2009年12月7日

这两天从www.AskBenny.cn的google analytics 中惊奇的发现,从Google来的网络爬虫居然自己爬了Google广告,甚是惊奇.




posted @ 2009-12-07 17:27 华宗林 阅读(352) | 评论 (0)编辑 收藏

2009年1月5日

** 这个是PDF格式的原件地址,http://www.blogjava.net/Files/joey/opensso.rar ,大家可以拿去参考,但是请注意这个文档是2006年写的,后来再无更新,所以请注意版本。

     这是一个OpenSSO的实际应用实例, 因为是客户要求英文,所以只有英文版,我的英文比较烂,所以请大家包涵了. 其实如果你在用OpenSSO的时候有什么麻烦,我认为最好的求助地方是OpenSSO小组的MailList,在OpenSSO网站上有, 他们真的很热心,基本有问24小时内必复,而且都是OpenSSO小组的成员答复的.真的很棒.
 
大家对我的文章里有什么疑问也可以给我留言.还有因为原来是PDF格式的, 后转成txt格式, 所以有些地方不是很好看.请大家见谅


                Implement SSO with AD

                             Joey

                        December 26, 2006

 

Contents

1 Software Environment                                                    2

2 Create Users in AD                                                      2

3 Join Linux into Windows2003 Domain                                      2

4 Install JBoss server and JRE 5                                          3

5 Fix Windows TCP port                                                    3

6 Deploy and Cong Access Manager                                          4
 6.1 Deploy Access Manager . . . . . . . . . . . . . . . . . . . . . . .  4
 6.2 Cong Access Manager . . . . . . . . . . . . . . . . . . . . . . . .  4

7 Install Sun Java System Access Manager Policy Agent                     6

8 Make Application to support SSO                                         7

A Cong DHCP Server                                                        8

B Cong Domain controller                                                  9

C Authorize DHCP server                                                  10

 


                                1

1 Software Environment

 Roles                               Computer name       Platform

 Domain             Server,DHCP       srv-1.contoso.com   Window2003 Active Directory
 Server,DNS Server
 Application server 1                test-1.contoso.com  Win2K3/XP, JRE5.0, SJS AM
                                                       Policy Agent 2.2 For JBoss
 Application server 2                test-2.contoso.com  Win2K3/XP, JRE5.0, SJS AM
                                                       Policy Agent 2.2 For JBoss
 Access Manager server               ams.contoso.com     Ret Hat Linux, JBoss 4.02 or
                                                       above


2 Create Users in AD

Create two group in AD, add one user for each group, and create amadmin as
administrator for AM.

 User                                Group in AD

 admin                               users
 danie                               users
 amadmin                             Users


3 Join Linux into Windows2003 Domain( Only for WIndows2003 DC, Ret Hat Linux )

  1. Modify /etc/krb5.conf

           Replace ’EXAMPLE.COM’ with your domain name, replace ker-
           beros.example.com with your AD server name. (case-sensitive in this
           section,just follow this demo).


     krb5.conf sample: suppose Domain name is contoso.com,
     AD server is srv-1.contoso.com, and IP is 10.0.0.2.
     and then keep others default setting in krb5.conf


     [libdefaults]
                default_realm = CONTOSO.COM
                dns_lookup_kdc = false
                dns_lookup_realm = false


     [realms]
     CONTOSO.COM = {
                admin_server = srv-1.contoso.com:749
                default_domain = contoso.com
                kdc = 10.0.0.2:88
     }


     [domain_realm]
                .contoso.com=CONTOSO.COM

 

 

                                        2

                contoso.com=CONTOSO.COM

 


  2. Modify /etc/samba/smb.cof smb.cof sample:


         realm = contoso.com              # add this by your self.
         workgroup = CONTOSO
         security = ADS

 

  3. Get a ticket. run kinit administrator(enter the administrator password
      when prompted command) in a shell window.

      sample: kinit administrator@CONTOSO.COM

  4. Join the domain Run net join in a shell window.

      sample: net ads join

  5. restart samba or just restart system simply.


4 Install JBoss server and JRE 5

Install JBoss server and JRE 5 on Test-1.contoso.com, Test-2.contoso.com ,an
ams.contoso.com


5 Fix Windows TCP port

  1. Start Registry Editor.

  2. Locate the following subkey in the registry, and then click Parameters:
      HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

  3. On the Edit menu, click New, and then add the following registry entry:
      Value Name: MaxUserPort
      Value Type: DWORD
      Value data: 65534
      Valid Range: 5000-65534 (decimal)
      Default: 0x1388 (5000 decimal)
      Description: This parameter controls the maximum port number that is
      used when a program requests any available user port from the system.
      Typically , ephemeral (short-lived) ports are allocated between the values
      of 1024 and 5000 inclusive.

  4. Quit Registry Editor.      2

 


  2 For more information, check here http://support.microsoft.com/default.aspx?scid=kb;EN-
US;196271

 

                                            3

6 Deploy and Cong Access Manager

Do this step on ams.contoso.com


6.1 Deploy Access Manager

Copy ”opensso.war” to (JBossDIR) \ server\default\deploy


6.2 Cong Access Manager

  1. Start JBoss server.

  2. In Brower (From any client computer), access the link ”http://ams.contoso.com:8080/opensso”.
     See following picture.

  3. In Congurator page, you can change anything according your need. But
     in this case I keep all default values, just input new password in Super
     Administrator password, password is ”12345678”. And cookie Domain:
     ”.contoso.com”Click Congure button.

  4. If everything is ok, you can see this page after few seconds. and you can
     click link ”here” or wait for 5 seconds, It will be automatically redirected
     to ”Sun Java System Access Manager” login page. See following picture.

  5. And we need to login Access Manager. Type ”amadmin” for User Name,
     and ”12345678” for password.(This password is we input in 6.2.3)

  6. Cong AD Authentication After you nish 6.2.5, use this web link to
     access AM. http://ams.contoso.com:8080/opensso.

         Set Core Service.

             – Click Conguration→ Authentication → Service Name : Core

             – Select User Prole : Dynamic

             – Click ”Save”, Click ”Back to Conguration”.

         Access Control → Realm Name - opensso → Authentication, see
          pic 3.

         Cong AD Module Instances

             – Click ”New” Button in ”Module Instances”.

             – Type a Name for new Instances, we use ”AD” in here and select
                ”Active Directory” for type options, click ok. see pic-4.

             – Click ”AD” what we just created in last step. and Input ...

 


                                          4

             Item                                Values

             Primary       Active    Directory     srv-1.contoso.com:389 (remove default value)
             Server
             DN to Start User Search             dc=contoso, dc=com (remove default value)
             DN for Root User Bind               cn=administrator,cn=users,dc=contoso,
                                                dc=com (remove default value)
             Password for Root User Bind         (Password of Domain administrator)
             Password for Root User Bind         (Password of Domain administrator)
             (conrm)
             Attribute Used to Retrieve          cn
             User Prole
             Attributes Used to Search for       cn (remove default value)
             a User to be Authenticated
             Return User DN to Authenti-         DeSelected
             cate

        – ”Save” and click ”Back to Authentication”.

7. Cong Authentication Chaining.

     Click ”New” Button in ”Authentication Chaining”.

     Type a name for New Authentication Chain; we use ”ADChain” in
      there. Click ”OK” button.

     In ”AD Chain-Properties” Page, Click ”Add” button, and select
      ”AD” for Instance. See pic-5, click ”Save” and ”Back to Authen-
      tication”.

     Set Default Authentication Chain
      Authentication → General,

        – select ”ADChain” for ”Default Authentication Chain”

        – select ”ADChain” for ”Administrator Authentication Chain”

        – click ”Save” button, click ”Realms” button.

     Create Agent
      Main Page → Access Control , select OpenSSO → Subjects →
      Agent → new Agent

        ID                       Agent1
        Password                 (password)
        Password (conrm)         (password)
        Device status            Active

 


                                     5

7 Install Sun Java System Access Manager Pol-
   icy Agent

 1. Create a pasword le for following step. Just input the agent password
    into this le. sample: d:\ deploy\ password.txt

 2. Unzip Access Manager Policy Agent.

 3. Change to the following directory.
    PolicyAgent-base/bin

 4. Issue the following command, and ll the values follow this table.
    agentadmin –install

     Item                              Values

     JBoss Server Cong Directory       D:\deploy\jboss-
                                      4.0.5.GA\server\default\conf
     Access Manager Services Host      ams.contoso.com
     Access Manager Services Port      8080
     Access Manager Services Pro-      http
     tocol
     Access Manager Services De-       /opensso
     ployment URI
     Agent Host name                   test-1.contoso.com
     Agent permissions gets added      false
     to java permissions policy le
     Application Server Instance       8080
     Port number
     Protocol for Application            http
     Server instance
     Deployment URI for the Agent      /opensso
     Application
     Encryption Key                    iF95s8yb4EFZSJQ7qFKybmZdyuXvKofQ
     Agent Prole name                  Agent1
     Agent Prole Password le           d:\deploy\password.txt
     name

 


                                    6

8 Make Application to support SSO

 1. Copy amclientsdk.jar to Application lib directory.

 2. Add lter to Application.


    In web.xml, add following code.


         
                Agent
                com.sun.identity.agents.filter.AmAgentFilter
         

         
                Agent
                /*
                REQUEST
                INCLUDE
                FORWARD
                ERROR
         

 3. Get the user name who is login on.

    import com. iplanet . sso . SSOTokenManager ;
    import com. iplanet . sso . SSOToken ;
    import com. iplanet . sso . SSOException ;


    . . . . . .
           SSOTokenManager manager = SSOTokenManager .
                getInstance () ;
           SSOToken token = manager . createSSOToken ( request ) ;
            // HttpServletRequest request
            if (manager . isValidToken ( token ) )
               {
               String userDN = token . getPrincipal () . getName () ;
               String userName = userDN . substring (userDN .
                  indexOf (”=”) + 1 , userDN . indexOf (” ,”) ) ;
                System . out . println (”User DN = ” + userDN) ;
                System . out . println (”User Name = ” + userName) ;

              }
    . . . . .


 4. Deploy this application.
    If this application has been deployed before, you better undeploy it and
    clean JBoss temp directory.

 


                                     7

A Cong DHCP Server

DHCP server conguration steps, do it on srv-1.contoso.com

 1. In ”Manage You Server” click ”Add or remove a role”.

 2. ”Congure Your Server Wizard”, click ”Next”.

 3. Select ”Custom conguration”, click ”Next”.

 4. Select ”DHCP server” click ”Next”.

 5. Summary, Click ”Next”.

 6. ”New Scope Wizard” click ”Next”

 7. ”Scope Name”, set Name is ”Contoso HQ”. Click ”Next”.

 8. ”IP Address Range”, set ”start IP address” is 10.0.0.10; ”End IP address”
    is 10.0.0.254. click ”Next”

 9. ”Add Exclusions”, no need do nothing, just click ”Next”

10. ”Lease Duration”, click ”Next”.

11. ” Congure DHCP Options”, click ”Next”

12. ”Router (Default Gateway)”, set IP address 10.0.0.1, click add, next.

13. ”Domain Name and DNS servers” set parent domain as ”contoso.com”,
    for IP address, add 10.0.0.2. click ”Next”

14. ”WINS servers”, just click ”Next”.

15. ”Activate Scope”, select ”Yes, I want to active this scope now”, click
    ”next”.

16. Click nish (twice).

 


                                       8

B Cong Domain controller

Steps for cong Domain controller On server srv-1.contoso.com

  1. Run command ”DCPROMO”.

  2. ”Welcome to the Active Directory Installation Wizard”, click ”Next”.

  3. ”Operating System Compatibility”, click ”Next”.

  4. ”Domain Controller type”, select ”Domain controller for a new domain”,
     click ”Next”.

  5. ”Create New Domain”, select ”Domain in a new forest”, and click ”Next”.

  6. ”Install or Congure DNS”, select ”No, just install and congure DNS on
     this computer”, click ”Next”.

  7. ”New Domain Name”, type ”contoso.com”, clicks ”Next ”.

  8. ”NetBIOS Domain Name”, accept ”CONTOSO” as Domain NetBIOS
     Name. Click ”Next”.

  9. ”Database and Log Folders”, accept default value for Database and Log
     folder. Click ”Next”.

 10. ”Shared System Volume”, accept default for Folder location, click ”Next”.

 11. ”Permissions”, select ”Permissions compatible only with Windows 2000
     or Windows Server2003 operating systems”. Click ”Next”.

 12. ”Directory Services Restore Mode Administrator Password”, type pass-
     word, clicks ”Next”.

 13. ”Summary”, click ”Next”.

 14. ”Optional Networking Components”(a modal dialog).click ”ok”.

 15. ”Local Area Connection Properties” pops up. Select TCP/IP, assign
     10.0.0.2 to IP address, type TAB two times, assign 10.0.0.1 to Default
     gateway. Assign 127.0.0.1 to Preferred DNS server. Click ”Ok” and then
     click ”Close”.

 16. ”Completing the Active Directory Installation Wizard” click ”Finish”.

 17. Click Restart Now.

 


                                        9

C Authorize DHCP server

On server srv-1.contoso.com
Manage your Server → Manage this DHCP server → right click ”srv-1.contoso.com”,
select ”Authorize”.

 


                                  10

posted @ 2009-01-05 15:14 华宗林 阅读(8909) | 评论 (31)编辑 收藏

2006年12月14日

http://www.ftponline.com/javapro/2002_05/magazine/columns/weblication/default.aspx


The Jakarta Stuts project takes care of some of the details when combining servlets and JavaBeans with JavaServer Pages
by Peter Varhol

May 2002 Issue

The Model-View-Controller (MVC) architecture leverages the strengths of servlets and JavaServer Pages (JSP), while minimizing their weaknesses. In essence, user requests are sent to a controller servlet, which determines the nature of the request and passes it off to the appropriate handler for that request type. Each handler is associated with a particular model, which encapsulates business logic to perform a specific and discrete set of functions. Once the operation is completed, the results are sent back to the controller, which determines the appropriate view and displays it (see my Weblication column "Strut Your Stuff," April 2002).

Struts, a Jakarta project, provides a framework for writing applications using the MVC architecture. Struts uses "ActionMapping," which enables the servlet to turn user requests into application actions. ActionMapping usually specifies a request path, the object type to act upon the request, and other properties as needed.

The Action object used as a part of the ActionMapping is responsible for either handling the request and sending the response back to the appropriate view (normally a Web browser), or passing the request along to the appropriate model.

The bridge between the model and the view is a form bean that can be created by subclassing org.apache.struts.action.ActionForm. The form bean can be used to hold data from the user prior to processing, or from a model prior to display back to the user. Struts includes custom tags that can automatically populate fields from the form bean created.

In practice, here's an outline of how Struts may work. A user enters a request on a JSP page for, say, information on train schedules between two cities. The controller servlet receives the request and determines where in the application it can be processed. The Action object passes the request on to a JavaBean that contains the appropriate schedule-retrieving business logic. That business-logic bean will connect to and query the database, receive the results, and return the results to the Action object. The Action object stores the result in a form bean as a part of the request. Once all of the data needed to fulfill the request has been collected, it's ready to be formatted and displayed. The last step is when the JavaServer Page displays the result to the view in HTML form.

The Controller, Model, and View
The primary component of the controller in Struts is the servlet defined from the class ActionServlet, which is configured by the ActionMappings. The ActionMapping class represents the name and location of the Action object. When a request comes into the controller, it maps the path of the request to the location of the Action, and the request is passed off to that Action. Struts' ActionMapping classes may also contain other information that may be unique to your application, like local variables, environment-specific data, or other URIs.

The activities surrounding the controller are the key to Struts. The Struts controller servlet maps events to classes (an event generally being an HTTP POST, GET, or similar request). ActionServlet is the command part of the MVC design pattern and is the core of the Struts framework. ActionServlet creates and uses Action, an ActionForm, and ActionForward. The struts-config.xml file configures the Action. During the creation of the Web application, you extend Action and ActionForm to solve the problem of how to respond to a user's request. The struts-config.xml file instructs ActionServlet on how to use the extended classes. You can also extend ActionServlet to provide your Struts application with custom features.

This approach has several advantages. First, the entire logical flow of the application is in a hierarchical text file. This makes it easier to view and understand, especially with large applications. Second, the HTML writer doesn't have to search through Java code to understand the flow of the application to make page changes, and the Java developer doesn't have to recompile code when making flow changes.

 ActionForm maintains the session state for the Web application. ActionForm is an abstract class that is subclassed for each input form model. It represents a general concept of data that is set or updated by an HTML form. For instance, your application may have a UserActionForm that is set by an HTML Form. The Struts framework will check to see if a UserActionForm exists; if not, it creates an instance of the class. Struts will set the state of the UserActionForm using corresponding fields from the HttpServletRequest. The Struts framework updates the state of the UserActionForm before passing it to the business wrapper UserAction.

The Struts model consists of the state of the system and the actions that can be performed on it. You can use a wide variety of structures to represent the model (other servlets or JSP, for example), but most of the time you'll use JavaBeans. The JavaBean properties—or data drawn from external data sources in the case of Enterprise JavaBeans (EJBs)—represent the state, while the methods represent the actions that can be performed. The actions do not need to be defined by JavaBean methods; in simple cases, the actions can be embedded into the Action object, although this tends to blur the distinction between processing and orchestration.

The view of a Struts MVC application typically is constructed using JSP, which provide for a way of statically formatting pages using HTML or XML, plus a method for dynamically inserting customized content in response to a user request. A key aspect of Struts is its custom tag library, which provides a way to create user interfaces easily using JSP.

 The Struts framework includes custom tag libraries, which are used in a variety of ways. Although these libraries aren't required to use the framework, they contain tags that will be useful in many of your applications. Some of the Struts tag libraries included are:

    * struts-html tag library. This library can be used for creating dynamic HTML user interfaces and forms.
    * struts-bean tag library. This library provides substantial enhancements to the basic capability of bringing JavaBean code into a JSP page, which is provided by <jsp:useBean> tag.
    * struts-logic tag library. This library can manage conditional generation of output text, looping over object collections for repetitive generation of output text, and application flow management.
    * struts-template tag library. This library contains tags that are useful in creating dynamic JSP templates for pages that share a common look and feel, or common format.

You use these tag libraries just as you would any such library. Because the library is already written, all you have to do is tell the servlet engine about it. In Tomcat, you use the <taglib> tag in the web.xml file to specify the URI of the tag library, and the location of the tag library descriptor file on the Web server system.

The Small Print
The Jakarta project enables you to download either a binary distribution of Struts, or build it directly from source code. The binary usually works just fine, but if you have an unusual software platform, or want to build it as a learning experience, it's not difficult to do. Whichever you decide, Struts has several software prerequisites:

#  Java Development Kit (JDK). You have to download and install a Java 2 JDK implementation for your operating-system platform.
# Servlet container. You also have to download and install a servlet container that is compatible with the Servlet API specification, version 2.2 or later, and the JSP specification, version 1.1 or later. One good choice is to download Apache's Tomcat, which provides the ability to both serve Web pages and run servlets and JSP.
# XML parser. Struts requires the presence of an XML parser that is compatible with the Java API for XML Parsing (JAXP) specification, 1.1 or later.
# Servlet API classes. To compile Struts, or applications that use Struts, you will need a servlet.jar file containing the servlet and JSP API classes. Most servlet containers include this JAR file.
# JDBC 2.0 optional package classes. Struts supports an optional implementation of javax.sql.DataSource, so it requires that the API classes be compiled. You can download these package classes from http://java.sun.com/products/jdbc/download.html.

To use Struts to build an application, you need to follow these steps. First, copy the files lib/commons-*.jar and lib/struts.jar from the Struts distribution into the WEB-INF/lib directory of your application. Then copy the entire tag library descriptor file in lib/struts-*.tld from the Struts distribution into the WEB-INF directory of your Web application.

Once you have the files copied over, you can modify the web.xml file for your Web application to include a <servlet> element to define the controller servlet, and a <servlet-mapping> element to establish which request URIs are mapped to this servlet. If you are doing a standard installation with default directories, you can use the web.xml file from the Struts example application for an example of how to do this. Modify the web.xml file of your Web application to include the appropriate tag library declarations. Once again, you can follow the example of these declarations in the Struts example application.

After finishing the web.xml file, create a file called struts-config.xml in the WEB-INF directory that defines the action mappings and other characteristics of your specific application. Last, at the top of each JSP page that will use the Struts custom tags, add lines declaring the Struts custom tag libraries used on that particular page.

Struts was named for the type of supporting wires and frameworks used in buildings and old airplanes. Its intent is to provide a software framework to help you overcome the time-consuming aspects of applying the MVC design pattern in Web applications. You still have to learn and apply the framework, but it will accomplish some of the heavy lifting. If you want to build scalable applications combining the advantages of both servlets and JSP, Struts can get you a good part of the way there.

About the Author
Peter Varhol is a technical evangelist for Compuware Corporation. You can reach him at Peter.Varhol@ compuware.com.

posted @ 2006-12-14 16:36 华宗林 阅读(461) | 评论 (0)编辑 收藏

2006年2月11日

I am coming here..
posted @ 2006-02-11 19:31 华宗林 阅读(254) | 评论 (0)编辑 收藏
仅列出标题