Version 3

    The global valve feature has been added by pull request #3326.

    To use it you need to put the valve class(es) in a jar and the jar in a module, tell do that with an example:

    Let's use the Tomcat RemoteAddrValve.

    In tomcat you would have something like in server.xml

    <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="127.*"/>

    In AS7 in standalone.xml in the web subsystem:

    <valve name="myvalve" module="mymodule" class-name="org.apache.catalina.valves.RemoteAddrValve">
      <param param-name="deny" param-value="127.*"/>

    Or via the jboss-cli:

    ./valve=myvalve:write-attribute(name=enabled, value=true)


    The class needs to be in a jar.

    Compile the from the jbossweb sources or extract it from jbossweb.jar.

    then create the jar:

    jar cvf myjar.jar org/apache/catalina/valves/RemoteAddrValve.class

    then create the module:

    mkdir modules/mymodule
    mkdir modules/mymodule/main
    mv myjar.jar modules/mymodule/main

    add create the modules/mymodule/main/module.xml with the content:

    <module xmlns="urn:jboss:module:1.1" name="mymodule">
            <property name="jboss.api" value="private"/>
            <resource-root path="myjar.jar"/>
            <module name="sun.jdk"/>
            <module name="javax.servlet.api"/>
            <module name=""/>

    To test the valve start AS7 on (bin/ -b and use curl:

    curl -v http://localhost:8080/
    * About to connect() to localhost port 8080 (#0)
    *   Trying
    * connected
    * Connected to localhost ( port 8080 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.24.0 (i686-redhat-linux-gnu) libcurl/7.24.0 NSS/ zlib/1.2.5 libidn/1.24 libssh2/1.4.1
    > Host: localhost:8080
    > Accept: */*
    < HTTP/1.1 403 Forbidden
    < Server: Apache-Coyote/1.1
    < Transfer-Encoding: chunked
    < Date: Mon, 26 Nov 2012 10:57:17 GMT
    * Connection #0 to host localhost left intact
    * Closing connection #0


    using curl and the hostname should give the normal AS7 page, if not try from a another box:

    [jfclere@neo6 ~]$ curl -v http://jfcpc:8080/
    * About to connect() to jfcpc port 8080 (#0)
    *   Trying connected
    * Connected to jfcpc ( port 8080 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/ zlib/1.2.3 libidn/1.9 libssh2/1.2.4
    > Host: jfcpc:8080
    > Accept: */*
    < HTTP/1.1 200 OK
    < Server: Apache-Coyote/1.1
    < Accept-Ranges: bytes
    < ETag: W/"2432-1353665779000"