View page
Talk page

JB10 (Northstar Squeeze)

Modified 11:26, 3 Feb 2012 by rottmann | Page History

    Version as of 16:53, 19 May 2024

    to this version.

    Return to Version archive.

    View current version

    Start Tomcat /Apache

    /etc/init.d/apache2 start

    /etc/init.d/tomcat start

    Tomcat manager /admin

    http://134.104.27.210:8180 aufrufen, dann den links folgen

     

    SSL-MYSQL Connection

    Connection to the database server must be realized over SSL. Because of problems that newer mysql-connectors (which are required to support ssl) have caused with NorthStar we use stunnel to make the ssl connection.

    1) install package stunnel

    2) edit /etc/stunnel/stunnel.conf

    sslVersion = all
    chroot = /var/lib/stunnel4/
    setuid = stunnel4
    setgid = stunnel4
    pid = /stunnel4.pid
    CAfile = /etc/ssl/certs/ca-certificates.crt
    socket = l:TCP_NODELAY=1
    socket = r:TCP_NODELAY=1
    debug = 3
    ;output = /var/log/stunnel4/stunnel.log
    client = yes
    [mysqls]
    accept  = localhost:3306
    connect = mysql2.mpifr-bonn.mpg.de:3307

    3) enable stunnel on boot

    edit /etc/default/stunnel4 and set:

    ENABLED=1

    then run

    update-rc.d stunnel4 defaults

     

    JAAS Realm

    NorthStar verwendet ein eigenes Authentifizieruns- und Authorisierungsmodul basierend auf JAAS. Zum Aktivieren muss dieses Modul im Context der Webapplikation bekannt gemacht werden. Dazu muss die folgende Zeile in alle Webapplikations-Module (useradmistration, proposal, ...) eingetragen werden:

     <Realm appName="AstronLogin" className="org.apache.catalina.realm.JAASRealm" debug="99" roleClassNames="nl.astron.security.loginmodule.AstronRolePrincipal" userClassNames="nl.astron.security.loginmodule.AstronPrincipal" />

    Die Context Dateien liegen unter: /usr/share/tomcat5.5/conf/Catalina/localhost

    Java Security Problems


    Wenn beim Starten von Tomcat "access denied" messages kommen, kann man testweise die Benutziung des Java Security Managers abstellen. Dazu /etc/init.d/tomcat5.5 editieren und

    TOMCAT5_SECURITY=no 

    eintragen.

    Konkret braucht Jasper einige Access Permissions. Diese müssen in /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/security/java.policy eingetragen werden:

        permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
        permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
        permission java.util.PropertyPermission "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";

     

    Fixes

    relative path error in useraccount.jsp

    pages/admin/useraccount/useraccount.jsp change

    <jsp:include page="../layout/box_header_no_top.jsp" />

    to

    <jsp:include page="/pages/layout/box_header_no_top.jsp" />

     

    missing struts-template.xml

    When starting up tomcat there is an error reported about missing struts-template.tld

    remove reference to struts-template.tld in web.xml

    (/usr/share/tomcat5.5/webapps/useradministration/WEB-INF/web.xml)