FileNet P8 Application Engine, 版本 5.0.+       应用程序服务器:  WebSphere Application Server     

为 SSO 编辑 web.xml

Application Engine 环境中,可以将 SSO 与代理服务器配合使用。要启用这种可选方法,请编辑 WebSphere® Application Server 上的 web.xml 文件。

  1. 备份 web.xml 文件。

    AE_install_path/Workplace/WEB-INF/web.xml

  2. 打开 web.xml 以进行编辑,然后搜索参数 challengeProxyEnabled 并将其设置为 false。
    <param-name>challengeProxyEnabled</param-name>
    <param-value> false </param-value>
  3. 搜索 <web-resource-collection> 的第一个实例并将 <url-pattern> 取消注释,如文件注释所示。
    <web-resource-collection>
    <web-resource-name>action</web-resource-name>
    <description>Define thecontainer secured resource</description>
    <url-pattern>/containerSecured/*</url-pattern>
    
     <!--
    Uncomment this section if all resources that require credentials must be 
    secured in order to obtain a secured Thread. If using WebSphere, this section 
    must be uncommented. --> Move this commenting tag here from just
    before the </web-resource- collection> closing tag below.
    
    <url-pattern>/containerSecured/*</url-pattern>
    <url-pattern>/</url-pattern>
    <url-pattern>/author/*</url-pattern>
    <url-pattern>/Browse.jsp</url-pattern>
    <url-pattern>/eprocess/*</url-pattern>
    <url-pattern>/Favorites.jsp</url-pattern>
    <url-pattern>/GetPortalSitePreferences.jsp</url-pattern>
    <url-pattern>/GetTokenSignIn.jsp</url-pattern>
    <url-pattern>/GetUserInformation.jsp</url-pattern>
    <url-pattern>/GetUserToken.jsp</url-pattern>
    <url-pattern>/HomePage.jsp</url-pattern>
    <url-pattern>/IntegrationWebBasedHelp.jsp</url-pattern>
    <url-pattern>/is/*</url-pattern>
    <url-pattern>/operations/*</url-pattern>
    <url-pattern>/properties/*</url-pattern>
    <url-pattern>/redirect/*</url-pattern>
    <url-pattern>/regions/*</url-pattern>
    <url-pattern>/Search.jsp</url-pattern>
    <url-pattern>/select/*</url-pattern>
    <url-pattern>/SelectReturn.jsp</url-pattern>
    <url-pattern>/Tasks.jsp</url-pattern>
    <url-pattern>/UI-INF/*</url-pattern>
    <url-pattern>/utils/*</url-pattern>
    <url-pattern>/WcmAdmin.jsp</url-pattern>
    <url-pattern>/WcmAuthor.jsp</url-pattern>
    <url-pattern>/WcmBootstrap.jsp</url-pattern>
    <url-pattern>/WcmCloseWindow.jsp</url-pattern>
    <url-pattern>/WcmDefault.jsp</url-pattern>
    <url-pattern>/WcmError.jsp</url-pattern>
    <url-pattern>/WcmJavaViewer.jsp</url-pattern>
    <url-pattern>/WcmObjectBookmark.jsp</url-pattern>
    <url-pattern>/WcmQueueBookmark.jsp</url-pattern>
    <url-pattern>/WcmSignIn.jsp</url-pattern>
    <url-pattern>/WcmSitePreferences.jsp</url-pattern>
    <url-pattern>/WcmUserPreferences.jsp</url-pattern>
    <url-pattern>/WcmWorkflowsBookmark.jsp</url-pattern>
    <url-pattern>/wizards/*</url-pattern>
    <url-pattern>/Author/*</url-pattern>
    <url-pattern>/axis/*.jws</url-pattern>
    <url-pattern>/Browse/*</url-pattern>
    <url-pattern>/ceTunnel</url-pattern>
    <url-pattern>/CheckoutList/*</url-pattern>
    <url-pattern>/downloadMultiTransferElement/*</url-pattern>
    <url-pattern>/ExternalUrl/*</url-pattern>
    <url-pattern>/findRecordTarget</url-pattern>
    <url-pattern>/formCallback/*</url-pattern>
    <url-pattern>/getAnnotSecurity/*</url-pattern>
    <url-pattern>/getCEAnnotations/*</url-pattern>
    <url-pattern>/getContent/*</url-pattern>
    <url-pattern>/getForm/*</url-pattern>
    <url-pattern>/getISAnnotations/*</url-pattern>
    <url-pattern>/getISAnnotSecurity/*</url-pattern>
    <url-pattern>/getISContent/*</url-pattern>
    <url-pattern>/getMultiContent/*</url-pattern>
    <url-pattern>/getPreview</url-pattern>
    <url-pattern>/getProcessor/*</url-pattern>
    <url-pattern>/getRealms/*</url-pattern>
    <url-pattern>/getUsersGroups/*</url-pattern>
    <url-pattern>/Inbox/*</url-pattern>
    <url-pattern>/integrationCommandProxy</url-pattern>
    <url-pattern>/integrationResponse</url-pattern>
    <url-pattern>/integrationResponseProxy</url-pattern>
    <url-pattern>/integrationWebBasedCommand</url-pattern>
    <url-pattern>/keepAlive</url-pattern>
    <url-pattern>/launch/*</url-pattern>
    <url-pattern>/PublicQueue/*</url-pattern>
    <url-pattern>/putContent/*</url-pattern>
    <url-pattern>/QuickSearch/*</url-pattern>
    <url-pattern>/signingServlet/*</url-pattern>
    <url-pattern>/transport/*</url-pattern>
    <url-pattern>/upload/*</url-pattern>
    <url-pattern>/vwsimsoapservlet</url-pattern>
    <url-pattern>/vwsoaprouter</url-pattern>
    <url-pattern>/Workflows/*</url-pattern>   Move the closing comment tag from 
    here to the location indicated at the beginning of this example.
    </web-resource-collection>
  4. 找到 <auth-constraint> 部分,将通配符 (*) <role-name> 取消注释,如文件注释所示。
    <auth-constraint>
    <!-- <role-name>*</role-name> -->
    <!-- For WebSphere 6, use
    the role-name line below instead of the wildcard role above.
    -->
    
    <role-name>All Authenticated</role-name>
    
    <!-- For WebSphere 6, add this
    security-role element below the login-config element (below).
     <security-role>
    <description>All Authenticated</description>
    <role-name>All Authenticated</role-name>
     </security-role>
    -->
    </auth-constraint>
  5. 找到 </login-config> 元素的末尾,并在结束标记后面添加 All Authenticated 用户角色元素。
    <security-role>
    <description>All Authenticated</description>
    <role-name>All Authenticated</role-name>
    </security-role>
  6. 搜索 <security-constraint> 标记的第一个实例并在该标记之前添加以下 <security-constraint> 标记。
    要点: 输入以下信息时,请勿换行。
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>action</web-resource-name>
    <description>Define the non-secured resource</description>
    <url-pattern>/P8BPMWSBroker/*</url-pattern>
    </web-resource-collection>
    </security-constraint>
  7. web.xml 末尾,将 <login-config> 元素注释掉。
    <!--
    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>AE Workplace</realm-name>
    <form-login-config>
    <form-login-page>/ContainerLogin.jsp</form-login-page>
    <form-error-page>/ContainerError.jsp</form-error-page>
    </form-login-config>
    </login-config>
    -->
  8. 根据需要,设置 ssoProxyContextPathssoProxyHostssoProxyPortssoProxySSLPort

    这些参数值用于修改 Workplace 将在请求中找到的本机 URL 的一个或多个元素。在 URL 请求中的 SSO 代理主机元素值与 Workplace 所部署在的主机的相应信息有所不同的位置,必须将 URL 中该元素的相应 SSO <代理主机元素> 参数设置为 SSO 代理主机的值。

    <init-param>
    <param-name>ssoProxyContextPath</param-name>
    <param-value></param-value>
    </init-param>
    <init-param>
    <param-name>ssoProxyHost</param-name>
    <param-value></param-value>
    </init-param>
    <init-param>
    <param-name>ssoProxyPort</param-name>
    <param-value></param-value>
    </init-param>
    <init-param>
    <param-name>ssoProxySSLPort</param-name>
    <param-value></param-value>
    </init-param>
    通常,必须按如下方式来配置 <init-param> 参数:
    ssoProxyContextPath
    请将值设置为 SSO 代理主机 URL 的上下文路径。这是 URL 中出现在服务器名称之后的路径部分,它代表对 Workplace 应用程序的顶级访问权。
    例如,如果 Workplace 部署主机 URL 是 http://deploy_server:2809/Workplace,而 SSO 代理主机 URL 是 http://sso_proxy_server.domain.com/fn/Workplace,请使用下列设置:
    <param-name>ssoProxyContextPath</param-name>
    <param-value>/Workplace</param-value>
    ssoProxyHost
    请将值设置为 SSO 代理主机服务器名称。通常,这是由域限定的完整主机名。
    例如,如果 Workplace 所部署在的主机 URL 是 http://deploy_server/Workplace,而相应的 SSO 代理主机 URL 是 http://sso_proxy_server/Workplace,请使用下列设置:
    <param-name>ssoProxyHost</param-name>
    <param-value>sso_proxy_server</param-value>
    ssoProxyPort
    请将值设置为 SSO 代理主机上的 HTTP 端口。
    例如:
    <param-name>ssoProxyPort</param-name>
    <param-value>80</param-value>
    ssoProxySSLPort
    请将值设置为 SSO 代理主机上的 HTTPS 端口(如果已定义此端口或者使用了此端口来访问 Workplace 页面)。
    例如:
    <param-name>ssoProxySSLPort</param-name>
    <param-value>443</param-value>
  9. 保存您对 web.xml 所作的更改并关闭此文件。


反馈

最近一次更新时间: 2010 年 11 月


© Copyright IBM Corporation 2010.
本信息中心基于 Eclipse 技术。(http://www.eclipse.org)