...
Les cartes et demandes de cartes sont purgées toutes les nuits.
| Sommaire |
|---|
Vidéos de démonstration
Pour utiliser au mieux cette application de démonstration disponible en ligne, vous pouvez visualiser 3 vidéos de présentation :
...
- start.ini instance jetty - /opt/jetty-esup-sgc-demo/start.ini
Bloc de code theme RDark --module=deploy,http,jsp,jstl,websocket,ext,resources,console-capturehttp-forwarded jetty.http.port=8080
- systemd - /etc/systemd/system/jetty.http.idleTimeout=30000
jetty.threadPool.minThreads=10
jetty.threadPool.maxThreads=200
jetty.threadPool.idleTimeout=60000
jetty.console-capture.append=true
jetty.console-capture.dir=/var/log/jetty-esup-sgc-demo/
jetty.console-capture.retainDays=90-esup-sgc-demo.service
systemd - /etc/systemd/systemBloc de code theme RDark [Unit] Description=Jetty 9 Web Application Server Documentation=https://www.eclipse.org/jetty/documentation/current/ After=network.target [Service] # Configuration Environment="JETTY_HOME=/usr/share/jetty9/" Environment="JETTY_STATE=/tmp
service/jetty-esup-sgc-demo.
récupération de l'adresse client - important car les accès WS sont fonctions des adresses clients dans esup-sgc / esupn-nfc-tag - /etc/jetty9/jetty.xmlBloc de code theme RDark [Unit] Description=Jetty 9 Web Application Server Documentation=https://www.eclipse.org/jetty/documentation/current/ After=network.target [Service] # Configuration Environment="JETTY_HOMEstate" Environment="JETTY_BASE=/opt/jetty-esup-sgc-demo" Environment="JAVA_OPTS=-Djava.awt.headless=true" EnvironmentFile=-/etc/default/jetty9 # Lifecycle Type=simple ExecStart=/usr/share/jetty9/" Environment="JETTY_STATE=/tmpbin/jetty-esup-sgc-demo.state" Environment="JETTY_BASE=/opt/jetty-esup-sgc-demo" Environment="JAVA_OPTS=-Djava.awt.headless=true" EnvironmentFile=-/etc/default/jetty9 # Lifecycle Type=simple ExecStart=/usr/share/jetty9/bin/jetty.sh run SuccessExitStatus=143 Restart=on-abort # Logging SyslogIdentifier=.sh run SuccessExitStatus=143 Restart=on-abort # Logging (usage de logrotate pour la rotation) StandardOutput=file:/var/log/jetty-esup-sgc-demo/esup-sgc.log StandardError=file:/var/log/jetty-esup-sgc-demo/esup-sgc.log # Security User=jetty Group=jetty PrivateTmp=yes AmbientCapabilities=CAP_NET_BIND_SERVICE NoNewPrivileges=true WorkingDirectory=/usr/share/jetty9/ LogsDirectory=jetty-esup-sgc-demo LogsDirectoryMode=750 ProtectSystem=strict ReadWritePaths=ProtectSystem=strict ReadWritePaths=/var/lib/jetty9/ [Install] WantedBy=multi-user.target
Bloc de code language xml theme RDark ... <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> <Call name="addCustomizer"> <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg> </Call> ... - configuration apache proxypass - /etc/apache2/sites-enabled/esup-sgc-demo.univ-rouen.fr.conf
Bloc de code theme RDark ... <Location /> AuthType shibboleth ShibRequestSetting requireSession 1 require shib-session ShibUseHeaders On </Location> ProxyPreserveHost On RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port 443 ProxyPass / http://localhost:8080/ ttl=10 timeout=3600 loadfactor=100 retry=1 ProxyPassReverse / http://localhost:8080 ...
- configuration shibboleth (avec sp 3) - /etc/shibboleth/shibboleth2.xml
Bloc de code language xml theme RDark <SPConfig xmlns="urn:mace:shibboleth:3.0:native:sp:config" xmlns:conf="urn:mace:shibboleth:3.0:native:sp:config" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" clockSkew="180"> <RequestMapper type="Native"> <RequestMap applicationId="default"> <Host name="esup-sgc-demo.univ-rouen.fr" applicationId="default" authType="shibboleth" requireSession="false"/> <Host name="esup-nfc-tag-demo.univ-rouen.fr" applicationId="esup-nfc-tag-demo" authType="shibboleth" requireSession="false"/> </RequestMap> </RequestMapper> <ApplicationDefaults entityID="https://esup-sgc-demo.univ-rouen.fr" REMOTE_USER="eppn subject-id pairwise-id persistent-id" cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1"> <Sessions lifetime="28800" timeout="3600" checkAddress="false" handlerURL="/Shibboleth.sso" handlerSSL="true" cookieProps="https" relayState="ss:mem" redirectLimit="exact" idpHistory="false" idpHistoryDays="7"> <SessionInitiator type="Chaining" Location="/Login" isDefault="true" id="Login" relayState="cookie"> <SessionInitiator type="SAML2" acsIndex="1" acsByIndex="false" template="bindingTemplate.html"/> <SessionInitiator type="Shib1"/> <SessionInitiator type="SAMLDS" URL="https://discovery.renater.fr/edugain/WAYF"/> </SessionInitiator> <md:AssertionConsumerService Location="/SAML2/POST" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/> <!-- Status reporting service. --> <Handler type="Status" Location="/Status"/> <!-- Session diagnostic service. --> <Handler type="Session" Location="/Session" showAttributeValues="true"/> </Sessions> <MetadataProvider type="XML" validate="false" url="https://metadata.federation.renater.fr/renater/main/main-idps-renater-metadata.xml" backingFilePath="/etc/shibboleth/metadatas/main-idps-renater-metadata.xml" maxRefreshDelay="7200"> </MetadataProvider> <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/> <AttributeExtractor type="Metadata" errorURL="errorURL" DisplayName="displayName"/> <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/> <CredentialResolver type="File" key="esup-sgc-demo.univ-rouen.fr.key" certificate="esup-sgc-demo.univ-rouen.fr.crt"/> <ApplicationOverride id="esup-nfc-tag-demo" entityID="https://esup-nfc-tag-demo.univ-rouen.fr" homeURL="https://esup-nfc-tag-demo.univ-rouen.fr"/> </ApplicationDefaults> <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/> <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/> </SPConfig>
...