19 Temmuz 2018 Perşembe

Tomcat server.xml

Giriş
TOMCAT_HOME\conf\server.xml dosyadır. Şeklen şöyledir.
<?xml version='1.0' encoding='utf-8'?>

<Server...>
  <Listener.../>

  <GlobalNamingResources>
    <Resource.../>
  </GlobalNamingResources>

  <Service name="Catalina">
    <Connector.../>
    <Engine...>
      <Realm.../>
      <Host...>
        <Context.../> 
        <Valve.../>
      </Host>
    </Engine>
  </Service>
</Server>
Listener,Service,Connector,Engine en önemli parçalar.

Cluster
Şöyle yaparız. Tomcat Cluster oluşturunca session bilgisini de farkı bir yerde saklamak gerekiyor.
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
             channelSendOptions="8">

  ...
</Cluster>
Connector
Tomcat server.xml Connector yazısına taşıdım.

Connector - keystore
server.xml HTTPS yazısına taşıdım.


Engine
Tomcat server.xml Engine yazısına taşıdım.

Host
Tomcat server.xml Engine yazısına taşıdım.

Listener
Açıklaması şöyle. org.apache.catalina.LifecycleListener arayüzünden kalıtan sınıflar kullanılır.
This element defines a component that performs actions when specific events occur.
Şöyle yaparız.
<Listener className="org.apache.catalina.core.AprLifecycleListener"
 SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
Realm
Realm Engine,Host veya Context için verilebilir. Açıklaması şöyle
The Realm component can appear inside any container component (Engine, Host, and Context).
Host için açıklama şöyle.
A Host is an association of a network name, e.g. www.yourdomain.com, to the Tomcat server.
A host can contain any number of contexts (i.e. applications). You can define several
hosts on the same server. For example, if you have registered the domain yourdomain.com,
you can define host names such as w1.yourdomain.com and w2.yourdomain.com.
Context için açıklama şöyle.
A Context is the innermost element of a group of Tomcat components called containers, and
 it represents a single web application.
Eğer realm context içinse uygulamamızda hangi kaynaklara hangi rollerin erişebileceğini tanımlarız. web.xml dosyasında şöyle yaparız.
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="..." xmlns="..." xsi:schemaLocation="..." id="..." version="3.0">
  <servlet>
   ...
  </servlet>

  <servlet-mapping>
    ...
  </servlet-mapping>

  <security-constraint>
    <display-name>Main Login Auth</display-name>
    <web-resource-collection>
      <web-resource-name>Restricted Access</web-resource-name>
      <url-pattern>/admin/*</url-pattern>     
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>        
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>     
    </user-data-constraint>
  </security-constraint>

  <security-role>
    <role-name>management</role-name>
  </security-role>
  <security-role>
    <role-name>admin</role-name>
  </security-role>

  <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>       
    </form-login-config>
  </login-config>

</web-app>
Realm için
- org.apache.catalina.realm.JNDIRealm
- org.apache.catalina.realm.JDBCRealm
- org.apache.catalina.realm.RealmBase
kullanılabilir.

XML
RealmBase XML dosyasını okur. Bazı abstract metodları override edersek şöyle yaparız.
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.realm.RealmBase;

public class MyRealm extends RealmBase {

  @Override
  protected String getName() {
    return this.getClass().getSimpleName();
  } 
  @Override
  protected String getPassword(final String username) {
    return "test123";
  }

  @Override
  protected Principal getPrincipal(final String username) {
    final List<String> roles = new ArrayList<String>();
    roles.add("tomcat");
    return new GenericPrincipal(username, "test123", roles);
  }
}
DataSourceRealm
Örnek
Şöyle yaparız.
<Realm className="org.apache.catalina.realm.DataSourceRealm" 
  dataSourceName="jdbc/auth" 
  userTable="tomcat_users"
  userCredCol="userpass" 
  userNameCol="username" 
  userRoleTable="tomcat_user_roles" 
  roleNameCol="rolename" />
JDBCRealm
Şöyle yaparız.
<Realm className="org.apache.catalina.realm.JDBCRealm"
  driverName="com.mysql.jdbc.Driver"
  connectionURL="jdbc:mysql://localhost/todo?user=tomcat&amp;password=tomcat"
  userTable="users" userNameCol="username" userCredCol="password"
  userRoleTable="user_roles" roleNameCol="rolename"/>
Elimizde iki tablo olması gerekir.
mysql> SELECT * FROM users;
+----------+----------+
| username | password |
+----------+----------+
| lal      | lal      |
| lala     | lala     |
| mad      | mada     |
| nalaka   | nalaka   |
+----------+----------+
4 rows in set (0.00 sec)

mysql> SELECT * FROM user_roles;
+----------+------------+
| username | rolename   |
+----------+------------+
| lal      | sales      |
| lala     | management |
| lala     | sales      |
| mad      | admin      |
| nalaka   | sales      |
+----------+------------+
5 rows in set (0.00 sec)
JNDIRealm
Örnek
Şöyle yaparız. Authentication  (doğrulama) için userBase, userSubtree, userSearch yeterli.
<Realm className="org.apache.catalina.realm.JNDIRealm"
  connectionURL="ldap://mycomapny.org:636" 
  userSubtree="true"
  userBase="DC=test,DC=win,DC=user,DC=org" 
  userSearch="(&amp;(sAMAccountName={0})(objectcategory=user))"
  userRoleName="memberOf" 
  roleBase="DC=test,DC=win,DC=user,DC=org" 
  roleName="cn"
  roleSearch="(member={0})" 
  roleSubtree="true" 
  roleNested="true"/>
Örnek
Şöyle yaparız.
<Realm className="org.apache.catalina.realm.JNDIRealm"
 connectionURL="ldap://stagetest.com:389"
 userPattern="uid={0},OU=entities,O=us.com"
 roleBase="CN=myGroupName,OU=Groups,O=us.com"
 roleName="CN"
 roleSearch="(member={0})" />
Örnek
Şöyle yaparız.
<Realm className="org.apache.catalina.realm.JNDIRealm"
  connectionURL="ldap://dev-dc01.dev.local:389" 
  userBase="OU=Benutzer,OU=DEV,DC=dev,DC=local"
  userSubtree="true"
  userSearch="(sAMAccountName={0})"
  userRoleName="memberOf" 
  roleBase="cn=Users,dc=dev,dc=local"
  roleName="cn"
  roleSearch="(member={0})" 
  roleSubtree="true" 
  roleNested="true"

  useDelegatedCredential="false" 
/>
Resource
Tomcat JNDI yazısına taşıdım

Service
Açıklaması şöyle.
This element represents the combination of one or more Connector components that share a single Engine Component for processing incoming requests.

Server 
Telnet ile kapatmak için şöyle yaparız.
<Server port="8005" shutdown="SHUTDOWN">
Valve
Tomcat server.xml Engine yazısına taşıdım.

WatchedResource 
Açıklaması şöyle.
WatchedResource - The auto deployer will monitor the specified static resource of the web application for updates, and will reload the web application if is is updated. The content of this element must be a string.

Gönderen zaman:
Etiketler:

Hiç yorum yok:

Yorum Gönder

Kaydol: Kayıt Yorumları (Atom)