Install
* Drop jboss-brms.war into the deploy directory.
* Restart JBoss
* Point browser to http://localhost:8080/drools-guvnor.
Switch to Oracle DB
* Copy Oracle jdbc driver jar (jodbc14.jar) into the lib directory.
* Create an Oracle user schema (brms) to host repository, workspace, and versioning data. Alternatively use different schema to host. Grant following privileges to the user.
GRANT create session, create table, create sequence, create view, create trigger
To brms_rep;
* Modify repository.xml in the workspace directory.
<Repository>
<FileSystem class="org.apache.jackrabbit.core.fs.db.OracleFileSystem">
<param name="url" value="jdbc:oracle:thin:@db.my.com:1521:brms"/>
<param name="user" value="brms"/>
<param name="password" value="brms"/>
<param name="schemaObjectPrefix" value="rep_"/>
</FileSystem>
<Repository>
<Workspace>
<FileSystem class="org.apache.jackrabbit.core.fs.db.OracleFileSystem">
<param name="url" value="jdbc:oracle:thin:@db.my.com:1521:brms"/>
<param name="user" value="brms"/>
<param name="password" value="brms"/>
<param name="schemaObjectPrefix" value="${wsp.name}_fs_"/>
</FileSystem>
<PersistenceManager class=
"org.apache.jackrabbit.core.persistence.bundle.OraclePersistenceManager">
<param name="driver" value="oracle.jdbc.OracleDriver"/>
<param name="url" value="jdbc:oracle:thin:@db.my.com:1521:brms" />
<param name="schema" value="oracle"/>
<param name="user" value="brms" />
<param name="password" value="brms" />
<param name="schemaObjectPrefix" value="${wsp.name}_" />
</PersistenceManager>
</Workspace>
<Versioning>
<FileSystem class="org.apache.jackrabbit.core.fs.db.OracleFileSystem">
<param name="url" value="jdbc:oracle:thin:@db.my.com:1521:brms"/>
<param name="user" value="brms"/>
<param name="password" value="brms"/>
<param name="schemaObjectPrefix" value="version_fs_"/>
</FileSystem>
<PersistenceManager class=
"org.apache.jackrabbit.core.persistence.bundle.OraclePersistenceManager">
<param name="driver" value="oracle.jdbc.OracleDriver"/>
<param name="url" value="jdbc:oracle:thin:@db.my.com:1521:brms" />
<param name="schema" value="oracle"/>
<param name="user" value="brms" />
<param name="password" value="brms" />
<param name="schemaObjectPrefix" value="version_" />
</PersistenceManager>
</Versioning>
* Clean workspace by removing all files and directories in the workspace directory *except* the repository.xml file.
* Restart JBoss.
Samples
Hello World
* Create a new package "HelloWorldPackage". Knowledge Base/Create New/New Package.
* Create a new category "HelloWorldCategory". Administration/Category/New category.
* Create a new rule "HelloWorldRule". Knowledge Base/Create New/New Rule.
Initial category: HelloWorldCategory
Type of Rule: Business Rule
Package: HelloWorldPackage.
* Edit HelloWorldRule. "Green + Sign"/Free form drl/Enter text. Click "Save changes" to save the rule when done.
WHEN
eval(true)
THEN
System.out.println("Hello world");
* Test the rule by creating a new test scenario. Knowledge Base/Create New/New Test Scenario. Click "Run scenario" button to fire off HelloWorldRule. One should see "Hello world" text on the JBoss log file or console screen.
Build Fact Model
* Create a new Java project.
* Create a new Java package: org.sample.
* Create a new Java class: org.sample.Sales.
* Add new java properties (getters/setters) to class.
* Export org.sample package as jar file.
* Import jar file into Guvnor.
- Create new package: org.sample
- Create new category: SalesCategory
- Upload POJO Model jar: Knowledge Base/Create New/Upload POJO Model jar. Name: SalesModel. Browse to jar file and click upload button. Click Save changes button.
* Create a new rule. Knowledge Base/Create New/New Rule.
rule "SalesDiscountRule"
dialect "mvel"
when
Sales( sales >= "100" )
then
Sales fact0 = new Sales();
fact0.setName( "Discount" );
fact0.setSales( -10 );
insert(fact0 );
end
* Create a new Test Scenario.
Filed under: jboss | |Comments off
UsersRolesLoginModule
Create users.properties file
* cd /server/myserver/conf/props
* vi my-users.properties
user1=user1pass
user2=user2pass
* chmod g-r my-users.properties
Create roles.properties file
* cd /server/myserver/conf/props
* vi my-roles.properties
user1=admin
user2=payroll
* chmod g-r my-users.properties
Setup login-config.xml
* cd /server/myserver/conf
* Add to login-config.xml
<application-policy name="my">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">
props/my-users.properties
</module-option>
<module-option name="rolesProperties">
props/my-roles.properties
</module-option>
</login-module>
</authentication>
</application-policy>
LdapExtLoginModule
Setup login-config.xml
* cd /server/myserver/conf
* Add to login-config.xml
<application-policy name="my">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://ad.my.com:389</module-option>
<module-option name="bindDN">user1</module-option>
<module-option name="bindCredential">password</module-option>
<module-option name="baseCtxDN">CN=Users,DC=my,DC=com</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">CN=Users,DC=my,DC=com</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
</login-module>
</authentication>
</application-policy>
LdapExtLoginModule with Secure LDAP
Create trust store
keytool -import -v -keystore mytruststore -alias ad-root -storepass changeit -file ad-root.cer
keytool -import -v -keystore mytruststore -alias ad-box -storepass changeit -file ad-box.cer
Setup JBoss to use trust store
Use properties-service.xml
* cd /server/myserver/deploy
* edit properties-service.xml
<mbean code="org.jboss.varia.property.SystemPropertiesService"
name="jboss:type=Service,name=SystemProperties">
<attribute name="Properties">
javax.net.ssl.trustStore=/absolute/path/to/mytruststore
javax.net.ssl.trustStorePassword=changeit
</attribute>
</mbean>
Use run.conf
* cd /bin
* Add to run.conf
# Set trust store file location
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/absolute/path/to/mytruststore"
# Set trust store password
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=changeit"
# Turn off host verification if needed. Turn off in production.
#JAVA_OPTS="$JAVA_OPTS -Dorg.jboss.security.ignoreHttpsHost=true"
# Turn on ssl handshake debugging if needed. Turn off in production.
#JAVA_OPTS="$JAVA_OPTS -Djavax.net.debug=ssl,handshake"
Setup login-config.xml
* cd /server/myserver/conf
* Add to login-config.xml
<application-policy name="my">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="java.naming.provider.url">ldaps://ad.my.com:636</module-option>
<module-option name="bindDN">user1</module-option>
<module-option name="bindCredential">password</module-option>
<module-option name="baseCtxDN">CN=Users,DC=my,DC=com</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">CN=Users,DC=my,DC=com</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
</login-module>
</authentication>
</application-policy>
Stacking Multiple Login Modules
* Add to login-config.xml
<application-policy name="my">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="usersProperties">
props/my-users.properties
</module-option>
<module-option name="rolesProperties">
props/my-roles.properties
</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="optional" >
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="java.naming.provider.url">ldaps://ad.my.com:636</module-option>
<module-option name="bindDN">user1</module-option>
<module-option name="bindCredential">password</module-option>
<module-option name="baseCtxDN">CN=Users,DC=my,DC=com</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">CN=Users,DC=my,DC=com</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
</login-module>
</authentication>
</application-policy>
Use Login Modules in Web Applications
See this post for an example of using UsersRolesLoginModule to secure jmx-console and web-console.
References
LdapLoginModule
LdapExtLoginModule
Stacking Login Modules
Filed under: jboss | |Comments off
Start JBoss
$ cd <JBOSS_HOME>/bin
$ ./run.sh -h
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: <JBOSS_HOME>
JAVA: <JAVA_HOME>/bin/java
JAVA_OPTS: -Dprogram.name=run.sh -server -Xms128m -Xmx728m -XX:PermSize=256m -XX:MaxPermSize=512m -Djava.awt.headless=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.lang.ClassLoader.allowArraySyntax=true -Djava.net.preferIPv4Stack=true
CLASSPATH: <JBOSS_HOME>/bin/run.jar:<JAVA_HOME>/lib/tools.jar
=========================================================================
usage: run.sh [options]
options:
-h, --help Show this help message
-V, --version Show version information
-- Stop processing options
-D<name>[=<value>] Set a system property
-d, --bootdir=<dir> Set the boot patch directory; Must be absolute or url
-p, --patchdir=<dir> Set the patch directory; Must be absolute or url
-n, --netboot=<url> Boot from net with the given url as base
-c, --configuration=<name> Set the server configuration name
-B, --bootlib=<filename> Add an extra library to the front bootclasspath
-L, --library=<filename> Add an extra library to the loaders classpath
-C, --classpath=<url> Add an extra url to the loaders classpath
-P, --properties=<url> Load system properties from the given url
-b, --host=<host or ip> Bind address for all JBoss services
-g, --partition=<name> HA Partition name (default=DefaultDomain)
-u, --udp=<ip> UDP multicast address
-l, --log=<log4j|jdk> Specify the logger plugin type
Example
# Starts "myserver" instance and bind to address of 192.168.0.10
$ ./run.sh -c myserver -b 192.168.0.10
# Start in the background
$ nohup ./run.sh -c myserver -b 192.168.0.10 &
Stop JBoss
Find jnp port
* Find ServiceBindingManager mbean by looking in "/server/myserver/conf/jboss-service.xml" file.
<mbean code="org.jboss.services.binding.ServiceBindingManager"
name="jboss.system:service=ServiceBindingManager">
<attribute name="ServerName">ports-default</attribute>
<attribute name="StoreURL">${jboss.home.url}/docs/examples/binding-manager/sample-bindings.xml</attribute>
<attribute name="StoreFactoryClassName">
org.jboss.services.binding.XMLServicesStoreFactory
</attribute>
</mbean>
* Locate server section named "ServerName" (i.e. ports-default) in "StoreURL" file (i.e. ${jboss.home.url}/docs/examples/binding-manager/sample-bindings.xml).
* In "service-config element, find the binding port number (8085 in the following example).
<server name="ports-default">
<!-- ********************* jboss-service.xml ****************** -->
<service-config name="jboss:service=Naming" delegateClass="org.jboss.services.binding.AttributeMappingDelegate">
<delegate-config portName="Port" hostName="BindAddress">
<attribute name="RmiPort">1098</attribute>
</delegate-config>
<binding port="8085" host="${jboss.bind.address}"/>
</service-config>
Stop JBoss Instance
./shutdown.sh -s jnp://192.168.0.10:8085 -u admin -p password
Reference
http://www.jboss.org/community/wiki/StartStopJBoss
Filed under: jboss | |Comments off
Create JKS trust store using Java keytool utility
# Import VeriSign root certificate
keytool.exe -import -v -keystore my.truststore -alias VeriSign_Root -storepass changeit -file VeriSign,Inc..crt
# Import VeriSign intermediate certificate
keytool.exe -import -v -keystore my.truststore -alias VeriSignIntermediateCACert -storepass changeit -file VeriSignIntermediateCACert.txt
# Import server certificate
keytool.exe -import -v -keystore my.truststore -alias server_cert -storepass changeit -file cert.cer
# List trust store certificates
keytool.exe -list -v -keystore my.truststore
Edit bin/run.conf
# Set trust store file location
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=</absolute/path/to/trust.store.file>"
# Set trust store password
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=password"
# Turn off host verification if needed
#JAVA_OPTS="$JAVA_OPTS -Dorg.jboss.security.ignoreHttpsHost=true"
# Turn on ssl handshake debugging if needed
#JAVA_OPTS="$JAVA_OPTS -Djavax.net.debug=ssl,handshake"
Restart JBoss
Don't forget to restart JBoss.
Filed under: jboss, ssl | |Comments off