DASC笔记

Java

张永朋

字数统计: 2.7k阅读时长: 13 min

 2018/10/30   Share

dasc 服务端部署：

一、windows 部署

环境成都：

三台服务器

– 172.24.16.1

tomcat 8.1 8080

webapp
   |-多归
   |-遥感
   |-指标

– 172.24.16.2

计算服务

– 172.24.16.3

zookeeper
综合服务框架

apache-tomcat-8.5.31 8090

需要修改的配置文件

webapp
    |-dasc
        |-WEB-INF
            |-classes
                |-application.properties
                |-application.properties.bak
        |-config.properties
        |-config.properties
    |-dascService
        |-WEB-INF
            |-classes
                |-application-dascService.properties
                |-application-dascService.properties.bak
    |-dasc-sso
        |-WEB-INF
            |-cas.properties
            |-cas.properties.bak
    |-dubbo_monitor
        |-WEB-INF
            |-classes
                |-application.properties
                |-application.properties.bak
                |-application-orcl.properties
                |-application-orcl.properties.bak

1. 安装基础环境：

1.1 从公司仓库拉下dasc版本

1.1.1 dasc-front-2.6.6.RELEASE.war （注：加解压后文件名dasc）

该war包为前端和后台web集成部署，改项目集成cas，实现单点登录，注：dasc为dubbo项目。
需修改配置文件：

dasc/config.properties

##统一应用安全中心配置
dist.dasc.app.service.urlPrefix=http://172.24.16.3:8090/dascService
#获取用户信息
dist.dasc.app.service.url.userInfo=/u/simpleInfo
#获取用户菜单
dist.dasc.app.service.url.userMenus=/u/menus
#获取用户身份
#dist.dasc.app.url.userIdentities=http://172.16.52.1:8078/u/identities
dist.dasc.app.url.userIdentities=u/identities
dist.dasc.app.service.url.version=version
#切换身份
dist.dasc.app.url.runas=u/runas
#应用登出地址（如果仅使用cas的filter，不能使用/u/logout，因为/u/logout只能使用ajax调用）
#dist.dasc.app.url.logout=http://172.16.52.230:9080/cas/logout?service=http://172.16.52.1:8078
#应用登出地址（如果使用安全中心的filter）
dist.dasc.app.url.logout=u/logout

注：重要参数 u/logout 退出路径

dasc/WEB-INF/classes

#当前应用标识（从安全中心的域管理中获取）
dist.dasc.app.identity=43972DD7-CF57-46AF-9D60-CED094C9E738
#当前应用访问地址，如：http://172.16.52.1:8078/dasc，如果使用集群，则必须使用负载均衡服务器的地址
dist.dasc.app.url=http://172.24.16.3:8090/dasc
dist.dasc.cas.serverUrlPrefix=http://172.24.16.3:8090/dasc-sso
##Dubbo消费者配置
dubbo.registry.address=172.24.16.3:2181
#dasc.filter.http.csp.value=default-src 'self' data: ${dist.dasc.filter.http.allowedUrls:*}; script-src 'self'  data: 'unsafe-inline' 'unsafe-eval' ${dist.dasc.filter.http.allowedUrls:*};style-src 'self' data: 'unsafe-inline' ${dist.dasc.filter.http.allowedUrls:*}

##redis配置
# 服务地址
spring.redis.host=
# 服务连接密码

注：当前应用标志dist.dasc.app.identity只适用于权限模块，而多归、或一张图的集成只是集成单点登陆的功能，不考虑权限可忽略。redis不使用可以不配置。

1.1.2 dasc-service-advance-war-2.6.6.RELEASE.war（注：解压后文件名 dascService）

该war包是dasc的service后台，提供dubbo服务，连接数据源 oracle，用户名默认dasc（具体问部署人员或相关后台）,配置文件dascService\WEB-INF\classes\application-dascService.properties。

该配置文件配置项较多，首先明确当前应用注册地址：http://172.24.16.3:8090/dascService
dasc 需要连接ldap数据源，sso默认采取ldap数据源，需要部署ldap。dasc连接ldap方便增删改。
dasc数据源配置 oracle，此处使用dasc用户。

application-dascService.properties

#当前应用地址（http://ip:port/contextPath），如:http://192.168.1.100:8110/dascService
dist.dasc.app.url=http://172.24.16.3:8090/dascService
#Cas Server访问地址前缀（http://ip:port/context），如:http://192.168.1.100:9080/cas
dist.dasc.cas.serverUrlPrefix=http://172.24.16.3:8090/dasc-sso
#是否将用户、机构实时同步到ldap，如：true/false，不设置默认为false
dist.dasc.audit.log.archive.filePath=/
##ldap配置
#ldap服务器名称，如：domain/ip
dist.dasc.ldap.serverName=172.24.16.41
#ldap服务器端口，如：port
dist.dasc.ldap.serverPort=389
#供本应用访问ldap的用户的dn，如：cn=root
dist.dasc.ldap.bindUserDn=cn=manager
#供本应用访问ldap的用户的密码
dist.dasc.ldap.bindUserPassword=tdsadmin
#保存user的ldap节点的dn，如：dc=dist
dist.dasc.ldap.userContainerDn=dc=dist
spring.datasource.url=jdbc:oracle:thin:@172.24.16.1:1521/orcl
spring.datasource.username=dgpcd
spring.datasource.password=pass
#当前应用服务器名称/域名/ip,使用多网卡时需指定监听网卡，如：192.168.1.100
dubbo.protocol.host=172.24.16.3
dubbo.protocol.port=20880
#服务监听端口,如:20885
#注册服务地址（服务器名称/域名/ip:port），如：192.168.1.111:2181
dubbo.registry.address=172.24.16.3:2181
#监控中心地址,如:192.168.1.111:6060
dubbo.monitor.address=172.24.16.3:6060
dist.dasc.filter.accessControll.bypassUrls=/rest/users/v1/loginName
#审计日志数据库保存期限（天），可选项，超过期限的日志将按天压缩为一个文档保存到归档路径中，并从数据库中删除，默认值为：180
dist.dasc.audit.log.database.storagePeriod=180
#审计日志归档路径（归档文件保存到此路径下）
dist.dasc.audit.log.archive.filePath=C:\tomcat\apache-tomcat-8.5.31\logs\dasc-service
#审计日志归档文件保存期限（天），可选项，不包含数据库保存期限，超过期限的归档文件将被删除，如果为0表示不保存归档文件，默认值为：365
dist.dasc.audit.log.archive.storagePeriod=365

spring.redis.host=

注：dasc的数据源是oracle，该文档对应dasc用户。

1.1.3 dasc-sso-3.5.2.9.RELEASE.war（注：解压后文件名 dasc-sso）

asc-sso/WEB-INF/cas.properties

##安全中心配置
#是否启用https
dasc.cas.enableHttps=false
#应用标识（与安全中心相同）
dasc.app.identity=43972DD7-CF57-46AF-9D60-CED094C9E738
#是否启用代理
dasc.login.agent.enable=false
#是否启用验证码
dasc.login.authcode.enable=false
#登录验证码长度
dasc.login.authcode.length=1
#登录验证码可用字符
dasc.login.authcode.chars=1
#登录验证码有效时间，单位：秒
dasc.login.authcode.timeout=300
#验证码是否仅可使用一次，无论验证成功还是失败
dasc.login.authcode.canOnlyUseOnce=false
#登录验证码提示信息
#dasc.login.authcode.messagePattern=【？？？？系统】您的登录验证码为：%s，将于%s秒后失效，请尽快完成操作，切勿泄露！
dasc.login.authcode.messagePattern=\u3010\uff1f\uff1f\uff1f\uff1f\u7cfb\u7edf\u3011\u60a8\u7684\u767b\u5f55\u9a8c\u8bc1\u7801\u4e3a\uff1a%s\uff0c\u5c06\u4e8e%s\u79d2\u540e\u5931\u6548\uff0c\u8bf7\u5c3d\u5feb\u5b8c\u6210\u64cd\u4f5c\uff0c\u5207\u52ff\u6cc4\u9732\uff01
#登录失败最大次数，超过后用户账户将被锁定，设置为0表示不限制。不设置时默认值为0
dasc.login.fail.maxCount = 3
#是否允许同一账户重复登录，设置为false时，系统将会踢出用户此前（在不同电脑、不同浏览器、同一浏览器隐私窗口与非隐私窗口）的登录。如果使用了代理登录，那么登录人和委托人的登录均会被踢出
dasc.login.permitDuplicate=true
#审计日志记录失败时是否允许继续登录
dasc.login.continueWhenLogFail=true
#修改密码时是否对密码进行复杂度检查
dasc.password.complexityCheck=false

#允许在本页面使用的内容的来源地址，格式为：域名/ip:port，多个地址间以空格分隔。请设置为空
dasc.filter.http.allowedUrls=

##Dubbo消费者配置
dubbo.application.name=dasc-sso
dubbo.consumer.version=2.0.0
dubbo.registry.address=172.24.16.3:2181

##redis配置
# 服务地址
spring.redis.host=
# 服务连接密码


#ldap
ldap.authentication.filter=uid=%u,dc=dist
#ldap.authentication.server.urls=ldap://172.16.52.230:389,ldap://172.16.52.1:389
ldap.authentication.server.url=ldap://172.24.16.4:389
ldap.authentication.manager.userdn=cn=manager
ldap.authentication.manager.password=tdsadmin
ldap.authentication.jndi.connect.timeout=3000
ldap.authentication.jndi.read.timeout=3000
ldap.authentication.jndi.security.level=simple

##
# Services Management Web UI Security
server.name=http://localhost:8130
server.prefix=${server.name}/cas
cas.securityContext.serviceProperties.service=${server.prefix}/services/j_acegi_cas_security_check
# Names of roles allowed to access the CAS service manager
cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN
cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${server.prefix}/login
cas.securityContext.ticketValidator.casServerUrlPrefix=${server.prefix}
# IP address or CIDR subnet allowed to access the /status URI of CAS that exposes health check information
cas.securityContext.status.allowedSubnet=127.0.0.1


cas.themeResolver.defaultThemeName=cas-theme-default
cas.viewResolver.basename=default_views

##
# Unique CAS node name
# host.name is used to generate unique Service Ticket IDs and SAMLArtifacts.  This is usually set to the specific
# hostname of the machine running the CAS node, but it could be any label so long as it is unique in the cluster.
host.name=dasc.sso

##
# Database flavors for Hibernate
#
# One of these is needed if you are storing Services or Tickets in an RDBMS via JPA.
#
# database.hibernate.dialect=org.hibernate.dialect.OracleDialect
# database.hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect
# database.hibernate.dialect=org.hibernate.dialect.HSQLDialect

##
# CAS Logout Behavior
# WEB-INF/cas-servlet.xml
#
# Specify whether CAS should redirect to the specifyed service parameter on /logout requests
# cas.logout.followServiceRedirects=false

##
# Single Sign-On Session Timeouts
# Defaults sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml
#
# Maximum session timeout - TGT will expire in maxTimeToLiveInSeconds regardless of usage, default value is 28800s(8 hours)
tgt.maxTimeToLiveInSeconds=28800
#
# Idle session timeout -  TGT will expire sooner than maxTimeToLiveInSeconds if no further requests
# for STs occur within timeToKillInSeconds, default value is 7200s(2 hours)
tgt.timeToKillInSeconds=7200

##
# Service Ticket Timeout
# Default sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml
#
# Service Ticket timeout - typically kept short as a control against replay attacks, default is 10s.  You'll want to
# increase this timeout if you are manually testing service ticket creation/validation via tamperdata or similar tools
# st.timeToKillInSeconds=10

##
# Single Logout Out Callbacks
# Default sourced from WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml
#
# To turn off all back channel SLO requests set slo.disabled to true
# slo.callbacks.disabled=false

##
# Service Registry Periodic Reloading Scheduler
# Default sourced from WEB-INF/spring-configuration/applicationContext.xml
#
# Force a startup delay of 2 minutes.
# service.registry.quartz.reloader.startDelay=120000
#
# Reload services every 2 minutes
# service.registry.quartz.reloader.repeatInterval=120000

##
# Log4j
# Default sourced from WEB-INF/spring-configuration/log4jConfiguration.xml:
#
# It is often time helpful to externalize log4j.xml to a system path to preserve settings between upgrades.
# e.g. log4j.config.location=/etc/cas/log4j.xml
# log4j.config.location=classpath:log4j.xml
#
# log4j refresh interval in millis
# log4j.refresh.interval=60000

注：dasc 集成的cas的数据源是ldap，使用该数据源的原因是查询速度快，用于用户校验。

1.1.4 dubbo_monitor（注：从韦爷github拉取项目）

dubbo_monitor/WEB-INF/classes/application.properties

##
# Copyright 2006-2014 handu.com.
#  
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#  
#      http://www.apache.org/licenses/LICENSE-2.0
#  
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dubbo.application.name=dubbo-monitor
dubbo.application.owner=
dubbo.registry.address=zookeeper://172.24.16.3:2181
dubbo.protocol.port=2181

# Database Settings
#jdbc:mysql://192.168.1.166:3306/dubbo_monitor?prepStmtCacheSize=517&cachePrepStmts=true&autoReconnect=true&characterEncoding=utf-8
db.url=jdbc:oracle:thin:@172.24.16.4:1521/orcl
db.username=MONITOR
db.password=MONITOR
db.maxActive=500

# System Manager
manager.username=admin
manager.password=admin

dubbo_monitor/WEB-INF/classes/application.properties

##
# Copyright 2006-2014 handu.com.
#  
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#  
#      http://www.apache.org/licenses/LICENSE-2.0
#  
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
dubbo.application.name=dubbo-monitor
dubbo.application.owner=
dubbo.registry.address=zookeeper://172.24.16.4:2181
dubbo.protocol.port=6060

# Database Settings
#jdbc:mysql://192.168.1.166:3306/dubbo_monitor?prepStmtCacheSize=517&cachePrepStmts=true&autoReconnect=true&characterEncoding=utf-8
db.url=jdbc:oracle:thin:@172.24.16.4:1521:orcl
db.username=monitor
db.password=monitor
db.maxActive=500

# System Manager
manager.username=admin
manager.password=admin

注：需要创建monitor用户，记录监控日志。该项目不部署不会影响dasc及cas的运行。

二、linux 部署（待续）

dasc 客户端部署

dasc 客户端集成方式：

仅集成sso，请参考cas整理.md文档，进行配置。
针对flex项目，集成dasc会抛出amf协议无法识别的异常。原因是dasc更改了请求头的参数，不满足amf协议报错。

dubbo 项目集成：详见成都集成记录。

TOP

Next Post

Vue+iView+Webpack环境下IE浏览器兼容处理
Previous Post

CAS笔记

CATALOG

1. dasc 服务端部署：
1. 1.1. 一、windows 部署
  1. 1.1.1. 1. 安装基础环境：
2. 1.2. 二、linux 部署（待续）
2. dasc 客户端部署

