Jboss 瘦身 jboss

1.将不需要的 profile 都删除如:all, standard,minimal,web.
2.将 web-console.war,admin-console.war, ROOT.war,management 删除。
3.对 jmx-console.war 安全加固。

 

具体操作如下:
1.将 jboss-5.1.0.GA-jdk6.zip 解压删除目录 jboss-5.1.0.GA/server/all, standard,minimal,web
unzip jboss-5.1.0.GA-jdk6.zip
cd jboss-5.1.0.GA/server
rm -rf all standard minimal web
2.删除 default 下不需要的服务
cd default/deploy
rm -rf admin-console.war/ ROOT.war/ management/
3.jmx-console.war 安全加固
将 jboss-5.1.0.GA/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml

<jboss-web>
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users.
<security-domain>java:/jaas/jmx-console</security-domain>
-->
</jboss-web>

 

注解打开:

<jboss-web>
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users.-->
<security-domain>java:/jaas/jmx-console</security-domain>
</jboss-web>

 

将 jboss-5.1.0.GA/server/default/deploy/jmx-console.war/WEB-INF/web.xml

<!-- A security constraint that restricts access to the HTML JMX console
to users with the role JBossAdmin. Edit the roles to what you want and
uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
secured access to the HTML JMX console.
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
-->

 

将注解打开

<!-- A security constraint that restricts access to the HTML JMX console
to users with the role JBossAdmin. Edit the roles to what you want and
uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
secured access to the HTML JMX console. -->
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>

 

将 jboss-5.1.0.GA/server/default/conf/props/jmx-console-users.properties

# A sample users.properties file for use with the UsersRolesLoginModule
admin=admin
注释掉
# A sample users.properties file for use with the UsersRolesLoginModule
#admin=admin

 

 

如果想要访问 jmx-console 就需要打开注解,将 admin 的密码修改为比较复杂一些的密码。如

# A sample users.properties file for use with the UsersRolesLoginModule
admin=jsidJSAOIA!@#$%