问题描述
我目前正在编写一个 WebApp 来访问我们 ICCube 系统中的报告.应用程序页面托管在与 IcCube 服务器不同的服务器上.该服务器当前是本地 Apache 服务器 (xampp),使用 Basic Auth 在用户访问我的 htdocs 之前对其进行身份验证.我希望我的 Apache 在 icCube 的内部授权管理报告访问时进行身份验证,只需要一次登录.
I am currently in the process of writing a WebApp to access reports from our ICCube-System. The Application page is hosted on a server different to the IcCube-server. The server is currently a local Apache server (xampp) using Basic Auth to authenticate users before they can access my htdocs. I would like my Apache to do the authentication while icCube's internal authorization manages report access, with only a single login being required.
我的应用程序基于网络报告现场演示 由 IcCube 提供;因此它使用显式 JavaScript 身份验证(它通过 ic3.getDemoDataSourceSettings() 获取演示用户数据).
My application is based on the live demo for web reporting provided by IcCube; therefore it's using explicit JavaScript authentication (it's getting the demo user data through ic3.getDemoDataSourceSettings()).
尝试通过 IcCube 文档没关系,我和以前一样困惑.Apache 配置的相关页面列出了 Apache & 的可能配置.icCube,但我不明白我应该使用哪个(优点和缺点)以及它们是否都可以与我们的服务器设置一起使用.
After trying to work through the IcCube documentation on the matter, I am just as confused as before. The related page on Apache configuration lists possible configurations for Apache & icCube, but I don't understand which I should use (advantages & disadvantages) and if all of them even work with our server setup.
- Apache 配置概览:如果我在我的服务器配置中设置这些代理参数,究竟是什么转发到 IcCube?
- icCube 身份验证 Servlet 过滤器:此配置提取属于 IcCube 还是 Apache?这些过滤器到底在做什么?
任何有关该问题的帮助或指向更深入文档的指针将不胜感激.
Any help with the issue or pointers to a more in-depth documentation would be greatly appreciated.
推荐答案
您的 Web 应用程序(即 Apache)将不得不转发与访问 icCube 中的报告相关的调用.例如,您可以将 Apache 配置为转发与 icCube 相关的所有内容,如下所示:
You Web App (i.e. Apache) will have to forward calls related to accessing the reports in icCube. You can for example configure Apache to forward everything related to icCube as following:
<VirtualHost *:80>
ServerName your.domain.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /icCube http://your-ip:8383/icCube
ProxyPassReverse /icCube http://your-ip:8383/icCube
</VirtualHost>
然后使用 icCube 配置 (icCube.xml) 中的 Servlet 过滤器保护 Apache 和 icCube 之间的通信:
Then the communication between Apache and icCube is secured using Servlet Filters that are part of icCube configuration (icCube.xml):
IcCubeApacheAuthenticationServletFilter
IcCubeApacheGwtAuthenticationServletFilter
第一个过滤器可用于除 GWT 之外的所有服务;对于 GWT,您可以使用第二个.这是一个可能的 icCube.xml 的摘录:
The first filter can be used for all services but GWT; for GWT you can use the second one. Here is an extract of a possible icCube.xml:
<xmlaComponentConfiguration>
<!--<tcpPortNumber>8484</tcpPortNumber>-->
<httpUrl>/icCube/xmla</httpUrl>
<enableHttpCompression>true</enableHttpCompression>
<filter>XMLA (Apache) Authentication</filter>
</xmlaComponentConfiguration>
<gwtServiceComponentConfiguration>
<enableFileDownloadCompression>true</enableFileDownloadCompression>
<filter>GWT (Apache) Authentication</filter>
</gwtServiceComponentConfiguration>
<reportingComponentConfiguration>
<url>/icCube/doc/*</url>
<enableCompression>true</enableCompression>
<filter>Report Authentication</filter>
</reportingComponentConfiguration>
<gviComponentConfiguration>
<url>/icCube/gvi</url>
<enableCompression>true</enableCompression>
<filter>GVI Authentication</filter>
<filter>GVI Authentication (logout)</filter>
</gviComponentConfiguration>
<filterConfiguration>
<filter>
<filter-name>XMLA (Apache) Authentication</filter-name>
<filter-class>crazydev.iccube.server.authentication.IcCubeApacheAuthenticationServletFilter</filter-class>
</filter>
<filter>
<filter-name>GWT (Apache) Authentication</filter-name>
<filter-class>crazydev.iccube.server.authentication.IcCubeApacheGwtAuthenticationServletFilter</filter-class>
</filter>
<filter>
<filter-name>Report Authentication</filter-name>
<filter-class>crazydev.iccube.server.authentication.IcCubeApacheAuthenticationServletFilter</filter-class>
</filter>
<filter>
<filter-name>GVI Authentication</filter-name>
<filter-class>crazydev.iccube.server.authentication.IcCubeApacheAuthenticationServletFilter</filter-class>
<init-param>
<param-name>anonymousLogon</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>GVI Authentication (logout)</filter-name>
<filter-class>crazydev.iccube.server.authentication.IcCubeGviLogoutAuthenticationServletFilter</filter-class>
</filter>
</filterConfiguration>
希望对您有所帮助.
这篇关于icCube - 如何使用 Apache Web 服务器对 icCube 进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!