1.TW核心类
核心类com.tongweb.server.realm.JNDIRealm
2.LDAP
1.LDAP 安装
1)yum -y install openldap compat-openldap openldap-clients
openldap-servers openldap-servers-sql openldap-devel migrationtools
2)查看版本OpenLdap版本
slapd -VV
2.4.44
3)slappasswd -s 123456
xxxxxxxxxxxxxxxxxxx
4)vim /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif
末尾添加一行
//xxxxxxxxxxxxxxxxxxx 是第三步的结果
olcRootPW: xxxxxxxxxxxxxxxxxxx
修改
olcSuffix: dc=mycompany,dc=com
olcRootDN: cn=Manager,dc=mycompany,dc=com
5)vim /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif
修改如下:
olcAccess: {0}to * by dn.base=“gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth” read by dn.base=“cn=Manager,dc=mycompany,dc=com” read by * none
6)验证配置是否正确
slaptest -u
7) 启动
systemctl enable slapd
systemctl start slapd
systemctl status slapd
8)查看端口
ss -lanp | grep 389
9)配置OpenLDAP数据库
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap:ldap -R /var/lib/ldap
chmod 700 -R /var/lib/ldap
ll /var/lib/ldap/
10)导入基本Schema
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
11)修改migrate_common.ph文件
vim /usr/share/migrationtools/migrate_common.ph
修改如下变量
$DEFAULT_MAIL_DOMAIN = “mycompany.com”;
$DEFAULT_BASE = “dc=mycompany,dc=com”;
$EXTENDED_SCHEMA = 1;
2.导入base
cat > /root/base.ldif << EOF
dn: dc=mycompany,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: mycompany
o: mycompany com
dn: cn=Manager,dc=mycompany,dc=com
cn: Manager
objectClass: organizationalRole
description: Directory Manager
dn: ou=people,dc=mycompany,dc=com
objectClass: top
objectClass: organizationalUnit
ou: people
dn: uid=jjones,ou=people,dc=mycompany,dc=com
objectClass: inetOrgPerson
uid: jjones
sn: jones
cn: janet jones
mail: j.jones@mycompany.com
userPassword: janet
dn: uid=fbloggs,ou=people,dc=mycompany,dc=com
objectClass: inetOrgPerson
uid: fbloggs
sn: bloggs
cn: fred bloggs
mail: f.bloggs@mycompany.com
userPassword: fred
dn: ou=groups,dc=mycompany,dc=com
objectClass: top
objectClass: organizationalUnit
ou: groups
dn: cn=tomcat,ou=groups,dc=mycompany,dc=com
objectClass: groupOfUniqueNames
cn: tomcat
uniqueMember: uid=jjones,ou=people,dc=mycompany,dc=com
uniqueMember: uid=fbloggs,ou=people,dc=mycompany,dc=com
dn: cn=role1,ou=groups,dc=mycompany,dc=com
objectClass: groupOfUniqueNames
cn: role1
uniqueMember: uid=fbloggs,ou=people,dc=mycompany,dc=com
EOF
3.执行命令 这里的123456是密码 记得修改
ldapadd -x -w “123456” -D “cn=Manager,dc=mycompany,dc=com” -f /root/base.ldif
ldapsearch -LLL -x -D ‘cn=Manager,dc=mycompany,dc=com’ -w “123456” -b ‘dc=mycompany,dc=com’ ‘cn=role1’
也可以不带 -D和-w 匿名查询
3.编写测试用例
1)编写web.xml
Archetype Created Web Application index.html index.htm index.jsp default.html default.htm default.jsp MyApp Config Security Constraint Protected Area /* tomcat BASIC2)index.jsp
<%@ page language=“java” contentType=“text/html; charset=UTF-8”
pageEncoding=“UTF-8”%>
Hello World!
登陆用户:
<%=request.getRemoteUser() %>
用户IP:
<%=request.getRemoteAddr() %>
4.创建LDAP安全域
或者
第二种方式可以支持用户条目绑定角色,这里的,用户角色属性名称就是用户条目指定角色的属性名称,
dn: uid=jjones,ou=people,dc=mycompany,dc=com
objectClass: inetOrgPerson
uid: jjones
sn: jones
cn: janet jones
mail: j.jones@mycompany.com
st:tomcat
userPassword: janet
这种形式,这里tomcat要与角色条目对应
5.部署3创建的应用
关联创建的安全域
6.访问应用输入用户名密码
jjones/janet