Add a Global Valve in AS7 (7.2.x)

Version 3

    The global valve feature has been added by pull request #3326.

    To use it you need to put the valve class(es) in a jar and the jar in a module, tell do that with an example:

    Let's use the Tomcat RemoteAddrValve.

    In tomcat you would have something like in server.xml

    <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="127.*"/>

    In AS7 in standalone.xml in the web subsystem:

    <valve name="myvalve" module="mymodule" class-name="org.apache.catalina.valves.RemoteAddrValve">
      <param param-name="deny" param-value="127.*"/>
    </valve>
    

    Or via the jboss-cli:

    ./valve=myvalve:add(class-name=org.apache.catalina.valves.RemoteAddrValve,module=mymodule,enabled=false)
    ./valve=myvalve:add-param(param-name=deny,param-value=127.*)
    ./valve=myvalve:write-attribute(name=enabled, value=true)
    /:reload
    

     

    The class needs to be in a jar.

    Compile the RemoteAddrValve.java from the jbossweb sources or extract it from jbossweb.jar.

    then create the jar:

    jar cvf myjar.jar org/apache/catalina/valves/RemoteAddrValve.class
    

    then create the module:

    mkdir modules/mymodule
    mkdir modules/mymodule/main
    mv myjar.jar modules/mymodule/main
    

    add create the modules/mymodule/main/module.xml with the content:

    <module xmlns="urn:jboss:module:1.1" name="mymodule">
        <properties>
            <property name="jboss.api" value="private"/>
        </properties>
        <resources>
            <resource-root path="myjar.jar"/>
        </resources>
        <dependencies>
            <module name="sun.jdk"/>
            <module name="javax.servlet.api"/>
            <module name="org.jboss.as.web"/>
        </dependencies>
    </module>
    

    To test the valve start AS7 on 0.0.0.0 (bin/standalone.sh -b 0.0.0.0) and use curl:

    curl -v http://localhost:8080/
    * About to connect() to localhost port 8080 (#0)
    *   Trying 127.0.0.1...
    * connected
    * Connected to localhost (127.0.0.1) port 8080 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.24.0 (i686-redhat-linux-gnu) libcurl/7.24.0 NSS/3.13.5.0 zlib/1.2.5 libidn/1.24 libssh2/1.4.1
    > Host: localhost:8080
    > Accept: */*
    >
    < HTTP/1.1 403 Forbidden
    < Server: Apache-Coyote/1.1
    < Transfer-Encoding: chunked
    < Date: Mon, 26 Nov 2012 10:57:17 GMT
    <
    * Connection #0 to host localhost left intact
    * Closing connection #0
    

     

    using curl and the hostname should give the normal AS7 page, if not try from a another box:

    [jfclere@neo6 ~]$ curl -v http://jfcpc:8080/
    * About to connect() to jfcpc port 8080 (#0)
    *   Trying 10.33.144.3... connected
    * Connected to jfcpc (10.33.144.3) port 8080 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.6.2 zlib/1.2.3 libidn/1.9 libssh2/1.2.4
    > Host: jfcpc:8080
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    < Server: Apache-Coyote/1.1
    < Accept-Ranges: bytes
    < ETag: W/"2432-1353665779000"