Chinaunix首页 | 论坛 | 博客
  • 博客访问: 119794
  • 博文数量: 34
  • 博客积分: 1485
  • 博客等级: 上尉
  • 技术积分: 351
  • 用 户 组: 普通用户
  • 注册时间: 2007-05-10 11:06
文章分类

全部博文(34)

文章存档

2011年(2)

2010年(17)

2009年(4)

2008年(7)

2007年(4)

我的朋友

分类:

2009-04-24 10:48:21

sun access manager(glassfish+ldap+nginx )做权限管理

glassfish-installer-v2.1-b60e-sunos.jar
appserver_v9_agent.zip
amserver.war
jdk1.6.0_13
DSEE.6.3.Solaris-Sparc-full.tar.gz
StudioExpress-sol-sparc-2009-03-pkg.sh


环境准备

   1. 安装 Sun Studio Express 03/09 (或者 Sun Studio 12 )
 
      bash StudioExpress-sol-sparc-2009-03-pkg.sh

      Sun Studio Express 03/09 安装后的目录为 /opt/SSX0903.
   2. 安装配置 BlastWave 基本环境,并安装以下相关软件包:
    wget
       pkgadd -d ./pkgutil_sparc.pkg

      pkutil -i openssl pcre wget

   3. 调整 Solaris 10 环境

      Solaris 10 自带的 tar 功能有限而且有BUG, 一个比较彻底的办法是用 blast wave 的 gtar 取代它:

      mv /usr/sbin/tar /usr/sbin/tar.sun
      ln -s /opt/csw/bin/gtar /usr/sbin/tar

      (Solaris 10的 /usr/bin/tar 本身就是到 /usr/sbin/tar 的符号链接 )

      为了方便, 可以修改 /etc/profile 将以下内容添加到环境变量PATH:

      PATH=/opt/SSX0903/bin:/opt/csw/bin:/opt/csw/sbin:$PATH


一 、dsee 安装设置
解压缩
tar -zxf DSEE.6.3.Linux-X86-full.tar.gz
cd /DSEE_ZIP_Distribution

用./idsktune查看系统兼容性

./dsee_deploy install -i /export/home/sunds/dsee/
cd /export/home/sunds/dsee/ds6/bin
mkdir /export/home/sunds/instances
./dsadm create /export/home/sunds/instances/1
 ./dsconf create-suffix -p 2389 ,dc=zn,dc=com
二 、nginx 安装设置

 4. 下载 nginx 0.6.37 源代码

      wget -c
      tar xvfz nginx-0.6.37.tar.gz
      cd nginx-0.6.37

构造 nginx

./configure \
    --prefix=/var/nginx \
    --user=nginx --group=nginx \
    --conf-path=/var/nginx/etc/nginx.conf \
    --with-cc=/opt/SSX0903/bin/cc \
    --with-cc-opt=-I/opt/csw/include \
    --with-ld-opt="-L/opt/csw/lib  -R/opt/csw/lib" \
    --with-http_ssl_module \
    --with-http_addition_module \
    --with-http_gzip_static_module \
    --with-http_dav_module \
    --with-http_sub_module \
    --with-http_realip_module \
    --with-http_stub_status_module \
    --http-client-body-temp-path=/var/run/nginx/nginx-http-temp \
    --http-proxy-temp-path=/var/run/nginx/nginx-proxy-temp \
    --http-fastcgi-temp-path=/var/run/nginx/nginx-fastcgi-temp \
    --http-log-path=/var/log/nginx/access.log \
    --error-log-path=/var/log/nginx/error.log
    --pid-path=/var/run/nginx/nginx.pid \
    --lock-path=/var/run/nginx/nginx.lock
dmake -j 32
make install
设置nginx 两个vhosts

它的的 docmount 都proxy 到glassfish domain
am.zn.com
location / {
              
                proxy_pass     
                proxy_redirect  default;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_redirect off;
        }
agent.zn.com
  location / {
              
                proxy_pass     
                proxy_redirect  default;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_redirect off;
        }     
  可以给对这两个域名访问都传成443 也可以加入证书认证
三glassfish 安装
wget -c
java -Xmx256m -jar glassfish-installer-v2.1-b60e-sunos.jar
cd glassfish
chmod -R -x lib/ant/bin/
./lib/ant/bin/ant -f setup.xml


1.     建立一个新的glassfish domain: am
./bin/asadmin create-domain --passwordfile xx/glassfish/bin/password --portbase 10000 am
    

 

 2.    启动domainam

       $./bin/asadmin start-domain am

3.         部署amserver

       访问

        部署amserver.war

4.   设置amserver

      访问

      servers url :

      configuration directory : ~/am
     ldap :localhost
     port :2389
     dc=zn,dc=com
     cn=Directory Manager
  
5.     修domains/am/config/server.policy文件,在文件尾添加以下部分内容:

// ADDITIONS FOR Access Manager on Sun Java System Application Server
grant codeBase "file:\${com.sun.aas.instanceRoot}/applications/j2ee-modules/amserver/-" {
    permission java.net.SocketPermission "*", "connect,accept,resolve";
    permission java.util.PropertyPermission "*", "read, write";
    permission java.net.SocketPermission "*", "connect,accept,resolve";
    permission java.util.PropertyPermission "*", "read, write";
    permission java.lang.RuntimePermission "modifyThreadGroup";
    permission java.lang.RuntimePermission "setFactory";
    permission java.lang.RuntimePermission "accessClassInPackage.*";
   permission java.util.logging.LoggingPermission "control";
    permission java.lang.RuntimePermission "shutdownHooks";
    permission javax.security.auth.AuthPermission "getLoginConfiguration";
    permission javax.security.auth.AuthPermission "setLoginConfiguration";
    permission javax.security.auth.AuthPermission "modifyPrincipals";
    permission javax.security.auth.AuthPermission "createLoginContext.*";
    permission java.io.FilePermission "<>", "execute,delete";
    permission java.util.PropertyPermission "java.util.logging.config.class", "write";
    permission java.security.SecurityPermission "removeProvider.SUN";
    permission java.security.SecurityPermission "insertProvider.SUN";
    permission javax.security.auth.AuthPermission "doAs";
    permission java.util.PropertyPermission "java.security.krb5.realm", "write";
    permission java.util.PropertyPermission "java.security.krb5.kdc", "write";
    permission java.util.PropertyPermission "java.security.auth.login.config", "write";
    permission java.util.PropertyPermission "user.language", "write";
    permission javax.security.auth.kerberos.ServicePermission "*", "accept";
    permission javax.net.ssl.SSLPermission "setHostnameVerifier";
    permission java.security.SecurityPermission "putProviderProperty.IAIK";
    permission java.security.SecurityPermission "removeProvider.IAIK";
    permission java.security.SecurityPermission "insertProvider.IAIK";
};

// END OF ADDITIONS FOR Access Manager

 

6.     在AM中建立一个agent profile

  访问控制  >  领域 - sample  >  主题  >  代理  >  新建…

ID:myagent

密码:password

       在~/am

添加一个文件zn

echp password > zn

 

7.  安装 agent

  ./bin/asadmin create-domain --passwordfile xx/glassfish/bin/password --portbase 20000 agent
unzip appserver_v9_agent.zip
j2ee_agents/appserver_v9_agent/bin/agentadmin –-install

   

Application Server Config Directory :
glassfish/domains/agent/config
Application Server Instance name : server
Access Manager Services Host : am.zn.com
Access Manager Services Port : 80
Access Manager Services Protocol : http
Access Manager Services Deployment URI : /amserver
Agent Host name : agent.zn.com
Domain Administration Server Host is remote : false
Application Server Instance Port number : 80
Protocol for Application Server instance : http
Deployment URI for the Agent Application : /agentapp
Encryption Key :
Agent Profile name : myagent
Agent Profile Password file name :
~/am/zn
Agent installed on the DAS host for a remote instance : false
Agent and Access Manager on same application server instance : false

 

 
 

8.    修改~/am/AMConfig.properties

把com.iplanet.am.cookie.encode=false改成com.iplanet.am.cookie.encode=true

   $./bin/asadmin start-domain agent    
部署应用agentapps
j2ee_agents/appserver_v9_agent/etc/agentapp.war

 

重起两个domain


部署要用amserver 管理的应用
在应用的web.xml  文件里加入以下

 
          Agent
          com.sun.identity.agents.filter.AmAgentFilter
       

       
            Agent
            /*
            REQUEST
            INCLUDE
            FORWARD
            ERROR
       




阅读(2275) | 评论(0) | 转发(0) |
0

上一篇:suse 多ip固化

下一篇:ssh key login error

给主人留下些什么吧!~~