jboss-maven-plugin's deploy mojo does not with EAP 5.2
Environment
- JBoss Enterprise Application Platform (EAP) 5.2
Issue
When I deploy using the maven JBoss plugin, I get an error:
WARN org.jboss.jmx.adaptor.html.HtmlAdaptorServlet (HtmlAdaptorServlet.java:317) - Received request for invokeOpByName with invalid or missing CSRFToken token. This might indicate that someone is trying CSRF attack on your server.
ERROR org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/jmx-console].[HtmlAdaptor] (StandardWrapperValve.java:276) - Servlet.service() for servlet HtmlAdaptor threw exception
javax.servlet.ServletException: Operation invoke prohibited.
at org.jboss.jmx.adaptor.html.HtmlAdaptorServlet.invokeOpByName(HtmlAdaptorServlet.java:319)
at org.jboss.jmx.adaptor.html.HtmlAdaptorServlet.processRequest(HtmlAdaptorServlet.java:106)
at org.jboss.jmx.adaptor.html.HtmlAdaptorServlet.doGet(HtmlAdaptorServlet.java:81)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:534)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74)
at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)
at java.lang.Thread.run(Thread.java:662)
<profile>
<!-- run with goal "jboss:hard-deploy" -->
<id>jboss-eap-5</id>
<properties>
<host>localhost</host>
<port>8080</port>
<env-name>dev</env-name>
<serverId>jboss-eap-5</serverId>
<serverName>default</serverName>
<jboss.directory>${env.JBOSS_HOME}</jboss.directory>
<container-type>EAP5</container-type>
<soapui-test-dir>default</soapui-test-dir>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>jboss-maven-plugin</artifactId>
<version>1.5.0</version>
<configuration>
<serverId>${serverId}</serverId>
<serverName>${serverName}</serverName>
<port>${port}</port>
<jbossHome>${jboss.directory}</jbossHome>
<fileNames>
<fileName>target/${project.artifactId}.war</fileName>
</fileNames>
</configuration>
</plugin>
</plugins>
</build>
</profile>
Resolution
Create a WEB-INF/jboss-web.xml containing, and use jboss:hard-deploy instead:
<jboss-web>
<context-root>myapp</context-root>
</jboss-web>
Setting the context root is required so that the version number is not in the application name.
Root Cause
The "jboss-maven-plugin" is a third-party tool which we do not officially support, and unfortunately it does some things in a bad way. Specifically, it sends HTTP requests to the web JMX console rather than using JMX itself, which is very fragile as the exact makeup of the web interface is not a real stable API.
Recent EAP 5.x versions had some changes done to prevent CSRF attacks, and the plugin has not been modified to deal with the requirement to pass the CSRF token. If instead it was using JMX directly it would have continued to work.
As you can see on http://mojo.codehaus.org/jboss-maven-plugin/, the plugin is retired upstream and no-one is likely to work on improving it (unless you want to do so). The jboss-maven-plugin is known not to work with EAP 5.2, and there is no way to make it do so without updating the plugin's code.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.