Changes between Version 10 and Version 11 of tap


Ignore:
Timestamp:
Mar 9, 2015 6:26:04 PM (7 years ago)
Author:
vegasm
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • tap

    v10 v11  
    11== What is TAP ==
    22
    3 The aim of the Thredds Admin Portal (TAP) project lies in the idea of solving the huge problem existing in the Unidata Thredds application with the management of users, roles and dataset access. The Thredds user authentication is delegated to Tomcat Basic which gets users and roles from a given Realm. In order to authorize users, Thredds checks whether the dataset is restricted and if so, gets the user roles to make a decision. TAP manages the datasource mentioned to control user access to protected datasets.
    4 
    5 === Derby datasource setup ===
    6 
    7 TAP and Thredds get users and roles from a database created specifically to model all the entities and processes involved. The main idea is to include easily a database instance to work with. Derby embedded was discarded because it is not possible to access it in a production server from another JVM simultaneously. Derby network allow users to access db instances even from outside when they are running.
    8 To accomplish this step you need two components:
    9 
    10 -       Derby 10.10.1.1 library
    11 -       Derby database
    12 
    13 First, place the db-derby-10.10.1.1-bin library provided in a reachable folder. Second, place the preconfigured database. We suggest to include the derbydb folder provided in the Tomcat’s content folder. For example, CATALINA_HOME/content/tap/derbydb.
    14 The Derby database must be initialized in the Tomcat startup. Execute the following command to initialize it:
     3The aim of the ''Thredds Admin Portal'' '''(TAP)''' project lies in the idea of solving the huge problem existing in the ''Unidata Thredds'' application with the management of users, roles and dataset access. The Thredds user authentication is delegated to Tomcat Basic which gets users and roles from a given Realm. In order to authorize users, Thredds checks whether the dataset is restricted and if so, gets the user roles to make a decision. '''TAP''' manages the datasource mentioned to control user access to protected datasets.
     4
     5=== Environment setup ===
     6
     7'''TAP''' and ''Thredds'' get users and roles from a database created specifically to model all the entities and processes involved. The main idea is to include easily a database instance to work with. Derby network allow users to access db instances even from outside when they are running and most people are familiar with it. To accomplish this step you need two components:
     8
     9- Derby 10.10.1.1 library
     10- Derby database
     11- Apache Tomcat 7.0.59
     12- jre 1.7.0_75
     13
     14Attached is a preconfigured environment which includes a lib folder (appz) , the Apache Tomcat 7.0.59 with thredds and TAP deployed and the jre 1.7.0_75
     15
     16If you want to build it by yourself, we suggest to follow these steps:
     17
     18  1. Create a deployment folder (eg. deployment_test)
     19
     20  2. Create an appz folder in deployment_test to place libraries.
     21
     22  3. Extract ''Derby 10.10.1.1'' library in /deployment_test/appz
     23
     24  4. Extract ''Tomcat 7.0.59'' or paste the customized ''Tomcat'' provided.
     25
     26  5. Place the Derby DB folder (derbydb) in $CATALINA_HOME/content/data
     27
     28
     29== Derby setup ==
     30
     31To start ''Derby'' successfully add a socket permission in ''JAVA 7'' by including in ''$JRE_HOME/lib/security/java.policy'' the following line:
     32{{{
     33permission java.net.SocketPermission "HOST:DERBY_PORT", "listen,resolve";
     34
     35}}}
     36
     37=== Start derby ===
    1538
    1639{{{
     
    1841}}}
    1942
    20 To start derby successfully add a socket permission in JAVA 7 by including in $JRE_HOME/lib/security/java.policy the following line:
    21 {{{
    22 permission java.net.SocketPermission "HOST:DERBY_PORT", "listen,resolve";
    23 
    24 }}}
     43
     44== Tomcat setup ==
     45
     46Although attached is a customized tomcat ready to run, you can use another and configure it following these steps
    2547
    2648=== Expose our datasource in Tomcat ===
    2749
    2850Tomcat gets users and roles from conf/tomcat-users.xml by default. We are going to change this in order to get users and roles from a given database.
    29 First of all, include both derbyclient.jar and derbynet.jar in $CATALINA_HOME/lib. After doing that, we need to add a new resource called “jdbc/admin” in GlobalNamingResurces:
    30 
    31 
    32 {{{
    33 <Resource name="jdbc/adminDB" auth="Container" type="javax.sql.DataSource" factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory"
    34     validationQuery="SELECT count(*) FROM users" maxActive="20" maxIdle="10" username="admin" password="adm!n"
    35     driverClassName="org.apache.derby.jdbc.ClientDriver" url="jdbc:derby://host:port/derbypath/derbydb" readOnly="false"/>
     51First of all, include both derbyclient.jar and derbynet.jar in $CATALINA_HOME/lib. After doing that, we need to add a new resource called “jdbc/admin” in ''GlobalNamingResurces'':
     52
     53
     54{{{
     55          <Resource name="jdbc/adminDB" auth="Container" type="javax.sql.DataSource"
     56                factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory"
     57                validationQuery="SELECT count(*) FROM users" maxActive="20" maxIdle="10" username="admin" password="adm!n"
     58                driverClassName="org.apache.derby.jdbc.ClientDriver"
     59                url="jdbc:derby://YOUR_HOST:YOUR_PORT/../content/data/derbydb" readOnly="false"/>
    3660}}}
    3761
     
    5377}}}
    5478
     79=== Start Tomcat ===
     80
     81We strongly recomend you before run Tomcat, set JAVA_OPTS="-Xms256m -Xmx4096m -XX:+DisableExplicitGC -Dcom.sun.management.jmxremote -XX:PermSize=256m -XX:MaxPermSize=512m -XX:-UseGCOverheadLimit"
     82
    5583== Initial TAP setup ==
    5684
     
    6189{{{
    6290recaptcha.verificationurl = http://www.google.com/recaptcha/api/verify
    63 recaptcha.privatekey = HASH_VALUE
    64 recaptcha.publickey = HASH_VALUE
    65 
    66 tap.baseurl = DEPLOYMENT_URL #For example: http://meteo.unican.es/tap
    67 tap.managers.email = admin@host.com, manager@host.com #People aware when users join groups
    68 tap.email.noreply = no-reply@your_host.com
    69 tap.email.admin = admin@host.com
    70 tap.filter.groups = TAP_USER,TAP_ADMIN #Invisible in TAP Groups.
    71 }}}
    72 
    73 You need to create a recaptcha https://www.google.com/recaptcha/admin#list and set both private and public keys in the file. You also need to set your base url like localhost:8080/tap, the managers emails which allow people to keep in touch of the group events (when user wants to join a group, etc)
     91recaptcha.privatekey = YOUR_RECAPTCHA_PRIVKEY
     92recaptcha.publickey = YOUR_RECAPTCHA_PUBKEY
     93
     94tap.baseurl = http://localhost:8080/tap
     95tap.managers.email = manager1@yourhost.com, manager2@yourhost.com #They will receive emails if people join groups
     96tap.email.noreply = no-reply@yourhost.com
     97}}}
     98
     99You need to create a recaptcha https://www.google.com/recaptcha/admin#list and set both private and public keys in the previous file. You also need to set your base url like localhost:8080/tap or yourhost/tap, the managers emails which allow people to keep in touch of the group events (when user wants to join a group, etc)
    74100
    75101WEB-INF/classes/mail.properties