5 Replies Latest reply on Aug 14, 2012 3:51 AM by Torbjörn Stavenek

    JBoss 7 and RemoteIpValve

    Julien Fougere Newbie

      Hi,

       

      I am migrating an application previously running on JBoss as 6. Our application is running behind apache with proxy_pass instructions.

      In order to get real client IP, we used the valve : org.apache.catalina.valves.RemoteIpValve in server.xml.

       

      Does this valve still exist in JBoss as 7 ? If yes where the configuration should be done in JBoss 7 ?

      Is there another way in JBoss 7 to replace ip with the one given in X-Forwared-For header ?

       

      Thanks.

       

      Julien

        • 1. Re: JBoss 7 and RemoteIpValve
          Radoslav Husar Master

          Hi Julien,

           

          Yes this valve still exists in AS7. It uses JBoss Web 7.0.3 which does contain this valve, see "/modules/org/jboss/as/web/main/jbossweb-7.0.3.Final.jar" in your directory structure. Unfortunately, I dont know exactly how to use it.

           

          Anyway, I think you should dump proxy whatsoever (I might be biased here but I see no advantages to be honest ) and use AJP protocol to connect up the balancer with the server via either mod_cluster or mod_jk. Looks like it would save you quite some time ;-)

           

          HTH,

          Rado

          • 2. Re: JBoss 7 and RemoteIpValve
            jaikiran pai Master

            Radoslav Husar wrote:

             

            Hi Julien,

             

            Yes this valve still exists in AS7. It uses JBoss Web 7.0.3 which does contain this valve, see "/modules/org/jboss/as/web/main/jbossweb-7.0.3.Final.jar" in your directory structure. Unfortunately, I dont know exactly how to use it.

             

            The valves can be enabled like shown in the example here http://community.jboss.org/wiki/JBossAS7SecurityDomainModel  (see the example in the section "Deploying Custom Tomcat Authenticators in AS7")

            1 of 1 people found this helpful
            • 3. Re: JBoss 7 and RemoteIpValve
              Julien Fougere Newbie

              Thanks Jaikiran,

               

              The documentation you pointed me at, helped me a lot.

              I finally did manage to get the correct IP by setting the Valve in jboss-web.xml.

               

              However since now in JBoss 7 this valve is configured per deployment application and not at server level, setting <access-log/> in standalone.xml do not make the acces log files use remote IP. The valve here is only doing its job for the deployed app.

               

              To resolved this issue I removed <access-log/> in standalone.xml file and I added the corresponding acces log valve in my jboss-web.xml.

               

              For those interested, here is the final version of jboss-web.xml that we are using:

              {code:xml}

              <jboss-web>

                  <valve>

                      <class-name>org.apache.catalina.valves.RemoteIpValve</class-name>

                      <param>

                          <param-name>protocolHeader</param-name>

                          <param-value>x-forwarded-proto</param-value>

                      </param>

                  </valve>

                  <valve>

                      <class-name>org.apache.catalina.valves.AccessLogValve</class-name>

                      <param>

                          <param-name>prefix</param-name>

                          <param-value>http_access_log.</param-value>

                      </param>

                      <param>

                          <param-name>suffix</param-name>

                          <param-value>.log</param-value>

                      </param>

                      <param>

                          <param-name>pattern</param-name>

                          <param-value>%h %l %u %t "%r" %s %b %{User-Agent}i %{JSESSIONID}c</param-value>

                      </param>

                      <param>

                          <param-name>directory</param-name>

                          <param-value>host</param-value>

                      </param>

                      <param>

                          <param-name>resolveHosts</param-name>

                          <param-value>false</param-value>

                      </param>

                  </valve>

              </jboss-web>

              {code}

              • 4. Re: JBoss 7 and RemoteIpValve
                Julien Fougere Newbie

                However there is one little drawback with this AccessLogValve, it uses the system property catalina.base as the root directory for access log when the given directory is relative.

                 

                Since this property is not set the directory gets created where jboss is started...

                 

                I think that this valve needs to evolve to use jboss.home.dir instead.

                • 5. Re: JBoss 7 and RemoteIpValve
                  Torbjörn Stavenek Newbie

                  Actually it seems to work as expected now:

                   

                  <jboss-web>
                      <context-root>/myroot</context-root>
                     
                      <!-- http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html#Access_Log_Valve  -->
                      <valve>
                          <class-name>org.apache.catalina.valves.AccessLogValve</class-name>
                          <param>
                              <param-name>prefix</param-name>
                              <param-value>access_log.</param-value>
                          </param>
                          <param>
                              <param-name>suffix</param-name>
                              <param-value>.log</param-value>
                          </param>
                          <param>
                              <param-name>pattern</param-name>
                              <param-value>%h %l %u %t %r %s %b %{User-Agent}i %{JSESSIONID}c</param-value>
                          </param>
                          <param>
                              <param-name>directory</param-name>
                              <param-value>${jboss.home.dir}/log</param-value>
                          </param>
                          <param>
                              <param-name>resolveHosts</param-name>
                              <param-value>false</param-value>
                          </param>
                      </valve>
                     
                  </jboss-web>