%TOMCAT_HOME%
- home directory of the Apache Tomcat container.
%HOSTNAME%
- fully-qualified hostname of the deployment machine.
%DEPLOYMENT_DIR%
- web application deployment directory (e.g. /usr/local
).
%PIDSVC_HOME%
- PID Service home directory (e.g. %TOMCAT_HOME%/webapps/pidsvc/
).
postgres
user:
sudo su - postgresCreate
pidsvc-admin
superuser:
createuser pidsvc-admin -P Enter password for new role: <enter password> Enter it again: <enter password> Shall the new role be a superuser? (y/n) yCreate a new
pidsvc
database and set ownership:
createdb pidsvc -O pidsvc-adminNote that even if
pidsvc
is the default recommended name for the database you may change it if required (e.g. if you're using a shared DBMS for multiple instances of the PID Service).
Create plpgsql
language:
createlang plpgsql pidsvcRun
postgresql.sql
script supplied as part of the distribution package to create database schema and populate it with default settings. The script postgresql.sql
can be obtained from subversion repository https://www.seegrid.csiro.au/subversion/PID/trunk/pidsvc/src/main/db/postgresql.sql
wget https://www.seegrid.csiro.au/subversion/PID/trunk/pidsvc/src/main/db/postgresql.sql psql -d pidsvc -f postgresql.sqlNote that it will throw a few errors/warnings that some database objects do not exists. Ignore these warnings. Inspect the database using your favorite tool (e.g. pgAdmin III, Naticat, etc.) that it has tables and views. If it does you have configured the database correctly.
%TOMCAT_HOME%/webapps/
directory.
pidsvc.xml
in %TOMCAT_HOME%/Catalina/localhost/
with the following content:<Context path="/pidsvc" docBase="%DEPLOYMENT_DIR%/pidsvc/pidsvc.war" crossContext="false" reloadable="false"> <Resource name="jdbc/pidsvc" auth="Container" type="javax.sql.DataSource" driverClassName="org.postgresql.Driver" url="jdbc:postgresql://%HOSTNAME%:5432/pidsvc" username="%USERNAME%" password="%PASSWORD%" maxActive="-1" minIdle="0" maxIdle="10" maxWait="10000" minEvictableIdleTimeMillis="300000" timeBetweenEvictionRunsMillis="300000" numTestsPerEvictionRun="20" poolPreparedStatements="true" maxOpenPreparedStatements="100" testOnBorrow="true" accessToUnderlyingConnectionAllowed="true" validationQuery="SELECT VERSION();" /> </Context>
%TOMCAT_HOME%/config/context.xml
:<Resource name="jdbc/pidsvc" auth="Container" type="javax.sql.DataSource" driverClassName="org.postgresql.Driver" url="jdbc:postgresql://%HOSTNAME%:5432/pidsvc" username="%USERNAME%" password="%PASSWORD%" maxActive="-1" minIdle="0" maxIdle="10" maxWait="10000" minEvictableIdleTimeMillis="300000" timeBetweenEvictionRunsMillis="300000" numTestsPerEvictionRun="20" poolPreparedStatements="true" maxOpenPreparedStatements="100" testOnBorrow="true" accessToUnderlyingConnectionAllowed="true" validationQuery="SELECT VERSION();" />
service tomcat6 restart
pidsvc.properties
file in the pidsvc.settings
environment option. To achieve this add the following into your tomcat context configuration file:
<Environment name="pidsvc.settings" value="D:\Projects\PIDService\pidsvc.properties" type="java.lang.String" override="false" />
jdbc/pidsvc
JNDI resource name for the the database connection. If you decided to use another name you will also need to make appropriate changes in the %PIDSVC_HOME%/WEB-INF/mappingstore.properties
configuration file by changing the following line:
jndiReferenceName = jdbc/pidsvc
mod_poxy
, mod_headers
and mod_rewrite
modules.
a2enmod proxy a2enmod proxy_http a2enmod proxy_ajp a2enmod headers a2enmod rewrite
<VirtualHost *> ServerName %HOSTNAME% RedirectMatch ^/$ /pidsvc ProxyRequests Off ProxyPreserveHost On <Location /pidsvc> ProxyPass ajp://localhost:8009/pidsvc keepalive=On ProxyPassReverse http://%HOSTNAME%/pidsvc </Location> RewriteEngine on RewriteRule ^(/(?!pidsvc(?:$|/)|favicon\.ico|robots\.txt|manager(?:$|/)).+)$ http://localhost:8080/pidsvc/dispatcher?$1 [NC,B,QSA,P,L] </VirtualHost>
RedirectMatch
line is optional and may be omitted.
This configurations intercepts all incoming requests and tries to resolve them via PID Service dispatcher unless they start with with /pidsvc/
(PID Service Management Web Console) and /manager/
(Tomcat Web Application Manager). If you deploy the PID Service on a shared machine you will need to amend the rewrite rule to add an exception for other applications in a similar way by adding |your_app_name(?:$|/)
to ^(/(?!pidsvc(?:$|/)|favicon\.ico|robots\.txt|manager(?:$|/)).+)$
regular expression right after |manager(?:$|/)
.
Endpoint | Description | Security Requirements |
---|---|---|
/pidsvc/dispatcher |
PID Service dispatcher endpoint | Harmless read-only interface used to resolve URIs. Interface is used internally and direct access may be prohibited. |
/pidsvc/controller |
PID Service Application Programming Interface (API) | Anonymous access must be prohibited. API is used to manage the service programmatically via web service calls. Access to the controller interface must only be granted to applications from authorised sources, such as PID Service Management Web Console and any other applications that may need to manage URI mappings programmatically. |
/pidsvc/info |
AJAX auxiliary interface | Harmless read-only interface used to provide access to URI mappings in the data store via AJAX in the PID Service Management Web Console. Direct access from other sources may be prohibited. |
/pidsvc/* |
PID Service Management Web Console - graphical web-based user interface for service management and monitoring | Anonymous access must be prohibited. Authorisation is required to gain access to management console It is recommended to only allow access from the intranet and prohibit access from the outside world (can be configured in the firewall). |
/WEB-INF/pidsvc.properties
file to false
.
allowProxyAction = trueWhen Proxy action is disabled any attempt to use it in the URI mapping will be superseded by 302 Simple Redirection action.
<Location /pidsvc/> # Authentication AuthName %LDAP_GROUP_NAME% AuthType Basic AuthBasicProvider ldap AuthLDAPURL %LDAP_URL% AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off require ldap-group %LDAP_GROUP% </Location>
I | Attachment | Action | Size | Date | Who | Comment |
---|---|---|---|---|---|---|
![]() |
InitialTest.xml | manage | 0.7 K | 26 Mar 2015 - 18:35 | PavelGolodoniuc | Deployment test mapping rule |
![]() |
license.txt | manage | 3.5 K | 30 Mar 2015 - 15:58 | PavelGolodoniuc | License |