# Changes between Version 10 and Version 11 of tap

Ignore:
Timestamp:
Mar 9, 2015 6:26:04 PM (7 years ago)
Comment:

--

### Legend:

Unmodified
 v10 == What is TAP == The aim of the Thredds Admin Portal (TAP) project lies in the idea of solving the huge problem existing in the Unidata Thredds application with the management of users, roles and dataset access. The Thredds user authentication is delegated to Tomcat Basic which gets users and roles from a given Realm. In order to authorize users, Thredds checks whether the dataset is restricted and if so, gets the user roles to make a decision. TAP manages the datasource mentioned to control user access to protected datasets. === Derby datasource setup === TAP and Thredds get users and roles from a database created specifically to model all the entities and processes involved. The main idea is to include easily a database instance to work with. Derby embedded was discarded because it is not possible to access it in a production server from another JVM simultaneously. Derby network allow users to access db instances even from outside when they are running. To accomplish this step you need two components: -       Derby 10.10.1.1 library -       Derby database First, place the db-derby-10.10.1.1-bin library provided in a reachable folder. Second, place the preconfigured database. We suggest to include the derbydb folder provided in the Tomcat’s content folder. For example, CATALINA_HOME/content/tap/derbydb. The Derby database must be initialized in the Tomcat startup. Execute the following command to initialize it: The aim of the ''Thredds Admin Portal'' '''(TAP)''' project lies in the idea of solving the huge problem existing in the ''Unidata Thredds'' application with the management of users, roles and dataset access. The Thredds user authentication is delegated to Tomcat Basic which gets users and roles from a given Realm. In order to authorize users, Thredds checks whether the dataset is restricted and if so, gets the user roles to make a decision. '''TAP''' manages the datasource mentioned to control user access to protected datasets. === Environment setup === '''TAP''' and ''Thredds'' get users and roles from a database created specifically to model all the entities and processes involved. The main idea is to include easily a database instance to work with. Derby network allow users to access db instances even from outside when they are running and most people are familiar with it. To accomplish this step you need two components: - Derby 10.10.1.1 library - Derby database - Apache Tomcat 7.0.59 - jre 1.7.0_75 Attached is a preconfigured environment which includes a lib folder (appz) , the Apache Tomcat 7.0.59 with thredds and TAP deployed and the jre 1.7.0_75 If you want to build it by yourself, we suggest to follow these steps: 1. Create a deployment folder (eg. deployment_test) 2. Create an appz folder in deployment_test to place libraries. 3. Extract ''Derby 10.10.1.1'' library in /deployment_test/appz 4. Extract ''Tomcat 7.0.59'' or paste the customized ''Tomcat'' provided. 5. Place the Derby DB folder (derbydb) in $CATALINA_HOME/content/data == Derby setup == To start ''Derby'' successfully add a socket permission in ''JAVA 7'' by including in ''$JRE_HOME/lib/security/java.policy'' the following line: {{{ permission java.net.SocketPermission "HOST:DERBY_PORT", "listen,resolve"; }}} === Start derby === {{{ }}} To start derby successfully add a socket permission in JAVA 7 by including in $JRE_HOME/lib/security/java.policy the following line: {{{ permission java.net.SocketPermission "HOST:DERBY_PORT", "listen,resolve"; }}} == Tomcat setup == Although attached is a customized tomcat ready to run, you can use another and configure it following these steps === Expose our datasource in Tomcat === Tomcat gets users and roles from conf/tomcat-users.xml by default. We are going to change this in order to get users and roles from a given database. First of all, include both derbyclient.jar and derbynet.jar in$CATALINA_HOME/lib. After doing that, we need to add a new resource called “jdbc/admin” in GlobalNamingResurces: {{{ First of all, include both derbyclient.jar and derbynet.jar in \$CATALINA_HOME/lib. After doing that, we need to add a new resource called “jdbc/admin” in ''GlobalNamingResurces'': {{{ }}} }}} === Start Tomcat === We strongly recomend you before run Tomcat, set JAVA_OPTS="-Xms256m -Xmx4096m -XX:+DisableExplicitGC -Dcom.sun.management.jmxremote -XX:PermSize=256m -XX:MaxPermSize=512m -XX:-UseGCOverheadLimit" == Initial TAP setup == {{{ recaptcha.verificationurl = http://www.google.com/recaptcha/api/verify recaptcha.privatekey = HASH_VALUE recaptcha.publickey = HASH_VALUE tap.baseurl = DEPLOYMENT_URL #For example: http://meteo.unican.es/tap tap.managers.email = admin@host.com, manager@host.com #People aware when users join groups tap.email.noreply = no-reply@your_host.com tap.email.admin = admin@host.com tap.filter.groups = TAP_USER,TAP_ADMIN #Invisible in TAP Groups. }}} You need to create a recaptcha https://www.google.com/recaptcha/admin#list and set both private and public keys in the file. You also need to set your base url like localhost:8080/tap, the managers emails which allow people to keep in touch of the group events (when user wants to join a group, etc) recaptcha.privatekey = YOUR_RECAPTCHA_PRIVKEY recaptcha.publickey = YOUR_RECAPTCHA_PUBKEY tap.baseurl = http://localhost:8080/tap tap.managers.email = manager1@yourhost.com, manager2@yourhost.com #They will receive emails if people join groups tap.email.noreply = no-reply@yourhost.com }}} You need to create a recaptcha https://www.google.com/recaptcha/admin#list and set both private and public keys in the previous file. You also need to set your base url like localhost:8080/tap or yourhost/tap, the managers emails which allow people to keep in touch of the group events (when user wants to join a group, etc) WEB-INF/classes/mail.properties