Jboss server 4.0.2 – Enabling access logs

On Jboss AS 4.0.2 servers, the HTTP access logs, that shows requests, origin IP, time, and so on are disabled by default.

For enabling the log, we need to go to the server.xml file that is on deploy/jbossweb-tomcat55.sar. For example if we are using the default Jboss instance, we need to go to: /opt/jboss/server/default/deploy/jbossweb-tomcat55.sar

Editing the server.xml file that is on this directory we need to enable the section of the AccessLog Valve:

From this:

<!-- Access logger -->
 <!--
 <Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
 prefix="localhost_access_log." suffix=".log"
 pattern="common" directory="${jboss.server.home.dir}/log"
 resolveHosts="false" />
 -->

to this:

<!-- Access logger -->
 <Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
 prefix="localhost_access_log." suffix=".log"
 pattern="common" directory="${jboss.server.home.dir}/log"
 resolveHosts="false" />

By other words, by uncomment this XML section.
Restarting Jboss will make the access log file to appear on the log directory of the instance. For the example, this would be default/log directory.

The above configuration will create a common formatted log, but we can make the log the way we like, for example:

<Valve  className="org.apache.catalina.valves.AccessLogValve"
 prefix="access_log." suffix=".log"
 pattern="'%{X-Forwarded-For}i' %h %p %l %u %t %r %s %b '%{Referer}i'  '%{User-Agent}i'"
 directory="${jboss.server.home.dir}/log"
 resolveHosts="false" />

Note that we are using a different class for the log in this example.
For more information check out this: http://tomcat.apache.org/tomcat-4.1-doc/config/valve.html

JBoss and JAAS debug

I’m having a lot of problems debugging an application that is supposedly to be able to run on JBoss…

One of the main issues is the authentication process between the Web Container and the EJB container. For authentication the Java JAAS architecture is used. Jboss has different configuration files than BEA or WebSphere, namely the configuration file login-config.xml. In this file an application policy is defined, namely how users are validated: if they use a file with user/password, database or LDAP. In this file an application policy used by the EJB and WEB cointaner must be defined (it can be the same).

On the Web container/application side, the jboss-web.xml file on the WEB-INF folder of the Web application has the Authentication domain used for login that, of course, must match the other configuration files, in this case the login-config.xml file and the web.xml file. The web.xml file must also protect the resources that access the EJB container. This means that users must pass container authentication so a JAAS instantiation is built.

So the quick tip is:

1) Make sure that everything connects: login-config.xml<-> jboss-web.xml <-> web.xml

Content of jboss-web.xml file on the Web application WEB-INF directory:

<jboss-web><security-domain>java:/jaas/APPLICATION_DOMAIN</security-domain></jboss-web>

2) Make sure that on your web.xml file the <realm-name> on the <login-config> section matches the name on the security domain, in this case APPLICATION_DOMAIN.

3) On Jboss login-config.xml file a there should be also an <application-policy name=”APPLICATION_DOMAIN”> with the configuration that you need (Database module, LDAP module.

But this might be not enough, so if you need to debug the JAAS, you can add to the log4j.xml file the following:

On the log4j.xml file add the following sections:

<category name="org.jboss.security">
    <priority value="TRACE" class="org.jboss.logging.XLevel"/>
    <appender-ref ref="SECURITY_F"/>
</category> <appender name="SECURITY_F"
    class='org.jboss.logging.appender.DailyRollingFileAppender'>
    <param name="Append" value="true"/>
    <param name="DatePattern" value="'.'yyyy-MM-dd"/>
    <param name="File"
    value="${jboss.server.home.dir}/log/jboss.security.log"/>
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern"
            value="%d{ABSOLUTE} %-5p [%c] %m%n"/>
    </layout>
</appender>

This is more or les in the middle of the file, just where the <category-name> section begins.

With this configuration a new log file named jboss.security.log will be created with the JAAS information, so you can see what’s going on.