Installation tomcat
Télécharger et décompresser le dernier tomcat 6
Pour simplifier l'exemple on va avoir
# build.properties (ou custom.properties) server.home=/esup/tomcat6 esup.sources=/esup/uPortal_rel-${uportal.ver} esup.deploy=/esup/webapps esup.root=/esup/esup-install
Librairies
Modifier le /esup/tomcat6/conf/catalina.properties
shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar
Créer les dossiers shared/classes et shared/lib
mkdir -p /esup/tomcat6/shared/classe mkdir -p /esup/tomcat6/shared/lib
Le driver SQL
Placer le driver de base de données dans /esup/tocmat6/lib (Utiliser par le pool de connexion Tomcat)
cp /esup/esup-install/update/Tomcat/lib/mysql-connector-java-5.1.6.jar /esup/tomcat6/lib
Vous en trouverez certaine version de driver dans le package update/Tomcat/lib
Les jar du portail
- tomcat.update=true
- ant init deploy-ear
- repasser le tomcat.update=true
Contexte
Ajouter les contexts dans le portail (Attention au 2 docBase, username, password, url a adapter)
<?xml version='1.0' encoding='utf-8'?><Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <Listener className="org.apache.catalina.core.JasperListener" /> <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Service name="Catalina"> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> <Engine name="Catalina" defaultHost="localhost"> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> <Context path="" docBase="/esup/webapps/uPortal" crossContext="true" reloadable="true"> <Resource name="jdbc/PortalDb" auth="Container" type="javax.sql.DataSource" username="XXXXX" password="XXXXX" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://XXXX.univ.fr/XXXXX?autoReconnect=true" maxActive="50" maxIdle="30" maxWait="10000" poolPreparedStatements="true" removeAbandoned="true" removeAbandonedTimeout="300" /> <Manager pathname="" /> </Context> <Context path="/ResourceServingWebapp" docBase="/esup/webapps/ResourceServingWebapp" reloadable="false"> <Manager pathname=""/> </Context> <Context path="/manager" docBase="/esup/tomcat6/webapps/manager" reloadable="false" antiResourceLocking="false" privileged="true"> <Manager pathname=""/> </Context> </Host> </Engine> </Service> </Server>
Nettoyage
Supprimer les dossiers suivants :
- /esup/tomcat6/webapps/docs
- /esup/tomcat6/webapps/examples
- /esup/tomcat6/webapps/host-manager
- /esup/tomcat6/webapps/ROOT
Cassifier le manager Tomcat
Créer un dossier manager/WEB-INF/lib
mkdir /esup/tomcat6/webapps/manager/WEB-INF/lib
- Télécharger le cas-client http://www.ja-sig.org/downloads/cas-clients/
- Et en extraire cas-client-core-3.X.X.jar, commons-logging-X.X.jar
- Les placer dans /esup/tomcat6/webapps/manager/WEB-INF/lib
- Vous devrez aussi vous procurer le xercesImpl.jar http://www.apache.org/dist/xerces/j/binaries/
- Mettre le xercesImpl.jar dans /esup/tomcat6/webapps/manager/WEB-INF/lib
Filtre d'authentification
Copier SimpleCASAuthorizationFilter dans le manager
cp /esup/webapps/uPortal/WEB-INF/classes/org/esupportail/portal/utils/filter/SimpleCASAuthorizationFilter.class /esup/tomcat6/webapps/manager/WEB-INF/classes/org/esupportail/portal/utils/filter/SimpleCASAuthorizationFilter.class
web.xml
/esup/tomcat6/webapps/manager/WEB-INF/web.xml
Les filtre CAS
Attention au serverName, casServerLoginUrl, casServerUrlPrefix, LOGIN, LOGIN 2 (personne authorisées)
<!-- Server Name --> <context-param> <param-name>serverName</param-name> <param-value>XXXXXXXXX</param-value> </context-param> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <!-- CAS Authentication Filter --> <filter> <filter-name>CASFilter</filter-name> <filter-class> org.jasig.cas.client.authentication.AuthenticationFilter </filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://XXXXX/cas/login</param-value> </init-param> </filter> <!-- CAS Validation Filter --> <filter> <filter-name>CASValidation</filter-name> <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter </filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://XXXXX/cas</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter> <!-- CAS Wrapper Filter --> <filter> <filter-name>CASWrapper</filter-name> <filter-class> org.jasig.cas.client.util.HttpServletRequestWrapperFilter </filter-class> </filter> <filter> <filter-name>AuthzFilter</filter-name> <filter-class>org.esupportail.portal.utils.filter.SimpleCASAuthorizationFilter</filter-class> <init-param> <param-name>org.esupportail.portal.utils.filter.authorizedUsers</param-name> <param-value>LOGIN1 LOGIN2 ...</param-value> </init-param> </filter>
Les mappings
<filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- CAS Authentication Filter Mapping --> <filter-mapping> <filter-name>CASFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- CAS Validation Filter Mapping --> <filter-mapping> <filter-name>CASValidation</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- CAS Wrapper Filter Mapping --> <filter-mapping> <filter-name>CASWrapper</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>AuthzFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Le Listener
<listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener>
Nettoyage web.xml
- Supprimer la partie <resource-env-ref>...</resource-env-ref>
- Supprimer la partie <security-constraint>...</security-constraint>
- Supprimer la partie <login-config>...</login-config>
- Supprimer la partie <security-role>...</security-role>
Les logs Tomcat
A venir