3 Replies Latest reply on Feb 11, 2015 5:52 AM by xerces8

    SSLValve on JBoss AS 7.1.1?

    xerces8
    xerces8 Jul 17, 2014 10:07 AM

      Hi!

       

      Does SSLValve work with JBoss AS 7.1.1?

       

      I am trying to interpret client certificate data sent by the frontend as a HTTP header with the name "ssl_client_cert".

       

      The web suggest using the SSLValve valve.

       

      Looking in modules/org/jboss/as/web/main/jbossweb-7.0.13.Final.jar , the SSLValve.class is there.

       

      But I can not configure it in standalone.xml under element <subsystem xmlns="urn:jboss:domain:web:1.1"  because the used XSD jboss-as-web_1_1.xsd doesn't know the <valve> element.

       

      I naively tried to edit the subsystem element into <subsystem xmlns="urn:jboss:domain:web:1.4"  (the first XSD version to support the valve element), but Jboss refuses to start with the error:

       

      Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[310,9]

      Message: Unexpected element '{urn:jboss:domain:web:1.4}subsystem'

       

       

      Is there a way to set up the SSLValve with Jboss 7.1.1?

       

      Or is there another way to support the "ssl_client_cert" header?

       

      Regards,

      David

        • 1. Re: SSLValve on JBoss AS 7.1.1?
          xerces8
          xerces8 Jan 29, 2015 12:27 PM (in response to xerces8)

          It works if added to WEB-INF/jboss-web.xml , like this:

           

          <?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_7_1.xsd"
           version="7.0">
<valve><class-name>org.apache.catalina.valves.SSLValve</class-name></valve>
</jboss-web>

           

          This must be done in each deployed application (which makes them environment dependent).

            • Actions
          • 2. Re: SSLValve on JBoss AS 7.1.1?
            ctomc
            ctomc Feb 2, 2015 4:23 AM (in response to xerces8)

            David Balažic wrote:

             

            It works if added to WEB-INF/jboss-web.xml , like this:

             

            This must be done in each deployed application (which makes them environment dependent).

            not really, jboss-web.xml is only used by jboss app server...

             

            in some later version of AS7.x / EAP we added support for global valves back, but TBH i am not sure which version it was. if you use EAP 6.4.Alpha i am sure it is there

              • Actions
            • 3. Re: SSLValve on JBoss AS 7.1.1?
              xerces8
              xerces8 Feb 11, 2015 5:52 AM (in response to ctomc)

              What I meant was: now we have a WAR for use behind proxy and one for "regular" setup.

              (the WAR with SSLValve could be used in both, both the users could inject the cert in to the HTTP headers and fake other users)

                • Actions