1、JBOSS_PID=$!#Trapcommonsignalsandrelaythemtothejbossprocesstrapkill-HUP$JBOSS_PIDHUPkill-TERM$JBOSS_PIDINTkill-QUIT$JBOSS_PIDQUITkill-PIPE$JBOSS_PIDPIPETERM#WaituntilthebackgroundprocessexitsWAIT_STATUS=0while$WAIT_STATUS-ne127;JBOSS_STATUS=$WAIT_STATUSwait$JBOSS_PID2/dev/nullWAIT_STATUS=$?donefi#If
2、restartdoesntwork,checkyouarerunningJBossAS4.0.4+#orthefollowingifyourerunningRedHat7.0if$JBOSS_STATUS-eq10;echoRestartingJBoss.exit$JBOSS_STATUSdone&二Jboss内存优化:修改这个两参数,给jvm分配适当的内存,一般为服务器的3/4内存量,推荐至少使用4G内存。另外添加两个参数-XX:+UseParallelGC-XX:+UseParallelOldGC这两个让服务并行回收内存空间。修改完成后,大致为JAVA_OPTS=“-Xms4096m-Xm
3、x8192m-XX:+UseParallelOldGC-Dsum三Jboss日志输出模式root190MEMconf#pwd/usr/local/jboss/server/default/confroot190MEMconf#vijboss-log4j.xmlerrorHandlerclass=org.jboss.logging.util.OnlyOnceErrorHandler/paramname=Filevalue=$jboss.server.log.dir/server.logAppendfalseThresholdERROR四Jboss数据库连接池优化修改数据库连接池:datasour
4、ceslocal-tx-datasourcejndi-nametraining_master_dbconnection-urljdbc:mysql:/211.100.192.128:3306/dts?useUnicode=true&characterEncoding=UTF-8driver-classcom.mysql.jdbc.Driveruser-namerootpassword/passwordmin-pool-size100max-pool-size500exception-sorter-class-nameorg.jboss.resource.adapter.jdbc.vendor.
5、MySQLExceptionSorter五Jboss部署目录优化:去掉和应用无关的部署,加快jboss运行速度bsh-deployer.xmlclient-deployer-service.xmlear-deployer.xmlejb-deployer.xmlhttp-invoker.sarjboss-bean.deployerjboss-ws4ee.sarjmsjsr88-service.xmlschedule-manager-service.xmlscheduler-service.xmlsqlexception-service.xmluuid-key-generator.sar六Jbos
6、s应用安全加固:去掉:Tomcatstatus(full)(XML)JMXConsoleJBossWebConsole删除deploy下的jmx-console.war/management/root190MEMdeploy#pwd/usr/local/jboss/server/default/deployroot190MEMdeploy#lsjmx-console.war/management/jmx-console.war/:checkJNDI.jspdisplayMBeans.jspimagesinspectMBean.jspMETA-INFWEB-INFclusterdisplayOp
7、Result.jspindex.jspjboss.cssstyle_master.cssmanagement/:console-mgr.sar一、前言:Jboss默认安装以后,会默认打开http:/127.0.0.1,显示如下:JBossOnlineResourcesJBoss4.0documentationJBossWikiJBossforumsJBossManagementTomcatstatus(full)(XML)JMXConsoleJBossWebConsoleJmxConsole和JbossWebConsole里面可以修改和删除应用的参数,如果不加强安全设置,将会带来严重安全后果。
8、二、关闭管理端口和相关统计信息:1、关闭jmx-console:删除/export/home/jboss-4.0.3SP1/server/default/deploy下目录jmx-console.war、management2、关闭web-console:/export/home/jboss-4.0.3SP1/server/default/deploy/jbossweb-tomcat55.sar下目录ROOT.war3、关闭status统计信息:修改/export/home/jboss-4.0.3SP1/server/default/deploy/ROOT.war/WEB-INF/web.xm
9、l屏蔽其中jboss的内容:粗体为添加屏蔽符号:!-display-nameWelcometoJBossdescriptionWelcometoJBoss/descriptionservletservlet-nameStatusServletservlet-classorg.jboss.web.tomcat.tc5.StatusServlet/servlet-servlet-mappingurl-pattern/status/servlet-mapping-4、删除jboss主页相目录和文件:/export/home/jboss-4.0.3SP1/server/default/deploy/R
10、OOT.war下:Manager/favicon.ico/jboss.css/jbossindex.html/logo.giflion:/export/home/jboss-4.0.3SP1/server/default/deploy/ROOT.war#rm-rfmanagerfavicon.icojboss.cssjbossindex.htmllogo.gif5、备注:三、关闭完成测试:1、http:/127.0.0.1/jmx-console2、http:/127.0.0.1/web-console3、http:/127.0.0.1/jbossindex.html4、http:/127.0
11、.0.1/status5、测试结果:测试人时间服务器jmx-consoleweb-consolestatusjbossindex.html测试jboss默认配置了以下服务:为了安全起见,需要用户通过授权进行访问。一、JMX安全配置STEP1:找到%JBOSS_HOME%/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml文件,根据说明,去掉注释。jboss-websecurity-domainjava:/jaas/jmx-console/jboss-webSTEP2:与jboss-web.xml同级目录下还有一个文件web.x
12、ml,找到其中的节点,根据说明,取消注释。security-constraintweb-resource-collectionweb-resource-nameHtmlAdaptorAnexamplesecurityconfigthatonlyallowsuserswiththeroleJBossAdmintoaccesstheHTMLJMXconsolewebapplication/*GETPOSTauth-constraintrole-nameJBossAdmin/auth-constraint/security-constraintSTEP3:在第一步中的jmx-console安全域和第
13、二步中的运行角色JBossAdmin都是在login-config.xml中配置,我们在%application-policyname=jmx-consoleauthenticationlogin-modulecode=org.jboss.security.auth.spi.UsersRolesLoginModuleflag=requiredmodule-optionname=usersPropertiesprops/jmx-console-users.propertiesrolesPropertiesprops/jmx-console-roles.properties/authenticat
14、ion/application-policy文件props/jmx-console-users.properties定义了用户名、密码;props/jmx-console-roles.properties定义了用户所属角色注:jmx-console-users.properties格式是:用户名=密码明文jmx-console-roles.properties格式是:用户名=角色1,角色2,角色3二、WEB-CONSOLE的安全配置找到%JBOSS_HOME%/server/default/deploy/management/console-mgr.sar/web-console.war/WE
15、B-INF/jboss-web.xml文件,根据说明,去掉注释。dependsjboss.admin:service=PluginManager在本目录的classes文件夹下找到web-console-users.properties和web-console-roles.properties两个文件更名为:web-consoleusers.propertiesroles.properties启动服务输入http:/localhost:8080/然后分别点击JMXConsole以及JbossWebConsole测试安全机制user.properties和role.propertie并修改users.properties其中的用户名和密码修改%JBOSS_HOME%/server/default/conf/login-config.xml中web-console节点修改为以下:到后自行修改或重新定义用户名、密码。JBOSS_HOME%/server/default/config下找到它。查找名字为:jmx-console的application-policy:http:/wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole