administration and Configuration Guide
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 12
43
Test your InstallationProcedure 121 Test the Platform installationThis procedure performs a basic check of the Platform installation
1 Start the ServerThere are several options to start the server
a Option 1 - ShortcutStart the server using a desktop or start menu shortcut created by the Graphical Installer
b Option 2 - runsh runbatStart the server using the runsh (Linux) or runbat (Windows) script
Note
For a full list of parameters for runbat see the Using runsh section of the GettingStarted Guide The commands for runsh and runbat are identical
Execute the following command in a terminal in the jboss-asbin directory
Linux
runsh
Windows
runbat
ResultThe server starts using the default profile
2 Test the Server homepageOpen http1270018080 in a web browser on the server machine
ResultThe JBoss Enterprise Application Platform server homepage is displayed
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
44
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 13
45
Remove JBoss Enterprise ApplicationPlatformRefer to the tasks in this chapter to correctly remove the platform based on the installation method youoriginally chose
Remove Platform Using Removal Utility
Complete this task to remove JBoss Enterprise Application Platform from the system This procedureis compatible with all operating systems
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 9
Installation using the Graphical Installer method
1 Navigate to the JBoss Platform menu item in your system
2 Select the Uninstall Platform menu item
The IzPack - Uninstaller window opens
3 Check the Force Deletion option in the window to remove all files and folders associated with theplatform The directory structure indicated in the window is the target for removal
4Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 3 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Click Uninstall
5 The Platform uninstalls and a file removal status is displayed in the windows status bar
6 Once the removal process completes the status bar displays [Finished]
7 Click Quit
8 You have completely removed the platform and all related configuration files and folders fromthe original installation location The JBoss Platform menu item is no longer present in theApplications menu
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Chapter 13 Remove JBoss Enterprise Application Platform
46
Remove Platform By Deleting Root Installation Directory
Complete this task to remove the root installation directory which removes the platform from yoursystem To verify the root installation directory ensure the directory contains jboss-as (for JBossEnterprise Application Platform) or jboss-as-web (for JBoss Enterprise Web Platform)
Prerequisitesbull A JBoss Enterprise Application Platform instance originally installed using the Chapter 7 ZIP
Installation from the Red Hat Customer Portal method
1 Open a terminal
2 Navigate to the location where you installed the platform
3Warning
This step completely removes the platform and all related configuration files stored in thelocation indicated in Step 2 Ensure you have made copies of configuration files you maywant to reuse if you decide to reinstall the platform later
Execute the following command substituting [root_folder_name] with the full path and nameof the platforms root installation folder
If you installed the platform to a protected directory on your system ensure you run this commandwith the correct access privileges
[home]$ rm -r [root_folder_name]
4 You have completely removed the platform and all related configuration files and folders from theoriginal installation location
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
47
Appendix A Disabling AuthenticationThis appendix enables a user to disable authentication for specific services
All specified paths in the sections below are relative to the jboss-as directory
Disabling Authentication for JMX ConsoleTo disable authentication for the JMX console edit the following file and comment out the security-constraint section
server$PROFILEdeployjmx-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for Web ConsoleTo disable authentication for the Web console edit the following file to comment out the ltsecurity-constraintgt section
server$PROFILEdeploymanagementconsole-mgrsarweb-consolewarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHtmlAdaptorltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtJBossAdminltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for HTTP InvokerTo disable authentication for the http invoker JNDIFactory EJBInvokerServlet andJMXInvokerServlet need to be removed from the security realm in the file
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Appendix A Disabling Authentication
48
server$PROFILEdeployhttpha-invokersarinvokerwarWEB-INFwebxml
For example the security-constraint element should look as follows
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtHttpInvokersltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets ltdescriptiongt lturl-patterngtrestrictedlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtHttpInvokerltrole-namegt ltauth-constraintgtltsecurity-constraintgt
Disabling Authentication for JMX InvokerTo disable authentication for the JMX invoker edit the following file to comment out the securityinterceptor passthrough
server$PROFILEdeployjmx-invoker-servicexml
Locate the mbean section with the classorgjbossjmxconnectorinvokerInvokerAdaptorService In that section comment outthe line that relates to authenticated users
Comment out the ltinterceptorgt block that specifies the AuthenticationInterceptor module
ltdescriptorsgt ltinterceptorsgt lt--Uncomment to require authenticated users--gt ltinterceptor code=orgjbossjmxconnectorinvokerAuthenticationInterceptor securityDomain=javajaasjmx-consolegt lt--Interceptor that deals with non-serializable results--gt ltinterceptor code=orgjbossjmxconnectorinvokerSerializableInterceptor policyClass=StripModelMBeanInfoPolicygt ltinterceptorsgtltdescriptorsgt
Disabling Authentication for the ProfileServiceTo disable authentication for the ProfileService edit the following file and comment out thecontents of the serverProxyInterceptors list
deployprofileservice-jboss-beansxml
Comment out the following ltbeangt block
ltbean class=orgjbossaspectssecurityAuthenticationInterceptorgt
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
49
ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangtltbean class=orgjbossaspectssecurityRoleBasedAuthorizationInterceptorgt ltconstructorgt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltparametergt ltvalue-factory bean=JNDIBasedSecurityManagement method=getAuthenticationManager parameter=jmx-consolegt ltparametergt ltconstructorgtltbeangt
Disabling Authentication for JBossWSTo disable authentication for JBossWS edit the following file and comment out the ltsecurity-constraintgt
deployjbosswssarjbossws-managementwarWEB-INFwebxml
Comment out the following ltsecurity-constraintgt block
ltsecurity-constraintgt ltweb-resource-collectiongt ltweb-resource-namegtContextServletltweb-resource-namegt ltdescriptiongtAn example security config that only allows users with the role friend to access the JBossWS console web application ltdescriptiongt lturl-patterngtlturl-patterngt ltweb-resource-collectiongt ltauth-constraintgt ltrole-namegtfriendltrole-namegt ltauth-constraintgtltsecurity-constraintgt
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
50
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
51
Appendix B The Red Hat CustomerPortalThe Red Hat Customer Portal at httpaccessredhatcom provides access to the value of the Red HatSubscription including knowledge base articles support case management and file downloads
Prerequisites
To download JBoss Enterprise Application Platform you need a login to the Red Hat CustomerPortal ( httpaccessredhatcom ) with a valid JBoss Enterprise Application Platform subscription
Procedure B1 Downloading FilesThis procedure downloads files needed to install JBoss Enterprise Application Platform
1 Open httpaccessredhatcom in a web browser
2 Click the Downloads option in the menu across the top of the page
3 Click on Download your software in the list under JBoss Enterprise Middleware
4 Enter your login information
ResultYou are taken to the Software Downloads page
5 Select Application Platform from either the drop-down box or the menu on the left
ResultYou are presented with a list of file downloads
bull See Chapter 9 Installation using the Graphical Installer for Graphical Installer instructions
bull See Chapter 7 ZIP Installation from the Red Hat Customer Portal for ZIP installation instructions
bull See Chapter 10 Install Native Components for Native Component installation instructions
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
52
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
53
Appendix C Installing a JavaDevelopment Kit on Red Hat EnterpriseLinuxRed Hat supports the JBoss Enterprise Application Platform when it is run on Red Hat EnterpriseLinux version 4 or 5 in conjunction with the Sun Microsystems Java Development Kit (JDK) version16 The JBoss Enterprise Application Platform is also supported on Red Hat Enterprise Linux 5 whenit is run using OpenJDK 16 These JDKs can be installed by using the Red Hat Network (RHN)
Note
If you have difficulties subscribing to the correct software channels in Red Hat Network youshould refer to the Red Hat Network Help Desk at httpsrhnredhatcomrhnhelp or contact RedHat Support via httpaccessredhatcom directly for assistance
C1 OpenJDK on Red Hat Enterprise Linux 5Use this procedure to install OpenJDK on Red Hat Enterprise Linux 5
Important
The following commands must be run as root
Procedure C1 Installing OpenJDK on Red Hat Enterprise Linux 51 Subscribe to the base channel
The OpenJDK is available in Red Hat Enterprise Linuxs base channel
2 Install the packageTo install OpenJDK issue the following command
yum install java-160-openjdk-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the correct JDK is set as the system default run the alternatives command asdescribed in Section C4 ldquo Setting the default JDK with the usrsbinalternatives Utility rdquo
C2 Sun Java Development Kit on Red Hat EnterpriseLinux 5Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux 5
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Appendix C Installing a Java Development Kit on Red Hat Enterprise Linux
54
Important
The following commands must be run as root
Procedure C2 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux 51 Subscribe to Supplementary Server channel
The Sun Microsystems Java Development Kit is available in the Supplementary Serverchannel
2 Install the packageTo install the Sun Microsystems Java Development Kit package input this command
yum install java-160-sun-devel
3 Set OpenJDK as the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
C3 Sun JDK on Red Hat Enterprise Linux ASES 4Use this procedure to install the Sun Microsystems Java Development Kit on Red Hat EnterpriseLinux AS or ES 4
Important
The following commands must be run as root
Procedure C3 Installing the Sun Microsystems JDK on Red Hat Enterprise Linux ASES 41 Subscribe to the Extras channel
The Sun Microsystems Java Development Kit is available in the Red Hat Extras channelEnsure that the machine is subscribed to this channel in order to install this package
2 Install using the up2date commandRun this command to install the package
up2date java-160-sun-devel
3 Set OpenJDK to the systems default Java Development KitTo ensure that the intended JDK is set as the system default run the alternatives commandas described in Section C4 ldquo Setting the default JDK with the usrsbinalternativesUtility rdquo
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Setting the default JDK with the usrsbinalternatives Utility
55
C4 Setting the default JDK with the usrsbinalternatives Utilityusrsbinalternatives is a tool for managing different software packages that provide thesame functionality Red Hat Enterprise Linux uses usrsbinalternatives to ensure that onlyone Java Development Kit is set as the system default at one time
Important
Installing a Java Development Kit from the Red Hat Network will normally result in anautomatically configured system However if multiple JDKs are installed it is possible that usrsbinalternatives may contain conflicting configurations Refer to Procedure C4ldquo Using usrsbinalternatives to Set the Default JDK rdquo for syntax of the usrsbinalternatives command
Procedure C4 Using usrsbinalternatives to Set the Default JDK1 Become the root user
usrsbinalternatives needs to be run with root privileges Use the su command or othermechanism to gain these privileges
2 Set javaInput this command usrsbinalternatives --config java
Next follow the on-screen directions to ensure that the correct version of java is selectedTable C1 ldquojava alternative commandsrdquo shows the relevant command settings for each of thedifferent JDKs
Table C1 java alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjre-160-openjdkbinjava
Sun Microsystems JDK 16 usrlibjvmjre-160-sunbinjava
3 Set javacEnter this command usrsbinalternatives --config javac
Follow the on-screen directions to ensure that the correct version of javac is selected Table C2ldquojavac alternative commandsrdquo shows the appropriate command settings for the different JDKs
Table C2 javac alternative commands
JDK alternative command
OpenJDK 16 usrlibjvmjava-160-openjdkbinjavac
Sun Microsystems JDK 16 usrlibjvmjava-160-sunbinjavac
4 Extra Step Set java_sdk_160The Sun Microsystems JDK 16 requires an additional command be run
usrsbinalternatives --config java_sdk_160
Follow the on-screen directions to ensure that the correct java_sdk is selected It is usrlibjvmjava-160-sun
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
56
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
57
Appendix D Installing the Sun JDK onMicrosoft WindowsProcedure D1 Installing and Configuring the 32-bit Sun JDK on Microsoft Windows1 Download the Software
Download the Sun Java 2 Development Kit from httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
2 Create an environmental variable called JAVA_HOME that points to directory in which the JDK willbe installed such as CProgram FilesJavajdk160_16 To do this click on the StartMenu open the Control Panel (if necessary switch to Classic View) open the System ControlPanel applet select the Advanced Tab and click on the Environment Variables button
3 Add the JDKs bin directory to the path PATH
To do this open the Control Panel from the Start Menu (if necessary switch to Classic View)then edit the PATH environment variable found in System -gt Advanced -gt EnvironmentVariables -gt System Variables Append a semicolon and JAVA_HOMEbin to the end of thePATH value
4 So that Java can be run from the command line add the jrebin directory to the path so that itlooks similar to CProgram FilesJavajdk150_11jrebin
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
58
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
59
Appendix E Installing Apache AntThe Java build tool Apache Ant is not required for the installation or normal operation of the JBossEnterprise Application Platform However it is occasionally needed for some configuration tasks andalso for building and deploying some applications
Note
If running a development workstation Apache Ant may already be installed
Note
To learn more about Apache Ant visit the projects website at httpantapacheorg
Procedure E1 Installing Apache Ant on Red Hat Enterprise Linuxbull Download and install Apache Ant on Red Hat Enterprise Linux Repository by issuing this
command
[localhost]$ sudo yum install ant
Procedure E2 Installing Apache Ant on Other Operating Systems1 Download and Extract
Download the Apache Ant binary release from httpantapacheorgbindownloadcgi
Once it is downloaded extract it in a preferred installation location such as cProgram FilesApacheAnt or optapache-ant-18
2 Add the ANT_HOME Environmental VariableNext create an environmental variable called ANT_HOME This variable has to contain the pathcreated in the previous step
bull Do this on Red Hat Enterprise Linux by adding the following line to the ~bash_profile filesubstituting the path with that created above
export ANT_HOME=optapache-ant-171
bull On Microsoft Windows do this by click on the Start Menu and opening the Control Panel thenselecting System -gt Advanced -gt Environment Variables Create a new variable calling itANT_HOME and configure it to point to the ant directory
3 Include bin in the PATHNext append the ant installations bin directory the PATH environmental variable
bull On UnixLinux systems one does this simply by adding the following line to the~bash_profile file after the one which sets the ANT_HOME variable
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
Appendix E Installing Apache Ant
60
export PATH=$PATH$ANT_HOMEbin
bull On Microsoft Windows do this task by opening the Control Panel then selecting System -gtAdvanced -gt Environment Variables-gtSystem Variables -gt Path Create a new variablecalling it ANT_HOME Next add a semicolon and ANT_HOMEbin to the end of the pathvalue
To test the Apache Ant installation run ant -version from within a command line shell The outputshould look similar to this
[localhost]$ ant -versionApache Ant version 18 compiled on June 27 2008
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
61
Appendix F Revision HistoryRevision512-101
Fri Feb 10 2012 Scott Mumford
Asynchronous fix for JBPAPP-8071
Revision512-100
Thu Dec 8 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 512 GA For information aboutdocumentation changes to this guide refer to Release Notes 512
Revision511-100
Mon Jul 18 2011 Jared Morganjmorgan [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 511 GA For information aboutdocumentation changes to this guide refer to Release Notes 511
Revision510-100
Wed Sep 15 2010 Laura Baileylbailey [at] redhat [dot] com JoshuaWulf jwulf [at] redhat [dot] com
Incorporated changes for JBoss Enterprise Application Platform 510 GA For information aboutdocumentation changes to this guide refer to Release Notes 510
62
62