[jboss-user] [Beginners Corner] - How to set HTTPonly in JSESSIONID Cookie?

Folks, How can I implement this? Thanks, Andre View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4238839#4238839 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4238839 ___ jboss-

[jboss-user] [Beginners Corner] - Re: How to prevent CSRF (Cross Site Request Forgeries)

Hi, I don´t use Seam, I do use jsp and jsf. Thanks, Andre View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4238838#4238838 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4238838 _

[jboss-user] [Beginners Corner] - How to prevent CSRF (Cross Site Request Forgeries)

Hi, How to prevent CSRF attacks? I´ve seen that it needs POST security tokens. How to set on Jboss? Thanks, Andre View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4237738#4237738 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=

[jboss-user] [Beginners Corner] - RMI IIOP Security

Hi, It is my duty to implement security over the app RMI/IIOP calls. How to do it? Thanks, Andre View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4225894#4225894 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4225894 _

[jboss-user] [Security & JAAS/JBoss] - SecureIdentityLoginModule - 'jaas is the way'

Hi, Has anybody modified the SecureIdentityLoginModule class to replace the phrase 'jaas is the way', in order to improve datasource security? If so, how to? Thanks, Andre View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4225471#4225471 Reply to the post : h

[jboss-user] [JCA/JBoss] - JBoss Connection Pooling Problem With Unisys DMS-II JDBC Dri

Hi, people. I tried to configure a datasource using Unisys DMS-II Jdbc Driver. I wrote the configuration below: DmsiiMyDB-DS jdbc:unisys:dmsql:Unisys.DMSII:resource=mydb;host=myHost;port=; com.unisys.jdbc.dmsql.Driver MyUser MyPassword

[jboss-user] [Security & JAAS/JBoss] - Re: How to modify SecureIdentityLoginModule class?

Can anybody help me with this issue? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4222777#4222777 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4222777 ___ jboss-user mailin

[jboss-user] [Security & JAAS/JBoss] - How to modify SecureIdentityLoginModule class?

Hi, We have Jboss 4.2.03 EAP with Red Hat subscription contract. We want to change the 'hard-coded' phrase used by the SecureIdentityLoginModule class, but there are some doubts: 1- Where do I get the source code? 2- How to compile the class? Some say that it is better to recompile the entire

[jboss-user] [Beginners Corner] - Re: Secure jmx-console and web-console

I have a jboss running on my windows desktop. In order to test the app I think that Jboss starts some products of Apache, for instance, coyote, catalina, etc... The file apache.log appears in a log4j appender: | | | | |

[jboss-user] [Beginners Corner] - Re: Secure jmx-console and web-console

Peter, I can´t post my log4j configuration. Andre View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4213752#4213752 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4213752 ___

[jboss-user] [Beginners Corner] - Re: Secure jmx-console and web-console

Pj, I have a jboss running on my windows desktop. In order to test the app I think that Jboss starts some products of Apache, for instance, coyote, catalina, etc... The file apache.log appears in a log4j appender

[jboss-user] [Beginners Corner] - Re: Secure jmx-console and web-console

I forgot to mention that I couldn´t understand what was in jboss-web.xml: "You will need to edit the tmladaptor login configuration to setup the login modules used to authentication users" Don´t know what to do with it. Thanks again, Andre View the original post : http://www.jboss.org/ind

[jboss-user] [Beginners Corner] - Re: Secure jmx-console and web-console

Hi Pj, Thanks for the wiki SecureJboss. I tried to implement the SecureTheJmxConsole (http://www.jboss.org/community/docs/DOC-12190). Before applying the configuration I can access jmx-console without any access control. After applying the configuration I get a BLANK PAGE and the following er

[jboss-user] [Beginners Corner] - Secure jmx-console and web-console

Hi there, The credentials of jmx-console and web-console are stored in plaintext files. Is there a better way to improve the security of jmxs passwords? Thanks, Andre View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4213152#4213152 Reply to the post : http:/

[jboss-user] [Beginners Corner] - Jboss hardening

Hi there, What are the steps to improve jboss security? Thanks, Andre View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4213123#4213123 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4213123 ___

[jboss-user] [Beginners Corner] - Re: What is the best approach to datasource password securit

Hi Jaikiran, I´ve read http://www.jboss.org/community/docs/DOC-9350 and the one you have mentioned. I´ve configured SecureIdentityLoginModule and it worked fine. But, as stated in http://docs.huihoo.com/javadoc/jboss/3.2.7/connector/org/jboss/resource/security/SecureIdentityLoginModule.html

[jboss-user] [Beginners Corner] - What is the best approach to datasource password security?

Hi there, I have a datasource file with a plain text password. How can I improve its security? What is the difference between PBEIdentityLoginModule and SecureIdentityLoginModule? What does it have to do with Jaas? Thanks, André View the original post : http://www.jboss.org/index.html?modu

[jboss-user] [Beginners Corner] - How can I see the users connected

Hi, How can I see the connected users in an app running on jboss? Thanks, André View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4207484#4207484 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4207484 ___

[jboss-user] [Beginners Corner] - Re: Strange messages on log

Is there anybody out there? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4186089#4186089 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4186089 ___ jboss-user mailing list jbo

[jboss-user] [Beginners Corner] - Strange messages on log

Hi, We are receiving some error messages that I can´t know its meaning. Can you tell me what is this related to? 2008-10-28 16:26:46,397 97243442 ERROR [org.jboss.jmx.adaptor.snmp.agent.SnmpAgentService] (SnmpPortal--1:) Message from manager /127.0.0.1 on port 38913 2008-10-28 16:26:46,397 97

[jboss-user] [Tomcat, HTTPD, Servlets & JSP] - Re: tomcat monitoring metrics - explain

Peter, Thanks in advance for the instant reply. I saw the doc http://www.jboss.com/pdf/monitoring.pdf. In the section "Tomcat monitoring metrics" there are many metrics that I would like to know the definition of. For example, what is the definition of "total processing time per minute" metri

[jboss-user] [Tomcat, HTTPD, Servlets & JSP] - tomcat monitoring metrics - explain

Hi, Where does can I get an explanation of the "Tomcat monitoring metrics"? Many of them are self explanatory, but some makes me wonder Thanks, Andre View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4183598#4183598 Reply to the post : http://www.jboss.co

[jboss-user] [Beginners Corner] - Re: How to communicate Jboss with unisys mainframe

Peter, I am interested in connection through JDBC. There´s a link about that: http://www.unisys.com/products/mainframes/middleware/open__data__access/jdbc__for__mcp.htm Does anybody have used this? Andre View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=41826

[jboss-user] [Beginners Corner] - How to communicate Jboss with unisys mainframe

Hi, We have a java program, outside Jboss, that connects a Unisys mainframe (Nx) over TCP/IP, in order to get some data. We want to "put" this java program into Jboss. First idea: Create a Jboss service that calls the java program. Second idea: Search for a standard method of communication bet

[jboss-user] [Installation, Configuration & DEPLOYMENT] - Re: Problem Starting RMI service

Sandyts, What commands do you use in order to get information from Jboss server? Tahnks, Andre View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4181242#4181242 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4181242 __

[jboss-user] [Beginners Corner] - Re: JON monitoring best metrics

Thanks again Peter, I agree with you that JON is not widely used, but monitoring is mandatory for many application servers. What are the metrics a Jboss administrator needs to monitor? Thanks, Andre View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4180849#41

[jboss-user] [Management, JMX/JBoss] - JON agent messages

Hi, One JON agent logs the following all the time: [10/07/2008 12:48:00 AM] Log Message (logs/agent.log): [RtPlugin] No valid response time log files found. logDir= /var/log/jboss/selicpro , logMask= juddiws_JBNEMResponseTime.log [10/07/2008 12:37:00 PM] Log Message (logs/agent.log): [RtPlugi

[jboss-user] [Beginners Corner] - Re: JON monitoring best metrics

Is there anybody out there? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4180667#4180667 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4180667 ___ jboss-user mailing list jbo

[jboss-user] [Beginners Corner] - Re: App dynamic priority

Is there anybody out there? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4180666#4180666 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4180666 ___ jboss-user mailing list jbo

[jboss-user] [Beginners Corner] - App dynamic priority

Hi, I have a jboss server with 4 applications. From midday to one afternoon is the time frame for the auction system. During that period the auction system needs the best response time as possible, and the other 3 apps should not interfere the auction system response time. Is there a way to pr

[jboss-user] [Beginners Corner] - JON monitoring best metrics

Hi, I would like to know what are the best metrics to monitor my servers through JON 2.0.1. I have linux, jboss (tomcat embbeded), apache, java 1.5. Ex: Sometimes one of my Jboss "JVM free memory" reaches 0 (zero). Is it bad or not? Both app and logs doesn´t complain. Second, What are the

[jboss-user] [Beginners Corner] - JON Min connections X Total connections

Hi, As far as I know, min connections is the minimum amount of open connections Jboss keeps opened. It is set in *-ds.xml . I understand that "Total connections" should be greater or equal to "min connections". Sometimes JON reports that total connections is LESS than min connections. Is it c

[jboss-user] [Beginners Corner] - Re: hide server version details from http requests

Folks, I think you can set this initialization parameter: See %JBOSS_HOME%/server//deploy/jboss-web.deployer/conf/web.xml The default is false. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4178837#4178837 Reply to the post : http://www.jboss.com/index.

[jboss-user] [Beginners Corner] - Re: jmx-console - blank page return

It happens on both browsers: IE 6 and FireFox 2.0.0.16. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4177753#4177753 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4177753 ___

[jboss-user] [Beginners Corner] - Re: jmx-console - blank page return

Hi Peter, Lines from boot.log: 11:53:28,256 INFO [ServerInfo] Java version: 1.5.0_15,Sun Microsystems Inc. 11:53:28,257 INFO [ServerInfo] Java VM: Java HotSpot(TM) Server VM 1.5.0_15-b04,Sun Microsystems Inc. 11:53:28,257 INFO [ServerInfo] OS-System: Linux 2.6.16.60-0.21-default,i386 11:53:28

[jboss-user] [Beginners Corner] - Re: jmx-console - blank page return

Peter, The line is uncommented. Do you think is it related to the following topic? http://www.jboss.com/index.html?module=bb&op=viewtopic&t=106353 Thanks, Andre View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4177524#4177524 Reply to the post : http://www.

[jboss-user] [Beginners Corner] - Re: jmx-console - blank page return

Peter, I use Jboss 4.2.0 GA. When I enter http://myserver:8080/ it shows the "Welcome to Jboss" page. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4176259#4176259 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=41762

[jboss-user] [Beginners Corner] - Re: jmx-console - blank page return

Peter, Whenever I hit http://myserver:8080/jmx-console/ it throws in server.log the following: 2008-09-12 15:40:14,845 87133065 WARN [org.apache.catalina.authenticator.FormAuthenticator] (http-0.0.0.0-8080-4:) Unexpected error forwarding to login page java.lang.NullPointerException a

[jboss-user] [Beginners Corner] - App priority

Hi, We´ve run a jboss instance that servers 4 apps. Is there a way to set different priorities for each of them? Thanks, Andre View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4176202#4176202 Reply to the post : http://www.jboss.com/index.html?module=bb&op=p

[jboss-user] [Beginners Corner] - Re: jmx-console - blank page return

Hi Peter, I´m looking for a file that logs jmx-console´s info, but I didn´t find. What is the name and path of the jmx-console log file? Thanks again, Andre View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4175653#4175653 Reply to the post : http://www.jbo

[jboss-user] [Beginners Corner] - jmx-console - blank page return

Hi, I invoke http://myserver:8080/jmx-console/ and it returns a blank page, without any errors. Any ideas to solve this mistery? Thanks, Andre View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4175596#4175596 Reply to the post : http://www.jboss.com/index.ht

[jboss-user] [Tomcat, HTTPD, Servlets & JSP] - How to get user IP address - proxy connection

Hi, Internet users connect to my site through the proxy, and the proxy connects to our app server. So we get the proxy´s IP address. How can I get the user´s real IP address ? Thanks, Andre View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4173413#41734

[jboss-user] [Performance Tuning] - Re: Single instance hosts several apps

Peter, You wrote: "...JBossAS provides an MBean that provides information such as number of calls, total/min/max response time)" How can I reach this MBean? Thanks, View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4173174#4173174 Reply to the post : ht

[jboss-user] [Performance Tuning] - Re: Single instance hosts several apps

We have an external partner (siteseeing) that conects one especific app every minute, and reports the times to us. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4172875#4172875 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=r

[jboss-user] [Performance Tuning] - Single instance hosts several apps

Hi, I have a Jboss instance that servers 4 applications. Sometimes the response time increases in one of them. Is there a way to measure the impact of one app on another? How can I know if the increased response time is another app´s duty? Thanks, Andre View the original post : http://ww

[jboss-user] [Persistence,JBoss/CMP, Hibernate , Database] - Conection pool doesn´t recycle

Hi, I have a Jboss instance that has a database conection pool. At 3:00 in the morning the database stops to do backup, and when it starts my app can´t conect anymore. I think the conection pool should be automatically recicled when the database comes back. Any ideas on how to solve that prob