Commit 15570852 authored by Misagh Moayyed's avatar Misagh Moayyed
Browse files

doc updates on svc mgmt

parent b5ced2eb
......@@ -242,306 +242,20 @@ On the other hand, it is perfectly acceptable for deployments where the XML conf
service registry data and the UI will not be used.
######`JsonServiceRegistryDao`
This DAO reads services definitions from JSON configuration files at the application context initialization time. JSON files are
expected to be found inside a configured directory location and this DAO will recursively look through the directory structure to find relevant JSON files.
{% highlight xml %}
<bean id="serviceRegistryDao" class="org.jasig.cas.services.JsonServiceRegistryDao"
c:configDirectory="file:/etc/cas/json" />
{% endhighlight %}
A sample JSON file follows:
{% highlight json %}
{
"@class" : "org.jasig.cas.services.RegexRegisteredService",
"id" : 103935657744185,
"description" : "Service description",
"serviceId" : "https://**",
"name" : "testJsonFile",
"theme" : "testtheme",
"proxyPolicy" : {
"@class" : "org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
"pattern" : "https://.+"
},
"accessStrategy" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy"
},
"evaluationOrder" : 1000,
"usernameAttributeProvider" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"logoutType" : "BACK_CHANNEL",
"requiredHandlers" : [ "java.util.HashSet", [ "handler1", "handler2" ] ],
"attributeReleasePolicy" : {
"@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy",
"attributeFilter" : {
"@class" : "org.jasig.cas.services.support.RegisteredServiceRegexAttributeFilter",
"pattern" : "\\w+"
},
"allowedAttributes" : [ "java.util.ArrayList", [ "uid", "cn", "sn" ] ]
}
}
{% endhighlight %}
<div class="alert alert-warning"><strong>Clustering Services</strong><p>
You MUST consider that if your CAS server deployment is clustered, each CAS node in the cluster must have
access to the same set of JSON configuration files as the other, or you may have to devise a strategy to keep
changes synchronized from one node to the next.
</p></div>
The JSON service registry is also able to auto detect changes to the specified directory. It will monitor changes to recognize
file additions, removals and updates and will auto-refresh CAS so changes do happen instantly.
The naming convention for new JSON files is recommended to be the following:
{% highlight bash %}
JSON fileName = serviceName + "-" + serviceNumericId + ".json"
{% endhighlight %}
Based on the above formula, for example the above JSON snippet shall be named: `testJsonFile-103935657744185.json`
<div class="alert alert-warning"><strong>Duplicate Services</strong><p>
As you add more files to the directory, you need to be absolutely sure that no two service definitions
will have the same id. If this happens, loading one definition will stop loading the other. While service ids
can be chosen arbitrarily, make sure all service numeric identifiers are unique. CAS will also output warnings
if duplicate data is found.
</p></div>
[See this guide](JSON-Service-Management.html) for more info please.
######`MongoServiceRegistryDao`
This DAO uses a [MongoDb](https://www.mongodb.org/) instance to load and persist service definitions. Support is enabled by adding the following module into the Maven overlay:
{% highlight xml %}
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-integration-mongo</artifactId>
<version>${cas.version}</version>
</dependency>
{% endhighlight %}
###### Configuration
This implementation auto-configures most of the internal details.
The following configuration in `cas.properties` is required.
{% highlight properties %}
mongodb.host=mongodb database url
mongodb.port=mongodb database port
mongodb.userId=mongodb userid to bind
mongodb.userPassword=mongodb password to bind
cas.service.registry.mongo.db=Collection name to store service definitions
{% endhighlight %}
[See this guide](Mongo-Service-Management.html) for more info please.
######`LdapServiceRegistryDao`
Service registry implementation which stores the services in a LDAP Directory. Uses an instance of `LdapRegisteredServiceMapper`, that by default is `DefaultLdapRegisteredServiceMapper` in order to configure settings for retrieval, search and persistence of service definitions. By default, entries are assigned the `objectclass` `casRegisteredService` attribute and are looked up by the `uid` attribute.
{% highlight xml %}
<context:component-scan base-package="org.jasig.cas" />
<bean id="serviceRegistryDao"
class="org.jasig.cas.adaptors.ldap.services.LdapServiceRegistryDao"
p:connectionFactory-ref="pooledLdapConnectionFactory"
p:searchRequest-ref="searchRequest"
p:ldapServiceMapper-ref="ldapServiceMapper" />
<bean id="ldapServiceMapper"
class="org.jasig.cas.adaptors.ldap.services.DefaultLdapRegisteredServiceMapper"/>
{% endhighlight %}
Note that the configuration of the mapper is optional and need not explicitly exist.
<p/>
######`DefaultLdapRegisteredServiceMapper`
The default mapper has support for the following optional items:
| Field | Default Value
|-----------------------------------+--------------------------------------------------+
| `objectClass` | casRegisteredService
| `serviceDefinitionAttribute` | description
| `idAttribute` | uid
Service definitions are by default stored inside the `serviceDefinitionAttribute` attribute as JSON objects. The format and syntax of the JSON is identical to that of `JsonServiceRegistryDao`.
[See this guide](LDAP-Service-Management.html) for more info please.
######`JpaServiceRegistryDaoImpl`
Stores registered service data in a database; the preferred choice when using the service management webapp.
The following schema shall be generated by CAS automatically for brand new deployments, and must be massaged
when doing CAS upgrades:
{% highlight sql %}
create table RegisteredServiceImpl (
expression_type VARCHAR(15) DEFAULT 'ant' not null,
id bigint generated by default as identity (start with 1),
access_strategy blob(255),
attribute_release blob(255),
description varchar(255) not null,
evaluation_order integer not null,
logo varchar(255),
logout_type integer,
logout_url varchar(255),
name varchar(255) not null,
proxy_policy blob(255),
required_handlers blob(255),
public_key blob(255),
serviceId varchar(255) not null,
theme varchar(255),
username_attr blob(255),
primary key (id)
)
{% endhighlight %}
The following configuration template may be applied to `deployerConfigContext.xml` to provide for persistent
registered service storage. The configuration assumes a `dataSource` bean is defined in the context.
{% highlight xml %}
<tx:annotation-driven />
<bean id="factoryBean"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"
p:dataSource-ref="dataSource"
p:jpaVendorAdapter-ref="jpaVendorAdapter"
p:packagesToScan-ref="packagesToScan">
<property name="jpaProperties">
<props>
<prop key="hibernate.dialect">${database.hibernate.dialect}</prop>
<prop key="hibernate.hbm2ddl.auto">update</prop>
<prop key="hibernate.jdbc.batch_size">${database.hibernate.batchSize:10}</prop>
</props>
</property>
</bean>
<util:list id="packagesToScan">
<value>org.jasig.cas.services</value>
<value>org.jasig.cas.ticket</value>
<value>org.jasig.cas.adaptors.jdbc</value>
</util:list>
<bean id="jpaVendorAdapter"
class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"
p:generateDdl="true"
p:showSql="true" />
<bean id="serviceRegistryDao"
class="org.jasig.cas.services.JpaServiceRegistryDaoImpl" />
<bean id="transactionManager"
class="org.springframework.orm.jpa.JpaTransactionManager"
p:entityManagerFactory-ref="factoryBean" />
<!--
| Injects EntityManager/Factory instances into beans with
| @PersistenceUnit and @PersistenceContext
-->
<bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" />
<!--
Configuration via JNDI
-->
<bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean"
p:jndiName="java:comp/env/jdbc/cas-source" />
{% endhighlight %}
If you prefer a direct connection to the database, here's a sample configuration of the `dataSource`:
{% highlight xml %}
<bean
id="dataSource"
class="org.apache.commons.dbcp2.BasicDataSource"
p:driverClassName="org.hsqldb.jdbcDriver"
p:jdbcUrl-ref="database"
p:password=""
p:username="sa" />
{% endhighlight %}
The data source will need to be modified for your particular database (i.e. Oracle, MySQL, etc.), but the name `dataSource` should be preserved. Here is a MYSQL sample:
{% highlight xml %}
<bean
id="dataSource"
class="org.apache.commons.dbcp2.BasicDataSource"
p:driverClassName="com.mysql.jdbc.Driver"
p:url="jdbc:mysql://localhost:3306/test?autoReconnect=true"
p:password=""
p:username="sa" />
{% endhighlight %}
You will also need to change the property `hibernate.dialect` in adequacy with your database in `cas.properties` and `deployerConfigContext.xml`.
For example, for MYSQL the setting would be:
In `cas.properties`:
{% highlight bash %}
database.hibernate.dialect=org.hibernate.dialect.MySQLDialect
{% endhighlight %}
In `deployerConfigContext.xml`:
{% highlight xml %}
<prop key="hibernate.dialect">${database.hibernate.dialect}</prop>
{% endhighlight %}
You will also need to ensure that the xml configuration file contains the `tx` namespace:
{% highlight xml %}
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd">
{% endhighlight %}
Finally, when adding a new source new dependencies may be required on Hibernate, `commons-dbcp2`. Be sure to add those to your `pom.xml`. Below is a sample configuration for MYSQL. Be sure to adjust the version elements for the appropriate version number.
{% highlight xml %}
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-dbcp2</artifactId>
<version>${commons.dbcp.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>${hibernate.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>${hibernate.entitymgmr.version}</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>${mysql.connector.version}</version>
</dependency>
{% endhighlight %}
[See this guide](JPA-Service-Management.html) for more info please.
## Service Management Webapp
The Services Management web application is a standalone application that helps one manage service registrations and entries via a customizable user interface. The management web application *MUST* share the same registry configuration as
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment