Version 3
Created by jfclere on Nov 26, 2012 5:15 AM. Last modified by lkrzyzanek on Jan 23, 2014 10:03 AM.

    The global valve feature has been added by pull request #3326.

    To use it you need to put the valve class(es) in a jar and the jar in a module, tell do that with an example:

    Let's use the Tomcat RemoteAddrValve.

    In tomcat you would have something like in server.xml

    <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="127.*"/>

    In AS7 in standalone.xml in the web subsystem:

    <valve name="myvalve" module="mymodule" class-name="org.apache.catalina.valves.RemoteAddrValve">
  <param param-name="deny" param-value="127.*"/>
</valve>

    Or via the jboss-cli:

    ./valve=myvalve:add(class-name=org.apache.catalina.valves.RemoteAddrValve,module=mymodule,enabled=false)
./valve=myvalve:add-param(param-name=deny,param-value=127.*)
./valve=myvalve:write-attribute(name=enabled, value=true)
/:reload

     

    The class needs to be in a jar.

    Compile the RemoteAddrValve.java from the jbossweb sources or extract it from jbossweb.jar.

    then create the jar:

    jar cvf myjar.jar org/apache/catalina/valves/RemoteAddrValve.class

    then create the module:

    mkdir modules/mymodule
mkdir modules/mymodule/main
mv myjar.jar modules/mymodule/main

    add create the modules/mymodule/main/module.xml with the content:

    <module xmlns="urn:jboss:module:1.1" name="mymodule">
    <properties>
        <property name="jboss.api" value="private"/>
    </properties>
    <resources>
        <resource-root path="myjar.jar"/>
    </resources>
    <dependencies>
        <module name="sun.jdk"/>
        <module name="javax.servlet.api"/>
        <module name="org.jboss.as.web"/>
    </dependencies>
</module>

    To test the valve start AS7 on 0.0.0.0 (bin/standalone.sh -b 0.0.0.0) and use curl:

    curl -v http://localhost:8080/
* About to connect() to localhost port 8080 (#0)
*   Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.24.0 (i686-redhat-linux-gnu) libcurl/7.24.0 NSS/3.13.5.0 zlib/1.2.5 libidn/1.24 libssh2/1.4.1
> Host: localhost:8080
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Server: Apache-Coyote/1.1
< Transfer-Encoding: chunked
< Date: Mon, 26 Nov 2012 10:57:17 GMT
<
* Connection #0 to host localhost left intact
* Closing connection #0

     

    using curl and the hostname should give the normal AS7 page, if not try from a another box:

    [jfclere@neo6 ~]$ curl -v http://jfcpc:8080/
* About to connect() to jfcpc port 8080 (#0)
*   Trying 10.33.144.3... connected
* Connected to jfcpc (10.33.144.3) port 8080 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.6.2 zlib/1.2.3 libidn/1.9 libssh2/1.2.4
> Host: jfcpc:8080
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Accept-Ranges: bytes
< ETag: W/"2432-1353665779000"
    5126 Views Categories: Tags: