[jboss-cvs] JBossAS SVN: r86447 - in projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US: extras and 1 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Sun Mar 29 22:12:54 EDT 2009


Author: Darrin
Date: 2009-03-29 22:12:53 -0400 (Sun, 29 Mar 2009)
New Revision: 86447

Added:
   projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/extras/version_boot_log.console
   projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/extras/version_check.console
   projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/extras/version_console_out.console
   projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/images/version_jmx.png
   projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/images/version_webconsole.png
Modified:
   projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/RHEL_4_RPM_List.xml
   projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/RHEL_5_RPM_List.xml
   projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Requirements_for_the_Evaluated_Configuration.xml
   projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Configuration.xml
   projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Features.xml
   projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/System_Installation.xml
Log:
version check information & assorted minor fixes

Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/RHEL_4_RPM_List.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/RHEL_4_RPM_List.xml	2009-03-29 20:32:30 UTC (rev 86446)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/RHEL_4_RPM_List.xml	2009-03-30 02:12:53 UTC (rev 86447)
@@ -3,8 +3,16 @@
 ]>
 
 <appendix id="appe-RHEL_4_RPM_List">
-<title>RPM Listings for a Red Hat Enterprise Linux 4 installation</title>
-	<itemizedlist>
+    <title>RPM Listings for a Red Hat Enterprise Linux 4 installation</title>
+
+    <para>
+    JBoss EAP for Red Hat Enterprise Linux 4 is made up of the following list of 
+    specific RPMs available from the Red Hat Network.  Although the Red Hat Network 
+    lists other RPM in addition to these only those RPMs listed here should be 
+    downloaded and used to install JBoss EAP.  
+    </para>
+
+    <itemizedlist>
 		<listitem>
 			<para>
 				antlr-2.7.6-3jpp.ep1.2.noarch.rpm

Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/RHEL_5_RPM_List.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/RHEL_5_RPM_List.xml	2009-03-29 20:32:30 UTC (rev 86446)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/RHEL_5_RPM_List.xml	2009-03-30 02:12:53 UTC (rev 86447)
@@ -3,8 +3,16 @@
 ]>
 
 <appendix id="appe-RHEL_5_RPM_List">
-<title>RPM Listings for a Red Hat Enterprise Linux 5 installation</title>
-	<itemizedlist>
+    <title>RPM Listings for a Red Hat Enterprise Linux 5 installation</title>
+
+    <para>
+    JBoss EAP for Red Hat Enterprise Linux 5 is made up of the following list of 
+    specific RPMs available from the Red Hat Network.  Although the Red Hat Network 
+    lists other RPM in addition to these only those RPMs listed here should be 
+    downloaded and used to install JBoss EAP.  
+    </para>
+
+    <itemizedlist>
 		<listitem>
 			<para>
 				asm-1.5.3-1jpp.ep1.2.el5.noarch.rpm

Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Requirements_for_the_Evaluated_Configuration.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Requirements_for_the_Evaluated_Configuration.xml	2009-03-29 20:32:30 UTC (rev 86446)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Requirements_for_the_Evaluated_Configuration.xml	2009-03-30 02:12:53 UTC (rev 86447)
@@ -13,11 +13,10 @@
             <para>JBoss EAP is evaluated on the following Java Virtual Machines (JVMs).  Only 
             these JVMs are acceptable for the  deployment of JBoss EAP.</para>
             <itemizedlist>
-                <listitem><para>Sun JRE 1.5.x &amp;1.6.x</para></listitem>
-                <listitem><para>BEA JRockit JRE 1.5.x &amp;1.6.x</para></listitem>
-                <listitem><para>HP-UX JRE 1.5.x &amp;1.6.x</para></listitem>
-                <listitem><para>IBM JRE 1.5.x &amp;1.6.x</para></listitem>
-                <listitem><para>IBM JDK 6</para></listitem>
+                <listitem><para>Sun JRE 1.5.x &amp; 1.6.x</para></listitem>
+                <listitem><para>BEA JRockit JRE 1.5.x &amp; 1.6.x</para></listitem>
+                <listitem><para>HP-UX JRE 1.5.x &amp; 1.6.x</para></listitem>
+                <listitem><para>IBM JRE 1.5.x &amp; 1.6.x</para></listitem>
             </itemizedlist>
         </section>
         
@@ -147,19 +146,28 @@
         the same management control and operate under the same security policy constraints 
         as JBoss EAP.</para>
 
+
         <section id="connectivity_requirements.cluster">
 			<title>Cluster Connectivity Requirements</title>
-			
-            <para>In case multiple instances of JBoss are joined into a cluster, it is 
-            assumed that the administrator ensures that the cluster communication network 
-            is physically separated from any other network attached to cluster nodes. In 
-            addition, the administrator has to ensure that the operating system of each 
-            cluster node is configured in a way that prevents forwarding of network traffic 
-            from any network into the separated cluster network as well as forwarding of 
-            network traffic from the cluster network to any other network.</para>
+
+            <para>
+            Your JBoss EAP instances must operate in a network segment that is logically 
+            separated from any other network segment using a packet filtering mechanism. 
+            This packet filter must only allow incoming communication that meets the 
+            following criteria:
+            </para>
+
+            <itemizedlist>
+                <listitem><para>the network protocol is TCP</para></listitem>
+                <listitem><para>the destination port is 8080 or 8443</para></listitem>
+            </itemizedlist>
+
+            <para>
+            All outgoing communication from one of the JBoss EAP instances is to be allowed.
+            </para>
             
             <para>Each cluster node communicates with the other nodes by means of standard 
-            TCP/IP sockets.  Whenever this occurs the client side of each connection has a 
+            network sockets.  Whenever this occurs the client side of each connection has a 
             port number assigned to it by the host operating system from a range of ports 
             that are reserved for client sockets.  These ports are referred to as 
             <firstterm>dynamic</firstterm> or <firstterm>ephemeral</firstterm> ports.  They 
@@ -190,14 +198,19 @@
 
         <section id="configuration_requirements-setup_configuration">
             <title>Setup Configuration</title>
-            <para>The following general configuration steps must be performed to ensure compliance 
+            <para>The following configuration steps must be performed to ensure compliance 
             with Common Criteria requirements.</para>
         
             <orderedlist>
                 <listitem>
-                    <para>Disable Simple Network Management Protocol (SNMP)</para>
-                    <para>Delete the directory 
-                    <filename><replaceable>${JBOSS_HOME}</replaceable>/server/production/deploy/snmp-adaptor.sar</filename></para>
+                    <para>
+                    Disable Simple Network Management Protocol (SNMP)
+                    </para>
+                    <para>
+                    Delete the directory 
+                    <filename><replaceable>${JBOSS_HOME}</replaceable>/server/production/deploy/snmp-adaptor.sar</filename>
+                    <screen>$ rm -rf <replaceable>${JBOSS_HOME}</replaceable>/server/production/deploy/snmp-adaptor.sar</screen>
+                    </para>
                 </listitem>
 
                 <listitem>
@@ -213,6 +226,10 @@
                         <listitem><para><filename><replaceable>${JBOSS_HOME}</replaceable>/server/production/lib/jacorb.jar</filename></para></listitem>
                         <listitem><para><filename><replaceable>${JBOSS_HOME}</replaceable>/server/production/lib/jboss-iiop.jar</filename></para></listitem>
                     </itemizedlist>
+                    <screen>$ rm <replaceable>${JBOSS_HOME}</replaceable>/server/production/conf/jacorb.properties
+$ rm <replaceable>${JBOSS_HOME}</replaceable>/server/production/deploy/iiop-service.xml
+$ rm <replaceable>${JBOSS_HOME}</replaceable>/server/production/lib/jacorb.jar
+$ rm <replaceable>${JBOSS_HOME}</replaceable>/server/production/lib/jboss-iiop.jar</screen>
                 </listitem>
 
                 <listitem>
@@ -226,25 +243,42 @@
 
                 <listitem>
                     <para>Disable Clustering High-Availability JNDI service (port 1102)</para>
-                    <para>Delete the file <filename><replaceable>${JBOSS_HOME}</replaceable>/server/production/deploy/hajndi-jms-ds.xml</filename></para>
+                    <orderedlist>
+                        <listitem>
+                            <para>
+                            delete the file <filename><replaceable>${JBOSS_HOME}</replaceable>/server/production/deploy/hajndi-jms-ds.xml</filename>
+                            <screen>rm <replaceable>${JBOSS_HOME}</replaceable>/server/production/deploy/hajndi-jms-ds.xml</screen>
+                            </para>
+                        </listitem>
+                        <listitem>
+                            <para>
+                            copy <filename>jms-ds.xml</filename> from <filename>default</filename> configuration to <filename>production</filename>:
+                            <screen>cp -p <replaceable>${JBOSS_HOME}</replaceable>/server/default/deploy/jms-ds.xml <replaceable>${JBOSS_HOME}</replaceable>/server/production/deploy/</screen>
+                            </para>        
+                        </listitem>
+                        <listitem>
+                            <para>
+                            From the file <filename><replaceable>${JBOSS_HOME}</replaceable>/server/production/deploy/cluster-service.xml</filename> comment out the following MBean definitions:
 
-                    <para>From the file <filename><replaceable>${JBOSS_HOME}</replaceable>/server/production/deploy/clustering-service.xml</filename> comment out the following MBean definitions:</para>
-
-<programlisting language="xml">&lt;mbean code="org.jboss.ha.jndi.HANamingService"
+                            <programlisting language="xml">&lt;mbean code="org.jboss.ha.jndi.HANamingService"
   name="jboss:service=HAJNDI"&gt;</programlisting>
-<programlisting language="xml">&lt;mbean code="org.jboss.invocation.unified.server.UnifiedInvokerHA"
+                            <programlisting language="xml">&lt;mbean code="org.jboss.invocation.unified.server.UnifiedInvokerHA"
   name="jboss:service=invoker,type=unifiedha"&gt;</programlisting>
-<programlisting language="xml">&lt;mbean code="org.jboss.invocation.pooled.server.PooledInvokerHA"
+                            <programlisting language="xml">&lt;mbean code="org.jboss.invocation.pooled.server.PooledInvokerHA"
   name="jboss:service=invoker,type=pooledha"&gt;</programlisting>
-<programlisting language="xml">&lt;mbean 
-  code="org.jboss.cache.invalidation.bridges.JGCacheInvalidationBridge"
-  name="jboss.cache:service=InvalidationBridge,type=JavaGroups"&gt;</programlisting>
+                            <programlisting language="xml">&lt;mbean 
+ code="org.jboss.cache.invalidation.bridges.JGCacheInvalidationBridge"
+ name="jboss.cache:service=InvalidationBridge,type=JavaGroups"&gt;</programlisting>                            
+                            
+                            </para>        
+                        </listitem>
+                    </orderedlist>
                 </listitem>
 
                 <listitem><para>Use password hashing and do not store plain text passwords on the server.</para>
                 <para>You should refer to the JBoss Enterprise Application Platform Configuration Guide, 
                 Chapter 8, Section 5.3.2 Password Hashing, for details on configuring this: 
-                <ulink url="http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.3/doc/Server_Configuration_Guide/html-single/index.html#Using_JBoss_Login_Modules-Password_Hashing">http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.3/doc/Server_Configuration_Guide/html-single/index.html#Using_JBoss_Login_Modules-Password_Hashing</ulink></para>
+                <ulink url="http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.3/doc/Server_Configuration_Guide/html/Using_JBoss_Login_Modules-Password_Hashing.html">http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.3/doc/Server_Configuration_Guide/html/Using_JBoss_Login_Modules-Password_Hashing.html</ulink></para>
                 </listitem>
 
             </orderedlist>
@@ -339,7 +373,7 @@
         <section id="sect-Common_Criteria_Guide-Overview_of_the_Security_Functions-Securing_MBean_Invokers">
         <title>Securing MBean Invokers</title>
             <para>	
-            The <filename>httpa-invoker.sar</filename> found in the deploy directory is a service 
+            The <filename>httpha-invoker.sar</filename> found in the deploy directory is a service 
             that provides RMI/HTTP access for EJBs and the JNDI Naming service. This includes a 
             servlet that processes posts of <classname>marshaled org.jboss.invocation.Invocation</classname> 
             objects that represent invocations that should be dispatched onto the MBeanServer. 
@@ -347,9 +381,14 @@
             via HTTP when sending appropriately formatted HTTP posts. This servlet has to be 
             protected against the use by unprivileged users. To secure this access point you would 
             need to secure the JMXInvokerServlet servlet found in the 
-            <filename>httpa-invoker.sar/invoker.war/WEB-INF/web.xml</filename> descriptor.
+            <filename>httpha-invoker.sar/invoker.war/WEB-INF/web.xml</filename> descriptor.  
             </para>
-
+            <para>
+            Refer to 
+            <ulink url="http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html-single/Server_Configuration_Guide/index.html#Security_on_JBoss-How_to_Secure_the_JBoss_Server">http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html-single/Server_Configuration_Guide/index.html#Security_on_JBoss-How_to_Secure_the_JBoss_Server</ulink> 
+            for additional details.
+            </para>
+            
             <para>	
             The <filename>jmx-invoker-service.xml</filename> is a service that exposes the 
             JMX MBeanServer interface via an RMI compatible interface using the RMI/JRMP detached 
@@ -360,6 +399,11 @@
             <classname>org.jboss.jmx.connector.invoker.RolesAuthorization</classname> or 
             <classname>org.jboss.jmx.connector.invoker.ExternalizableRolesAuthorization</classname>.
             </para>
+            <para>
+            Refer to 
+            <ulink url="http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html-single/Server_Configuration_Guide/index.html#Security_on_JBoss-How_to_Secure_the_JBoss_Server">http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html-single/Server_Configuration_Guide/index.html#Security_on_JBoss-How_to_Secure_the_JBoss_Server</ulink> 
+            for additional details.
+            </para>
         </section>
 
         <section id="configuration_requirements-security_configuration-JBoss_Web">
@@ -375,6 +419,12 @@
             must be set to <literal>strict</literal>. This requires the authenticated user to be 
             assigned to one of the <filename>web-app/security-role/role-name</filename> in order 
             to be authorized.</para>
+            
+            <programlisting language="xml">&lt;Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
+  certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
+allRolesMode="strict" /&gt;</programlisting> 
+            
+            
         </section>
     </section>
 
@@ -526,7 +576,7 @@
                         </listitem>
                         <listitem>
                             <para>
-                            Minor changes in Oracle JDBC driver permissions need for IBM JDK 6 
+                            Minor changes in Oracle JDBC driver permissions need for IBM JRE 1.6 
                             to pass the tests
                             </para>
                         </listitem>
@@ -588,7 +638,7 @@
 
             <para>
             Please refer to the Java documentation for information on configuring permissions 
-            in the JDK: 
+            in the JVM: 
             </para>
             <itemizedlist>
                 <listitem>
@@ -641,9 +691,9 @@
             </para>
 
             <para>
-            Any interaction with the JBoss JMX Kernel (which is the standard Java JDK MbeanServer) 
+            Any interaction with the JBoss JMX Kernel (which is the standard Java MbeanServer) 
             will require the appropriate <classname>javax.management.MBeanPermission</classname> as 
-            specified in the Java JDK MbeanServer interface:</para>
+            specified in the Java MbeanServer interface:</para>
 
             <itemizedlist>
                 <listitem>

Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Configuration.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Configuration.xml	2009-03-29 20:32:30 UTC (rev 86446)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Configuration.xml	2009-03-30 02:12:53 UTC (rev 86447)
@@ -6,29 +6,37 @@
 <chapter id="Common_Criteria_Guide-Security_Configuration">
 	<title>Launching the JBoss EAP Server</title>
     
-    <para>JBoss EAP includes startup scripts for both Linux/Unix platforms &amp; Microsoft 
+    <para>
+    JBoss EAP includes a startup script for both Linux/Unix platforms &amp; Microsoft 
     Windows as well a configuration file , <filename>run.conf</filename>, which determines 
-    the startup environment of the server. </para>
+    the startup environment of the server. For Linux and Unix installations the startup 
+    script is <filename>run.sh</filename> and on Microsoft Windows installations it is 
+    <filename>run.bat</filename>.  Regardless of platform the script is located in 
+    <filename><replaceable>$JBOSS_HOME</replaceable>/bin</filename>.
+    </para>
 
     <para>
-    The evaluated configuration of JBoss EAP has been certified both with and without 
-    the use of the Java Security Manger.   If you use the Java Security Manager, you must 
-    also use the policy settings as defined in <xref linkend="appe-security_policy" />.  
-    Operating JBoss EAP using the Java Security Manager and different policy settings is 
-    not considered to be a certified configuration.
+    JBoss EAP has been certified both with and without the use of the Java Security Manger.   
+    If you use the Java Security Manager, you must also use the policy settings as defined 
+    in <xref linkend="appe-security_policy" />.  Operating JBoss EAP using the Java Security 
+    Manager and different policy settings is not considered to be a certified configuration.
     </para>
 
     <para>
     This allows two modes of operation which affect how JBoss EAP can protect 
-    itself against the behavior of applications. These modes are discussed fully below.  
-    As the administrator of your JBoss EAP server, you must decide which mode of 
-    operation is most appropriate.
+    itself against the behavior of applications.  As the administrator of your 
+    JBoss EAP server, you must decide which mode of operation is most appropriate.
+    These modes are discussed fully below.
     </para>
     
     <section id="starting_EAP">
         <title>Starting the JBoss EAP Server</title>
-        <para>To start the server with the <firstterm>production</firstterm> 
-        configuration simply use the supplied start up script.</para>
+        <para>
+        To start the JBoss EAP server simply use the supplied start up 
+        script which is appropriate for your platform.  However you must
+        use the <command>-c</command> command parameter to specify the 
+        <filename>production</filename> server configuration.
+        </para>
         
         <example><title>Starting the JBoss EAP server on Unix or Linux</title>
         <screen>$ cd $JBOSS_HOME/bin 
@@ -38,25 +46,21 @@
         <screen>cd %JBOSS_HOME%/bin 
 $ run.bat -c production</screen></example>
 
-        <para>On a multi-homed machine, you can use the <literal>-b</literal> option
-        to force JBoss EAP to only bind to the specified IP address.</para>
-        <example><title>Starting the JBoss EAP server bound to a single ip address on Unix or Linux</title>
-        <screen>$ cd $JBOSS_HOME/bin 
-$ ./run.sh -b <replaceable>${ip_address}</replaceable> -c production</screen></example>
+        <para>
+        JBoss EAP's default behavior is to run without the use of the Java Security
+        Manager.  This means that any application deployed on JBoss EAP will be running 
+        in the same namespace as JBoss EAP itself.  In this environment it is possible 
+        that an application deployed on JBoss EAP may interfere with the execution of 
+        JBoss EAP itself either accidentally or intentionally.
+        </para>
 
-        <para>JBoss EAP's default behavior is to run without the use of the Java Security
-        Manager.  This means that any application deployed on JBoss EAP will be running in 
-        the same namespace as JBoss EAP itself.  In this environment it is possible that an 
-        application deployed on JBoss EAP may interfere with the execution of JBoss EAP 
-        itself either accidentally or intentionally.</para>
+        <para>
+        If you choose to run without using the Java Security Manger &amp; specified 
+        policy settings then you are responsible for performing your own risk analysis 
+        to ensure that deployed applications do not contain bugs that may be abused by 
+        users of the application to circumvent the security functionality of JBoss EAP.
+        </para>
 
-        <para>If you choose to run without using the Java Security Manger &amp; specified 
-        policy settings then you are responsible for performing your own risk analysis to 
-        ensure that deployed applications do not contain bugs that may be abused by users 
-        of the application to circumvent the security functionality of JBoss EAP.</para>
-
-        <para>It is only recommended to run in this mode if your deployed applications 
-        require more permissions that the included security policy allows.</para>
     </section>
 
     <section id="enabling_JSM">
@@ -73,8 +77,8 @@
 
         <warning>
             <para>
-            If you use the Java Security Manager, you configure the policy settings as explained in
-            <xref linkend="Common_Criteria_Guide-changes_to_policy" />.  Operating JBoss EAP using 
+            If you use the Java Security Manager, you must configure the policy settings as explained 
+            in <xref linkend="Common_Criteria_Guide-changes_to_policy" />.  Operating JBoss EAP using 
             the Java Security Manager with different policy settings is not considered to be a 
             certified configuration.
             </para>
@@ -99,10 +103,10 @@
         </important>
 
         <formalpara>
-            <title>IBM JDK 6 and the Java Security Manager</title>
-            <para>IBM JDK 6 uses a default policy provider which does not work correctly 
-            with the JBossEAP security policy.  You must change the JDK configuration to 
-            use the standard policy provider if you want to use IBM JDK6 to host JBossEAP 
+            <title>IBM JRE 1.6 and the Java Security Manager</title>
+            <para>IBM JRE 1.6 uses a default policy provider which does not work correctly 
+            with the JBossEAP security policy.  You must change the JRE configuration to 
+            use the standard policy provider if you want to use IBM JRE 1.6 to host JBossEAP 
             with the Java Security Manager enabled.</para>
         </formalpara>
 

Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Features.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Features.xml	2009-03-29 20:32:30 UTC (rev 86446)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Features.xml	2009-03-30 02:12:53 UTC (rev 86447)
@@ -53,7 +53,7 @@
 	
 		<para>
         For more information refer to the JBoss EAP Server Configuration Guide: 
-		<ulink url="http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html-single/Server_Configuration_Guide/">http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html-single/Server_Configuration_Guide/</ulink>
+		<ulink url="http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html/Server_Configuration_Guide/">http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html/Server_Configuration_Guide/</ulink>
 	   	</para>
     </section>
 

Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/System_Installation.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/System_Installation.xml	2009-03-29 20:32:30 UTC (rev 86446)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/System_Installation.xml	2009-03-30 02:12:53 UTC (rev 86447)
@@ -22,7 +22,8 @@
         <title>Verify the Authenticity of the Download Site.</title>
 
         <para>Red Hat JBoss Customer Support Portal and Red Hat Network are secure sites.  This is 
-        indicated by the 'lock' icon in the browser status bar. The lock may also present itself in the address bar depending on what browser you are using.</para>  
+        indicated by the 'lock' icon in the browser status bar. The lock may also present itself in 
+        the address bar depending on what browser you are using.</para>  
 
         <important>
             <para>The following images have been taken with the Firefox3 and Firefox2 web browsers. While most 
@@ -186,6 +187,15 @@
         that are available. For the certified version select 
         <guilabel>JBoss Enterprise Application Platform 4.3.0</guilabel>. </para>
 
+        <important>
+            <para>
+            Note that the menu items here refer to the version as being 
+            <guilabel>4.3.0 CP03</guilabel> while the listed files
+            use <guilabel>4.3.0.GA_CP03</guilabel> in their names.
+            They are both referring to the same version.
+            </para>
+        </important>
+
         <figure><title>Searching for the JBoss Enterprise Application Platform</title>
             <mediaobject>
                 <imageobject><imagedata fileref="images/RHN_select_version.png" /></imageobject>
@@ -207,22 +217,24 @@
         called <guimenuitem>Downloads</guimenuitem>, a list of all the downloads which 
         form the JBoss EAP will be displayed. </para>
 
-        <figure>
-            <title>JBoss EAP download file list </title>
-            <mediaobject>
-                <imageobject><imagedata fileref="images/RHN_download.png" /></imageobject>
-            </mediaobject>
-        </figure>
-
         <important>
             <para>The files listed here are those of the most recent
             JBoss Enterprise Application Server release.  Once 4.3.CP03 is 
-            superceded by another version you will have to click on the 
+            superseded by another version you will have to click on the 
             <guilabel>View ISO Images for Older Releases</guilabel> link 
             and then <guilabel>JBoss Enterprise Application Platform 4.3.0 CP03</guilabel> 
             to access the files for the evaluated configuration.</para>
         </important>
 
+        <figure>
+            <title>JBoss EAP download file list </title>
+            <mediaobject>
+                <imageobject><imagedata fileref="images/RHN_download.png" /></imageobject>
+            </mediaobject>
+        </figure>
+
+        
+
         <para>The packages listed above can be explained as follows:</para>
         
         <itemizedlist>
@@ -296,4 +308,84 @@
         </section>
     </section>
 
+    <section id="verify_version_number_installed">
+        <title>Confirming the Version of your JBoss EAP Installation</title>
+        <para>There are three ways in which you can verify the version number
+        of your JBoss EAP installation.</para>
+
+        <orderedlist>
+            <listitem>
+                <para>Using the <command>-V</command> with the startup script</para>
+                <para>
+                You can retrieve information about the version of your JBoss EAP installation by
+                running the same script used to start the server with the <command>-V</command> 
+                switch. For Linux and Unix installations this script is <filename>run.sh</filename>
+                and on Microsoft Windows installations it is <filename>run.bat</filename>.  Regardless
+                of platform the script is located in <filename><replaceable>$JBOSS_HOME</replaceable>/bin</filename>.
+                Using these scripts to actually start your server is dealt with in 
+                <xref linkend="Common_Criteria_Guide-Security_Configuration" />.
+                </para>
+                <para>
+                Running this script with the <command>-V</command> switch will not start the JBoss EAP 
+                server nor does it require the JBoss EAP server to be running.  It displays information 
+                about the JBoss EAP version and its configured Java environment.  Below is an example of 
+                using this on an installation of JBoss EAP on Red Hat Linux.  Note the version number 
+                (<literal>JBoss 4.3.0.GA_CP03</literal>) displayed as the last item before the
+                license information.
+                </para>
+                <screen><xi:include parse="text" href="extras/version_check.console" xmlns:xi="http://www.w3.org/2001/XInclude" /></screen>                
+            </listitem>
+            <listitem>
+                <para>Using the JMX Console</para>
+                <para>
+                When the JBoss EAP server is running you can retreive many details about it using the
+                JMX Console at 
+                <ulink url="http://localhost:8080/jmx-console">http://localhost:8080/jmx-console</ulink>
+                </para>
+                
+                <para>The MBean which contains the version information has the Domain Name of 
+                <classname>jboss.system</classname> and type of <classname>server</classname>.
+                It is directly accessible at 
+                <ulink url="http://localhost:8080/jmx-console/HtmlAdaptor?action=inspectMBean&amp;name=jboss.system%3Atype%3DServer">http://localhost:8080/jmx-console/HtmlAdaptor?action=inspectMBean&amp;name=jboss.system%3Atype%3DServer</ulink>.
+                The attributes that contain the version information are: 
+                <property>VersionNumber</property>, 
+                <property>Version</property> and <property>VersionName</property>.
+                </para>
+                
+                <figure>
+                    <title>Version details displayed in JMX Console</title>
+                    <mediaobject>
+                        <imageobject><imagedata fileref="images/version_jmx.png" /></imageobject>
+                    </mediaobject>
+                </figure>
+                
+            </listitem>
+
+            <listitem>
+                <para>Using the Web Console</para>
+                <para>
+                When the JBoss EAP server is running you can can retreive its version information from 
+                the first page of the Web Console as well.  This is located at 
+                <ulink url="http://localhost:8080/web-console/">http://localhost:8080/web-console/</ulink>.
+                </para>
+                <figure>
+                    <title>Version details displayed in Web Console</title>
+                    <mediaobject>
+                        <imageobject><imagedata fileref="images/version_webconsole.png" /></imageobject>
+                    </mediaobject>
+                </figure>
+            </listitem>
+            
+        </orderedlist>
+        
+
+        <para>
+        Additionally, when the server is started the version is both echoed to the 
+        console and written to 
+        <filename><replaceable>$JBOSS_HOME</replaceable>/server/production/log/boot.log</filename>:
+        </para>
+        <screen><xi:include parse="text" href="extras/version_boot_log.console" xmlns:xi="http://www.w3.org/2001/XInclude" /></screen>
+    
+    </section>
+
 </chapter>

Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/extras/version_boot_log.console
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/extras/version_boot_log.console	                        (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/extras/version_boot_log.console	2009-03-30 02:12:53 UTC (rev 86447)
@@ -0,0 +1,3 @@
+12:33:33,798 INFO  [Server] Starting JBoss (MX MicroKernel)...
+12:33:33,798 INFO  [Server] Release ID: JBoss [EAP] 4.3.0.GA_CP03 (build: 
+SVNTag=JBPAPP_4_3_0_GA_CP03 date=200810241616)
\ No newline at end of file

Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/extras/version_check.console
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/extras/version_check.console	                        (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/extras/version_check.console	2009-03-30 02:12:53 UTC (rev 86447)
@@ -0,0 +1,24 @@
+$ ./run.sh -V
+=======================================================================
+
+  JBoss Bootstrap Environment
+
+  JBOSS_HOME: /opt/JBoss/4.3.CP03/jboss-eap-4.3/jboss-as
+
+  JAVA: java
+
+  JAVA_OPTS: -Dprogram.name=run.sh -server -Xms1503m -Xmx1503m -Dsun.rm 
+i.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 
+-Dsun.lang.ClassLoader.allowArraySyntax=true -Djava.net.preferIPv4Stack 
+=true
+
+  CLASSPATH: /opt/JBoss/4.3.CP03/jboss-eap-4.3/jboss-as/bin/run.jar
+
+=======================================================================
+
+JBoss 4.3.0.GA_CP03 (build: SVNTag=JBPAPP_4_3_0_GA_CP03 date=200810241616)
+
+Distributable under LGPL license.
+See terms of license at gnu.org.
+
+$
\ No newline at end of file

Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/extras/version_console_out.console
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/extras/version_console_out.console	                        (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/extras/version_console_out.console	2009-03-30 02:12:53 UTC (rev 86447)
@@ -0,0 +1,3 @@
+12:33:33,798 INFO  [Server] Starting JBoss (MX MicroKernel)...
+12:33:33,798 INFO  [Server] Release ID: JBoss [EAP] 4.3.0.GA_CP03 (build: 
+SVNTag=JBPAPP_4_3_0_GA_CP03 date=200810241616)

Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/images/version_jmx.png
===================================================================
(Binary files differ)


Property changes on: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/images/version_jmx.png
___________________________________________________________________
Name: svn:mime-type
   + application/octet-stream

Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/images/version_webconsole.png
===================================================================
(Binary files differ)


Property changes on: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/images/version_webconsole.png
___________________________________________________________________
Name: svn:mime-type
   + application/octet-stream




More information about the jboss-cvs-commits mailing list