Using Web Valves with JBoss 7

Important notice: Valves are not supported in WildFly application server. You can replace them with Undertow Handlers. Check this tutorial for more information: Converting Tomcat Valves to Undertow Handlers

This tutorial shows how to use catalina Valves to provide additional capabilities to your JBoss Web server.

I guess tomcat users have already heard about a Valve: A Valve element represents a component that will be inserted into the request processing pipeline for the associated Catalina container (Engine, Host, or Context). There are several valves available and each one has distinct processing capabilities.

The official source of information about Tomcat Valves is Tomcat documentation
In this tutorial we will show how to apply a global valve in JBoss 7.2 (EAP 6.1) in the web subsystem. Installing a global valve is a two step process:

1) Install the Valves’ library into JBoss AS 7 as a module.
In order to do that, pickup the latest stable source of JBoss Web project (, extract and compile the classes contained in the package org.apache.catalina.valves.

Now compile these java classes and install them as a module under the modules folder. For example we have created the folder org/jboss/web-valves/main and we have placed there the file valves.jar and the following module.xml:

<module xmlns="urn:jboss:module:1.1" name="org.jboss.web-valves">

        <property name="jboss.api" value="private"/>

        <resource-root path="valves.jar"/>

        <module name="sun.jdk"/>
        <module name="javax.servlet.api"/>
        <module name=""/>


We have added at the bottom of this tutorial a pre-built valves.jar which contains all the catalina valves.

2) Now add a Valve into the AS 7 configuration file.

For example here’ how to add an AccessLogValve which logs HTTP accesses into a separate log file:

 <subsystem xmlns="urn:jboss:domain:web:1.4" default-virtual-server="default-host" native="false">
    <valve name="myvalve" module="org.jboss.web-valves" class-name="org.apache.catalina.valves.AccessLogValve">

    <param param-name="prefix" param-value="catalina_access_log."/>
    <param param-name="suffix" param-value=".txt"/>
            . . . .

Here’s another valve which can be used to deny access from an IP address.

<valve name="myvalve" module="org.jboss.web-valves" class-name="org.apache.catalina.valves.RemoteAddrValve">
    <param param-name="deny" param-value="192.168.1.*"/>

Download the valves pre-built JAR file