-
Notifications
You must be signed in to change notification settings - Fork 2
ConfiguringWebApplication
As all web applications, JEM webapp is configured in /WEB-INF/ system folder, where you could find all libraries, classes and configuration files (in the config folder).
The main configuration file is web.xml, of course. It contains the following sections:
- Servlet Context Listener definition
- REST component definition
- RPC and servlet defintion
- GWT main page
JEM starts inside a servlet container as context listener. It uses some properties to initialize the web application. Here are needed properties:
- hazelcast.config: sets Hazelcast configuration file name, to load to starts it. The configuration file is already explained in Configuring Hazelcast configuration file section.
- shiroConfigLocations: sets Apache Shiro configuration file name, to load to starts it. The configuration file will be explained in next section.
Here is a sample of that:
<!-- **********************************************************
| Startup of JEM web app, extending Apache SHIRO for security|
********************************************************** -->
<listener>
<listener-class>org.pepstock.jem.gwt.server.listeners.StartUp</listener-class>
</listener>
<context-param>
<param-name>shiroConfigLocations</param-name>
<param-value>/WEB-INF/config/jem-node-shiro.ini</param-value>
</context-param>
<context-param>
<param-name>hazelcast.config</param-name>
<param-value>/WEB-INF/config/jem-env-hazelcast.xml</param-value>
</context-param>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>There are some optional properties that you can set for several purposes:
- jem.logo.url: sets the logo to use in login page. If missing, JEM tries image file, called logo.png on root folder of web application. If missing again, it uses Pepstock logo.
-
jem.logo.link: sets the link to call when you click on logo. If missing, JEM uses
[http://www.pepstock.org http://www.pepstock.org]. -
jem.check.version: is a boolean property. If
true, the JEM node check if the cluster has the same version and if not, it throws an Exception. Default isfalse.
Here is a sample:
<context-param>
<param-name>jem.logo.url</param-name>
<param-value>http://www.pepstock.org/resources/jem_the_bee-logo.png</param-value>
</context-param>
<context-param>
<param-name>jem.logo.link</param-name>
<param-value>http://www.pepstock.it</param-value>
</context-param>
<context-param>
<param-name>jem.check.version</param-name>
<param-value>false</param-value>
</context-param>In the REST section, you can configure Jersey startup. Be careful defining the url-pattern for REST calls (in this case /jem_gwt/rest/)
Here is a sample of that:
<!-- **********************************************************
| Startup of REST, component of JEM |
********************************************************** -->
<servlet>
<servlet-name>RestService</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>org.pepstock.jem.gwt.server.rest</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>RestService</servlet-name>
<url-pattern>/jem_gwt/rest/*</url-pattern>
</servlet-mapping>In the this section, you can configure all RPC managers used by Google Web Toolkit and other servlets, for internal use only.
Here is the complete list of services:
<!-- **********************************************************
| List of servlets, both GWT and JEM ones |
********************************************************** -->
<servlet>
<servlet-name>submit</servlet-name>
<servlet-class>org.pepstock.jem.gwt.server.servlet.Submit</servlet-class>
</servlet>
<servlet>
<servlet-name>getJobById</servlet-name>
<servlet-class>org.pepstock.jem.gwt.server.servlet.GetJobById</servlet-class>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.pepstock.jem.gwt.server.servlet.CommonResources</servlet-class>
</servlet>
<servlet>
<servlet-name>login</servlet-name>
<servlet-class>org.pepstock.jem.gwt.server.servlet.Login</servlet-class>
</servlet>
<servlet>
<servlet-name>logout</servlet-name>
<servlet-class>org.pepstock.jem.gwt.server.servlet.Logout</servlet-class>
</servlet>
<servlet>
<servlet-name>getClusterGroupName</servlet-name>
<servlet-class>org.pepstock.jem.gwt.server.servlet.GetClusterGroupName</servlet-class>
</servlet>
<servlet>
<servlet-name>getClusterMembers</servlet-name>
<servlet-class>org.pepstock.jem.gwt.server.servlet.GetClusterMembers</servlet-class>
</servlet>
<servlet>
<servlet-name>commonResourcesManager</servlet-name>
<servlet-class>org.pepstock.jem.gwt.server.CommonResourcesManagerServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>jobsManager</servlet-name>
<servlet-class>org.pepstock.jem.gwt.server.JobsManagerServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>loginManager</servlet-name>
<servlet-class>org.pepstock.jem.gwt.server.LoginManagerServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>submitter</servlet-name>
<servlet-class>org.pepstock.jem.gwt.server.SubmitManagerServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>rolesManager</servlet-name>
<servlet-class>org.pepstock.jem.gwt.server.RolesManagerServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>statsManager</servlet-name>
<servlet-class>org.pepstock.jem.gwt.server.StatisticsManagerServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>infoService</servlet-name>
<servlet-class>org.pepstock.jem.gwt.server.InfoServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>nodesManager</servlet-name>
<servlet-class>org.pepstock.jem.gwt.server.NodesManagerServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>statsManager</servlet-name>
<url-pattern>/jem_gwt/statsManager</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>infoService</servlet-name>
<url-pattern>/jem_gwt/infoService</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>jobsManager</servlet-name>
<url-pattern>/jem_gwt/jobsManager</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>submitter</servlet-name>
<url-pattern>/jem_gwt/submitter</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>commonResourcesManager</servlet-name>
<url-pattern>/jem_gwt/commonResourcesManager</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>nodesManager</servlet-name>
<url-pattern>/jem_gwt/nodesManager</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>loginManager</servlet-name>
<url-pattern>/jem_gwt/loginManager</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>rolesManager</servlet-name>
<url-pattern>/jem_gwt/rolesManager</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>submit</servlet-name>
<url-pattern>/servlet/submit</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>getJobById</servlet-name>
<url-pattern>/servlet/getJobById</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/servlet/resources</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>login</servlet-name>
<url-pattern>/servlet/login</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>logout</servlet-name>
<url-pattern>/servlet/logout</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>getClusterGroupName</servlet-name>
<url-pattern>/servlet/getClusterGroupName</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>getClusterMembers</servlet-name>
<url-pattern>/servlet/getClusterMembers</url-pattern>
</servlet-mapping>JEM webapp is build using Google Web Toolkit. With this framework, you usually have a single page with the whole application.
Here is Google Web Toolkit main page definition:
<!-- **********************************************************
| Default page to serve |
********************************************************** -->
<welcome-file-list>
<welcome-file>JEM_gwt.html</welcome-file>
</welcome-file-list>Using Apache Shiro, JEM has a powerful and easy-to-use security framework that performs authentication, authorization, and session management.
In a web context, Apache Shiro needs to be activated by a filter, as following:
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Before the filter start-up, Apache Shiro configuration is mandatory, by a properties file and set by the configuration context property. Here is a sample configuration file for Apache Shiro. It's just an example, because the authentication part depends on environment where it runs.
#
#
# =============================================================================
[main]
myRealm = org.pepstock.jem.gwt.server.security.NullAuthenticatorRealm
myRealm.users = root[administrators], admin[administrators], normal[normals], grantor[grantors]
securityManager.realms = $myRealm
cacheManager = org.pepstock.jem.gwt.server.security.JemCacheManager
securityManager.cacheManager = $cacheManagerThis example is the configuration OOTB of Apache Shiro, the file is jem-node-shiro.ini.
In the .users properties, you're defining the list of possible users who can login in the web application. It's mandatory to have grantor because for the first installation phase, NullAuthenticatorRealm defines that user as first user. After grantor connected, defined at least one administrator and logged off, the user is automatically removed from grantor role.
Nonetheless JEM provides a helpful LDAP authentication (extending the Apache Shiro one) and internal authorization engine. The file is jem-node-ldap-shiro.ini.
Here is a sample configuration file:
#
#
# =============================================================================
[main]
myRealm = org.pepstock.jem.gwt.server.security.ExtendedJndiLdapRealm
myRealm.attributes = uid, sn, deptCode, deptName, mail, telephoneNumber
myRealm.firstInstallationUserid = USER for first installation
myRealm.userNameAttribute = sn
myRealm.orgUnitIdAttribute = deptCode
myRealm.orgUnitNameAttribute = deptName
myRealm.systemProperties[javax.net.ssl.trustStore] = Folder with keyStore
myRealm.userDnTemplate = uid={0},ou=unit,dc=pepstock,dc=org
myRealm.contextFactory.environment[java.naming.provider.url] = ldap://ldap.pepstock.org:636/
myRealm.contextFactory.environment[java.naming.security.authentication] = simple
myRealm.contextFactory.environment[java.naming.security.protocol] = ssl
securityManager.realms = $myRealm
cacheManager = org.pepstock.jem.gwt.server.security.JemCacheManager
securityManager.cacheManager = $cacheManagerUsing JEM realm (org.pepstock.jem.gwt.server.security.ExtendedJndiLdapRealm), you can define all attributes you want to have in your principals, by .attributes directive.
The following directives are working for:
- .firstInstallationUserid: indicates userid in LDAP who can proceed when you're in the first installation. JEM adds this user to grantor role so it can add at least one administrator. After it logged off, JEM automatically removes it from grantor role.
- .userNameAttribute: indicates the LDAP attribuite used to extract user name.
- .orgUnitIdAttribute: indicates the LDAP attribuite used to extract organizational unit identifier.
- .orgUnitNameAttribute: indicates the LDAP attribuite used to extract organizational unit name.
This is very helpful to authorize groups instead of single user to permissions and roles. All other directives are usual properties necessary to connect to a LDAP system. Please note the usage of cache, very helpful to improve the performance.
- Introduction
- Installation
- Configuration
- Job Execution
- JCL
- User Interfaces
- Security
- REST api
- Features
- Log Messages
- Sandbox
- Software Quality
- Some performance data