3 | | The aim of the Thredds Admin Portal (TAP) project lies in the idea of solving the huge problem existing in the Unidata Thredds application with the management of users, roles and dataset access. The Thredds user authentication is delegated to Tomcat Basic which gets users and roles from a given Realm. In order to authorize users, Thredds checks whether the dataset is restricted and if so, gets the user roles to make a decision. TAP manages the datasource mentioned to control user access to protected datasets. |
4 | | |
5 | | === Derby datasource setup === |
6 | | |
7 | | TAP and Thredds get users and roles from a database created specifically to model all the entities and processes involved. The main idea is to include easily a database instance to work with. Derby embedded was discarded because it is not possible to access it in a production server from another JVM simultaneously. Derby network allow users to access db instances even from outside when they are running. |
8 | | To accomplish this step you need two components: |
9 | | |
10 | | - Derby 10.10.1.1 library |
11 | | - Derby database |
12 | | |
13 | | First, place the db-derby-10.10.1.1-bin library provided in a reachable folder. Second, place the preconfigured database. We suggest to include the derbydb folder provided in the Tomcat’s content folder. For example, CATALINA_HOME/content/tap/derbydb. |
14 | | The Derby database must be initialized in the Tomcat startup. Execute the following command to initialize it: |
| 3 | The aim of the ''Thredds Admin Portal'' '''(TAP)''' project lies in the idea of solving the huge problem existing in the ''Unidata Thredds'' application with the management of users, roles and dataset access. The Thredds user authentication is delegated to Tomcat Basic which gets users and roles from a given Realm. In order to authorize users, Thredds checks whether the dataset is restricted and if so, gets the user roles to make a decision. '''TAP''' manages the datasource mentioned to control user access to protected datasets. |
| 4 | |
| 5 | === Environment setup === |
| 6 | |
| 7 | '''TAP''' and ''Thredds'' get users and roles from a database created specifically to model all the entities and processes involved. The main idea is to include easily a database instance to work with. Derby network allow users to access db instances even from outside when they are running and most people are familiar with it. To accomplish this step you need two components: |
| 8 | |
| 9 | - Derby 10.10.1.1 library |
| 10 | - Derby database |
| 11 | - Apache Tomcat 7.0.59 |
| 12 | - jre 1.7.0_75 |
| 13 | |
| 14 | Attached is a preconfigured environment which includes a lib folder (appz) , the Apache Tomcat 7.0.59 with thredds and TAP deployed and the jre 1.7.0_75 |
| 15 | |
| 16 | If you want to build it by yourself, we suggest to follow these steps: |
| 17 | |
| 18 | 1. Create a deployment folder (eg. deployment_test) |
| 19 | |
| 20 | 2. Create an appz folder in deployment_test to place libraries. |
| 21 | |
| 22 | 3. Extract ''Derby 10.10.1.1'' library in /deployment_test/appz |
| 23 | |
| 24 | 4. Extract ''Tomcat 7.0.59'' or paste the customized ''Tomcat'' provided. |
| 25 | |
| 26 | 5. Place the Derby DB folder (derbydb) in $CATALINA_HOME/content/data |
| 27 | |
| 28 | |
| 29 | == Derby setup == |
| 30 | |
| 31 | To start ''Derby'' successfully add a socket permission in ''JAVA 7'' by including in ''$JRE_HOME/lib/security/java.policy'' the following line: |
| 32 | {{{ |
| 33 | permission java.net.SocketPermission "HOST:DERBY_PORT", "listen,resolve"; |
| 34 | |
| 35 | }}} |
| 36 | |
| 37 | === Start derby === |
29 | | First of all, include both derbyclient.jar and derbynet.jar in $CATALINA_HOME/lib. After doing that, we need to add a new resource called “jdbc/admin” in GlobalNamingResurces: |
30 | | |
31 | | |
32 | | {{{ |
33 | | <Resource name="jdbc/adminDB" auth="Container" type="javax.sql.DataSource" factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory" |
34 | | validationQuery="SELECT count(*) FROM users" maxActive="20" maxIdle="10" username="admin" password="adm!n" |
35 | | driverClassName="org.apache.derby.jdbc.ClientDriver" url="jdbc:derby://host:port/derbypath/derbydb" readOnly="false"/> |
| 51 | First of all, include both derbyclient.jar and derbynet.jar in $CATALINA_HOME/lib. After doing that, we need to add a new resource called “jdbc/admin” in ''GlobalNamingResurces'': |
| 52 | |
| 53 | |
| 54 | {{{ |
| 55 | <Resource name="jdbc/adminDB" auth="Container" type="javax.sql.DataSource" |
| 56 | factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory" |
| 57 | validationQuery="SELECT count(*) FROM users" maxActive="20" maxIdle="10" username="admin" password="adm!n" |
| 58 | driverClassName="org.apache.derby.jdbc.ClientDriver" |
| 59 | url="jdbc:derby://YOUR_HOST:YOUR_PORT/../content/data/derbydb" readOnly="false"/> |
63 | | recaptcha.privatekey = HASH_VALUE |
64 | | recaptcha.publickey = HASH_VALUE |
65 | | |
66 | | tap.baseurl = DEPLOYMENT_URL #For example: http://meteo.unican.es/tap |
67 | | tap.managers.email = admin@host.com, manager@host.com #People aware when users join groups |
68 | | tap.email.noreply = no-reply@your_host.com |
69 | | tap.email.admin = admin@host.com |
70 | | tap.filter.groups = TAP_USER,TAP_ADMIN #Invisible in TAP Groups. |
71 | | }}} |
72 | | |
73 | | You need to create a recaptcha https://www.google.com/recaptcha/admin#list and set both private and public keys in the file. You also need to set your base url like localhost:8080/tap, the managers emails which allow people to keep in touch of the group events (when user wants to join a group, etc) |
| 91 | recaptcha.privatekey = YOUR_RECAPTCHA_PRIVKEY |
| 92 | recaptcha.publickey = YOUR_RECAPTCHA_PUBKEY |
| 93 | |
| 94 | tap.baseurl = http://localhost:8080/tap |
| 95 | tap.managers.email = manager1@yourhost.com, manager2@yourhost.com #They will receive emails if people join groups |
| 96 | tap.email.noreply = no-reply@yourhost.com |
| 97 | }}} |
| 98 | |
| 99 | You need to create a recaptcha https://www.google.com/recaptcha/admin#list and set both private and public keys in the previous file. You also need to set your base url like localhost:8080/tap or yourhost/tap, the managers emails which allow people to keep in touch of the group events (when user wants to join a group, etc) |