Skip to main content

JBoss 4.2.2 in Windows Server 2008

A little background on this project, and why I needed to run a vulnerable JBoss instance in my environment. I have a client that wanted to demo a web app that utilizes JBoss as it's prmary middleware. The web app is completly built around JBoss 4.2.2 so unfortunately I had no other option but to use it. Eventually, if the client decides to purchase the web app I will be putting extra security on the server so that the sensitive/hackable areas of JBoss are at least password protected, and I will post directions on that accordingly. As of now the only access to the server is through a VPN into the environment. The big security issues will occur when the client wants to access the web app via the internet without the VPN...

After successfully installing JBoss (easiest part of this whole thing), the client wanted it to be turned into a Windows service, then wanted it to bind on the host IP address or host name. This is so that they can access the web app without being connect to the server via RDP. JBoss by default binds to http://localhost:8080 so initially the only way to access the web app was RDP then a web browser pointed to localhost....The best solution would be to set up an Apache server to act as the proxy to pull the localhost to a host name or IP address, but that currently is beyond the scope of work, so I had to figure out how to accomplish this with the current Windows instance. If/when the client wants to access this web app via the internet, I will be setting up the Apache server to provide the proxy connection (I will of course post accordingly). Normally this is accomplished by adding a "-b 0.0.0.0" to the end of the "run.bat" command that would be issued in the command line. But this doesn't work with JBoss as a Windows service....Burred in the depths of the JBoss forums I was able to locate one small post that held the answer to this.

And thus the lack of a straight-through document was what lead me to post this little nugget of information. My goal was to be as straight through as possible so be sure to get your Googling on if you have any issues. I am not an expert in the subject, and like any good IT person, I decided to document after I finished the install and verified that everything is functional.....So it is possible I may have missed something here or there....At any rate, good luck!

Install JBoss 4.2.2 in Windows Server 2008 and run as service
Download and install FireFox or Chrome (IE 10 and 11 gives out too many errors)
Download and install Java JKD and JRE 6u26 <this version was required by the web app>
Download JBoss zip file <found here>
Extract to c:/Program Files
Use Administrative command prompt and run the following commands:
  • cd c:\Program Files\jboss-4.2.2.GA\bin
  •  Run.bat
Test the install by opening FireFox and navigating to http://localhost:8080

Install as a Service:
Download binaries 2.0.10-windows x64 zip <found here>
Extract the file and copy from the bin directory
·        Jbosssvc
·        Jbossweb.x64
·        Jbosswebw.x64
·        README-service
·        Service.bat
Paste files into jboss-4.2.2.GA\bin directory

Necessary changes will need to be made to the service.bat file as it is originally written for JBoss 5+. You will need to locate any references to the version of JBoss and edit accordingly by replacing the version number in the file with the version number of the JBoss instillation. There are about three of these instinces at the beginning of the file under: “set SVCNAME” and “set SVCDISP”.

Use Administrative command prompt and issue commands
  • cd c:\Program Files\jboss-4.2.2.GA\bin
  • service.bat install

You should now be able to issue the net start/stop commands and/or see the new JBoss service in the services.msc. Attempt to start the service after you have installed it. If it starts without error open FireFox and navigate to http://localhost:8080  

If you receive any errors issue when attempting to start the service;

 Take note of the service name

  •   right click on the service and select Properties
  • Issue the following command in an Administrative Command propt in the JBoss "bin" directory to remove the service:
    • service.bat uninstall ; or
    • sc delete <service-name>
·        Go back to your service.bat file to make the necessary changes (you may need to do some Googling depending on the error)

Get JBoss Service to bind on any address other than “localhost”
Ideally this is done through a connected Apache server that acts as proxy between JBoss on “localhost”, but can be accomplished without the Apache server with the following:

If JBoss is running be sure to stop the service before editing the service.bat file.

In the service.bat file you will need to add “-b 0.0.0.0” after the “call run.bat” in two locations. They should be changed to the following examples:
  1.  :cmdStart
    1. call run.bat –b 0.0.0.0  < .r.lock >> run.log 2>&1
  2. :cmdRestart
    1. call run.bat –b 0.0.0.0  < .r.lock >> run.log 2>&1

Save the service.bat file and start the JBoss service. You should now be able to get to JBoss using either: http://<hostIP>:8080 or http://<hostDNSname>:8080



References:
Hideo, M (2007, October 18. Jboss application server 4.2 instillation guide.Retrieved from http://docs.jboss.org/jbossas/docs/Installation_Guide/4/pdf/Installation_Guide.pdf

Johnson, P. (2009, December 01). Re: how to provide the bind address when running jboss as a [Online forum comment]. Retrieved from https://community.jboss.org/message/206191 

running jboss web as windows service. (n.d.). retrieved from http://www.jboss.org/jbossweb/install/service.html

Comments

Popular posts from this blog

Using Python for GPG/PGP File Encryption - Part 2

Previously we looked at creating keys, importing public and private keys and the overall setup of gnupg with python. This time around, we're going to take a look at file encryption. Overall the file encryption process is fairly general/easy. But it lacks in the area of scaleablilty, ie to start, you'll only be encrypting one file at a time, which can be done outside of Python with ease. The idea of going over everything in Python, is that you can setup a script to encrypt multiple files in a folder (look for that in Part 3). Assumptions; you have python, and python-gnupg installed, and a public key from someone you want to encrypt and send files to imported to your keystore home (see Part 1 for more information here. Let's get started with Python file encryption. Start off by getting into your python shell, and enter the following: >>> import os >>> import gnupg >>> gpg_home = "/path/to/keyfile/.gnupg" >>> gpg = gnupg....

Getting Samsung Dex Configured to Work with Azure DevOps Repos

Recently, I upgraded my phone to the Samsung Galaxy Note 10+... I'm a big fan of big phones (a perk to being a big guy). I've always been intrigued with the idea of using one device for everything. Well, with the Samsung Dex application that comes built into these next gen phones, it might be possible...?  As a guy that spends a lot of time working on ARM Templates and PowerShell scripts for Azure management, I was curious to see if I could get my phone, using Dex, connected to my Azure DevOps environment and start working with repos.... Well, to my surprise, I was able to, and without much pain. So, in this post, I'll run through how I got my Dex environment setup and working with Azure DevOps Repos. Getting Started With Samsung Dex open, go to the Google Play store and install Termux ( https://play.google.com/store/apps/details?id=com.termux&hl=en_US ) Once that's installed, open it! Next, we need to gift Termux with permissions to a...

Facebook and Two-Factor Auth

So in this post, I'm going to go over a quick setup on how to turn of two-factor auth with Facebook. Facebook does some interesting things once you turn on two-factor auth. If you have the app installed on your device, it will push a login code to that device. You can also set this up with SMS and the DUO Mobile app. We'll go over all three here. For a more high-level document on 2-factor auth, see my post HERE . As I've said before, this is not meant to be an in-depth guide, but more of a how-to for those that wouldn't normally think of turning on additional security settings. With that, let's get started: 1) Fist off, log into your Facebook on a computer and go over to the little down arrow in the upper right corner and select Settings. In the settings area, you'll want to select "Security" on the left. 2) In the Security Settings, you'll need to select the Edit button in the "Login Approvals" section. You'll be presented wi...