Bluemix上的自由--如何使用.EAR项目的部署保护网络上下文

Question

我对部署到Bluemix环境中的for服务器的上下文保护定义表示怀疑，主要考虑到这些设置将触发的登录和授权功能。对于file，所有配置都放在一个server.xml安装文件中。

Eclipse选择“动态Web项目”生成的部署结构如下所示：

. WebSphere Application Server Packaged on Bluemix (Utilities: Package on Bluemix Server)
.. LibertyStarterClaudeEAR (.ear)
... LiberyStarterClaude (.war)  

应用程序生成一个用于部署的.ear存档文件。在这个归档文件中，有一个带有web应用程序本身的.war文件，实际上它是来自Bluemix示例存储库的一个简单的"hello world“。如果不使用application和application-bnd语句，web屏幕将正确显示，一旦应用程序语句处于活动状态，我将得到如下错误消息：

404 Not Found: Requested route ('xyzxyz.mybluemix.net') does not exist. 

下面是我希望添加到server.xml中的上下文定义：

<!--  Nov. 21 2016 the next section adds the web context authorization -->   
<application type="war" id="LibertyStarterClaude" name="LibertyStarterClaude" location="${server.config.dir}/apps/LibertyStarterClaude.war">
  <application-bnd>
    <security-role name="All Role">
      <special-subject type="ALL_AUTHENTICATED_USERS" />
    </security-role>
  </application-bnd> 
</application> 

哪些正确的路径和应用程序类型定义可以激活用于部署.ear归档及其应用程序的上下文保护和登录拦截？

在控制台下，由"package“命令(Push)产生的消息：

使用在server.xml配置文件下定义的标记部分部署和推送本地自由服务器。

名称: liberty_with_oidc

清单:保存到清单文件

子域: libertystarterclaude

域: mybluemix.net

部署url: libertystarterclaude.mybluemix.net

在部署时启动应用程序:已启用

Checking application - liberty_with_oidc
Generating application archive - liberty_with_oidc
Pushing application - liberty_with_oidc
Creating application - liberty_with_oidc
Application successfully pushed
Starting application - liberty_with_oidc
Got staging request for app with id ff091f13-1c94-4d0f-adea-70db04cceb7c
Updated app with guid ff091f13-1c94-4d0f-adea-70db04cceb7c ({"state"=>"STARTED"})
-----> Downloaded app package (36K)
[Application Running Check] - Checking if application is running - liberty_with_oidc. Please wait...

-----> Retrieving IBM 1.8.0_20160919 JRE (ibm-java-jre-8.0-3.12-pxa6480sr3fp12-20160919_01-cloud.tgz) ... (0.0s)
         Expanding JRE to .java ... (1.1s)
-----> Retrieving App Management 1.21.0_20161010-1459 (app-mgmt_v1.21-20161010-1459.zip) ... (0.0s)
         Expanding App Management to .app-management (0.1s)
-----> Retrieving com.ibm.ws.liberty-16.0.0.3-201610302241.tar.gz ... (0.0s)
         Installing archive ... (1.1s)
-----> Retrieving com.ibm.ws.liberty.ext-16.0.0.3-201610302241.tar.gz ... (0.0s)
         Installing archive ... (1.0s)
-----> Liberty buildpack is done creating the droplet

[AUDIT   ] CWWKE0001I: The server wlp2016beta has been launched.
[AUDIT   ] CWWKG0028A: Processing included configuration resource: /home/vcap/app/wlp/usr/servers/wlp2016beta/runtime-vars.xml
[INFO    ] CWWKE0002I: The kernel started after 3.267 seconds
[INFO    ] CWWKF0007I: Feature update started.

[ERROR   ] CWWKF0042E: A feature definition cannot  be found for the  bluemixutility-1.0 feature.  Try running the command, bin/installUtility install bluemixutility-1.0,  to install the feature. Alternatively, you can run the command, bin/installUtility install wlp2016beta,  to install all features that are referenced by this configuration.

[INFO    ] CWWKS0007I: The security service is starting...
[AUDIT   ] CWWKZ0058I: Monitoring dropins for applications. 
[INFO    ] CWWKO0219I: TCP Channel defaultHttpEndpoint has been started and is now listening for requests on host localhost  (IPv4: 127.0.0.1) port 61655.
[INFO    ] CWWKO0219I: TCP Channel defaultHttpEndpoint-ssl has been started and is now listening for requests on host localhost  (IPv4: 127.0.0.1) port 9443.
[INFO    ] DYNA1001I: WebSphere Dynamic Cache instance named baseCache initialized successfully.
[INFO    ] DYNA1071I: The cache provider default is being used.
[INFO    ] DYNA1056I: Dynamic Cache (object cache) initialized successfully.
[INFO    ] CWWKY0005I: The batch In-Memory persistence service is activated.
[INFO    ] CWWKY0008I: The batch feature is using persistence type In-Memory.
[INFO    ] CWIMK0009I: The user registry federation service is ready.
[INFO    ] CWWKS0008I: The security service is ready.
[INFO    ] CWWKS4105I: LTPA configuration is ready after 0.902 seconds.
[INFO    ] CWWKS1410I: The OAuth endpoint service is activated.
[INFO    ] CWWKS1700I: OpenID Connect client bluemixoidc1 configuration successfully processed.
[INFO    ] CWSCX0122I: Register management Bean provider: com.ibm.ws.cloudoe.management.client.provider.dump.JavaDumpBeanProvider@8023ef99.
[INFO    ] CWSCX0122I: Register management Bean provider: com.ibm.ws.cloudoe.management.client.provider.logging.LibertyLoggingBeanProvider@ffcd3586.
[INFO    ] CWWKY0300I: Batch security is enabled.
[WARNING ] CWWKZ0014W: The application LibertyStarterClaude could not be started as it could not be found at location /home/vcap/app/wlp/usr/servers/wlp2016beta//apps/LibertyStarterClaude.war.
[INFO    ] CWWKZ0018I: Starting application LibertyStarterClaudeEAR.
[INFO    ] SRVE0169I: Loading Web Module: ibm/api.
[INFO    ] SRVE0250I: Web Module ibm/api has been bound to default_host.
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://localhost:61655/ibm/api/
[INFO    ] SRVE0169I: Loading Web Module: com.ibm.ws.cloudoe.management.client.liberty.connector.
[INFO    ] SRVE0250I: Web Module com.ibm.ws.cloudoe.management.client.liberty.connector has been bound to default_host.
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://localhost:61655/IBMMGMTRest/
[INFO    ] SRVE0169I: Loading Web Module: OpenID Connect Client Redirect Servlet.
[INFO    ] SRVE0250I: Web Module OpenID Connect Client Redirect Servlet has been bound to default_host.
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://localhost:61655/oidcclient/
[INFO    ] SRVE0169I: Loading Web Module: IBMJMXConnectorREST.
[INFO    ] SRVE0250I: Web Module IBMJMXConnectorREST has been bound to default_host.
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://localhost:61655/IBMJMXConnectorREST/
[INFO    ] CWWKX0103I: The JMX REST connector is running and is available at the following service URL: service:jmx:rest://localhost:9443/IBMJMXConnectorREST
[INFO    ] CWWKX0103I: The JMX REST connector is running and is available at the following service URL: service:jmx:rest://localhost:9443/IBMJMXConnectorREST
[INFO    ] WELD-000900: 2.3.4 (Final)
[INFO    ] SRVE0169I: Loading Web Module: com.ibm.oauth.test.war.
[INFO    ] SRVE0250I: Web Module com.ibm.oauth.test.war has been bound to default_host.
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://localhost:61655/oauth2/
[INFO    ] SESN8501I: The session manager did not find a persistent storage location; HttpSession objects will be stored in the local application server's memory.
[INFO    ] SRVE0250I: Web Module LibertyStarterClaude has been bound to default_host.
[INFO    ] SRVE0169I: Loading Web Module: LibertyStarterClaude.
[AUDIT   ] CWWKZ0001I: Application LibertyStarterClaudeEAR started in 1.047 seconds.
[INFO    ] SRVE9103I: A configuration file for a web server plugin was automatically generated for this server at /home/vcap/app/wlp/usr/servers/wlp2016beta/logs/state/plugin-cfg.xml.
[AUDIT   ] CWWKF0015I: The server has the following interim fixes active in the runtime: PI69141,PI68805. For a full listing of installed fixes run: productInfo version --ifixes
[AUDIT   ] CWWKF0012I: The server installed the following features: [servlet-3.1, beanValidation-1.1, ssl-1.0, jndi-1.0, oauth-2.0, batchManagement-1.0, appSecurity-2.0, jdbc-4.1, jaxrs-2.0, openidConnectClient-1.0, restConnector-2.0, cdi-1.2, webProfile-7.0, jpa-2.1, appState-2.0, jsp-2.3, ejbLite-3.2, managedBeans-1.0, jsf-2.2, localConnector-1.0, federatedRegistry-1.0, jsonp-1.0, icap:managementConnector-1.0, el-3.0, jaxrsClient-2.0, batch-1.0, ldapRegistry-3.0, json-1.0, distributedMap-1.0, websocket-1.1].
[INFO    ] CWWKF0008I: Feature update completed in 42.745 seconds.
[AUDIT   ] CWWKF0011I: The server wlp2016beta is ready to run a smarter planet.

Instance (index 0) failed to start accepting connections

App instance exited with guid ff091f13-1c94-4d0f-adea-70db04cceb7c payload: {"cc_partition"=>"default", "droplet"=>"ff091f13-1c94-4d0f-adea-70db04cceb7c", "version"=>"2186b130-3bad-4631-bd74-3e436f10ec19", "instance"=>"75acb8c94a5b403398904d43aa53761d", "index"=>0, "reason"=>"CRASHED", "exit_status"=>-1, "exit_description"=>"failed to accept connections within health check timeout", "crash_timestamp"=>1479830482}
Starting app instance (index 0) with guid ff091f13-1c94-4d0f-adea-70db04cceb7c


ERROR   ] CWWKF0042E: A feature definition cannot  be found for the  admincenter-1.0 feature.  Try running the command, bin/installUtility install admincenter-1.0,  to install the feature. Alternatively, you can run the command, bin/installUtility install wlp2016beta,  to install all features that are referenced by this configuration.
[ERROR   ] CWWKF0042E: A feature definition cannot  be found for the  bluemixlogcollector-1.1 feature.  Try running the command, bin/installUtility install bluemixlogcollector-1.1,  to install the feature. Alternatively, you can run the command, bin/installUtility install wlp2016beta,  to install all features that are referenced by this configuration.
[ERROR   ] CWWKF0042E: A feature definition cannot  be found for the  bluemixutility-1.0 feature.  Try running the command, bin/installUtility install bluemixutility-1.0,  to install the feature. Alternatively, you can run the command, bin/installUtility install wlp2016beta,  to install all features that are referenced by this configuration.

[INFO    ] CWWKS0007I: The security service is starting...
[INFO    ] CWWKO0219I: TCP Channel defaultHttpEndpoint has been started and is now listening for requests on host localhost  (IPv4: 127.0.0.1) port 61700.
[AUDIT   ] CWWKZ0058I: Monitoring dropins for applications. 
[INFO    ] CWWKO0219I: TCP Channel defaultHttpEndpoint-ssl has been started and is now listening for requests on host localhost  (IPv4: 127.0.0.1) port 9443.
[INFO    ] DYNA1001I: WebSphere Dynamic Cache instance named baseCache initialized successfully.
[INFO    ] DYNA1071I: The cache provider default is being used.
[INFO    ] DYNA1056I: Dynamic Cache (object cache) initialized successfully.
[INFO    ] CWWKY0005I: The batch In-Memory persistence service is activated.
[INFO    ] CWWKY0008I: The batch feature is using persistence type In-Memory.
[INFO    ] CWIMK0009I: The user registry federation service is ready.
[INFO    ] CWWKS1700I: OpenID Connect client bluemixoidc1 configuration successfully processed.
[INFO    ] CWWKS0008I: The security service is ready.
[INFO    ] CWWKS4105I: LTPA configuration is ready after 0.752 seconds.
[INFO    ] CWSCX0122I: Register management Bean provider: com.ibm.ws.cloudoe.management.client.provider.dump.JavaDumpBeanProvider@50e65231.
[INFO    ] CWSCX0122I: Register management Bean provider: com.ibm.ws.cloudoe.management.client.provider.logging.LibertyLoggingBeanProvider@9176be54.
[INFO    ] CWWKY0300I: Batch security is enabled.
[WARNING ] CWWKZ0014W: The application LibertyStarterClaude could not be started as it could not be found at location /home/vcap/app/wlp/usr/servers/wlp2016beta//apps/LibertyStarterClaude.war.
[INFO    ] CWWKZ0018I: Starting application LibertyStarterClaudeEAR.
[INFO    ] SRVE0169I: Loading Web Module: com.ibm.ws.cloudoe.management.client.liberty.connector.
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://localhost:61700/IBMMGMTRest/
[INFO    ] SRVE0250I: Web Module OpenID Connect Client Redirect Servlet has been bound to default_host.
[INFO    ] SRVE0250I: Web Module ibm/api has been bound to default_host.
[INFO    ] SRVE0169I: Loading Web Module: ibm/api.
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://localhost:61700/ibm/api/
[INFO    ] WELD-000900: 2.3.4 (Final)
[INFO    ] SRVE0250I: Web Module IBMJMXConnectorREST has been bound to default_host.
[INFO    ] SRVE0169I: Loading Web Module: IBMJMXConnectorREST.
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://localhost:61700/IBMJMXConnectorREST/
[INFO    ] CWWKX0103I: The JMX REST connector is running and is available at the following service URL: service:jmx:rest://localhost:9443/IBMJMXConnectorREST
[INFO    ] CWWKX0103I: The JMX REST connector is running and is available at the following service URL: service:jmx:rest://localhost:9443/IBMJMXConnectorREST
[INFO    ] SRVE0169I: Loading Web Module: com.ibm.oauth.test.war.
[INFO    ] SRVE0250I: Web Module com.ibm.oauth.test.war has been bound to default_host.
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://localhost:61700/oauth2/
[INFO    ] SESN8501I: The session manager did not find a persistent storage location; HttpSession objects will be stored in the local application server's memory.
[INFO    ] SRVE0169I: Loading Web Module: LibertyStarterClaude.
[INFO    ] SRVE0250I: Web Module LibertyStarterClaude has been bound to default_host.
[AUDIT   ] CWWKZ0001I: Application LibertyStarterClaudeEAR started in 1.423 seconds.
[INFO    ] SRVE9103I: A configuration file for a web server plugin was automatically generated for this server at /home/vcap/app/wlp/usr/servers/wlp2016beta/logs/state/plugin-cfg.xml.
[AUDIT   ] CWWKF0015I: The server has the following interim fixes active in the runtime: PI69141,PI68805. For a full listing of installed fixes run: productInfo version --ifixes
[AUDIT   ] CWWKF0012I: The server installed the following features: [servlet-3.1, beanValidation-1.1, ssl-1.0, jndi-1.0, oauth-2.0, batchManagement-1.0, appSecurity-2.0, jdbc-4.1, jaxrs-2.0, openidConnectClient-1.0, restConnector-2.0, cdi-1.2, webProfile-7.0, jpa-2.1, appState-2.0, jsp-2.3, ejbLite-3.2, managedBeans-1.0, jsf-2.2, localConnector-1.0, federatedRegistry-1.0, jsonp-1.0, icap:managementConnector-1.0, el-3.0, jaxrsClient-2.0, batch-1.0, ldapRegistry-3.0, json-1.0, distributedMap-1.0, websocket-1.1].
[AUDIT   ] CWWKF0011I: The server wlp2016beta is ready to run a smarter planet.
[INFO    ] CWWKF0008I: Feature update completed in 40.415 seconds.

Instance (index 0) failed to start accepting connections

App instance exited with guid ff091f13-1c94-4d0f-adea-70db04cceb7c payload: {"cc_partition"=>"default", "droplet"=>"ff091f13-1c94-4d0f-adea-70db04cceb7c", "version"=>"2186b130-3bad-4631-bd74-3e436f10ec19", "instance"=>"3cd219a09bbf48fd8b80db6b6290f5b9", "index"=>0, "reason"=>"CRASHED", "exit_status"=>-1, "exit_description"=>"failed to accept connections within health check timeout", "crash_timestamp"=>1479830595}

Starting app instance (index 0) with guid ff091f13-1c94-4d0f-adea-70db04cceb7c

。。重新启动

我的测试表明，.ear归档有一个重复的条目，因为应用程序标记支持读取.ear归档。新的定义是：

`<application` location="${server.config.dir}apps/LibertyStarterClaudeEAR.ear" type="ear">
  <application-bnd>
    <security-role name="AllAuthenticated">
      <special-subject type="ALL_AUTHENTICATED_USERS"/>
    </security-role>
  </application-bnd> 
</application> 

注释原始项目设置中重复的.ear加载：

<!--  enterpriseApplication id="LibertyStarterClaudeEAR" location="LibertyStarterClaudeEAR.ear" name="LibertyStarterClaudeEAR"/ -->

Answer 1

要设置安全性，需要定义安全角色、安全约束、身份验证方法以及应用程序绑定。您只提到了应用程序绑定部分。我不确定你是否完成了剩下的工作。您可以参考有关如何设置其余部分的文档：quickstart.html

对于您的应用程序，您希望部署为EAR还是部署为独立的WAR？在动态web项目结构上，您似乎在使用EAR。但是，在您拥有的应用程序绑定配置元素上，它已经被转换为没有EAR的独立WAR应用程序。我建议您保留原始的enterpriseApplciation元素，只需在该元素下添加application部分，而不是定义一个新的应用程序元素。原因是直接在服务器配置文件上更改应用程序类型会使工具设置与服务器配置不同步。如果您想作为独立的WAR部署而不使用EAR，请从Servers视图中的Server中移除EAR，并首先将WAR添加到服务器。然后，可以在WAR定义下添加应用程序-bnd部分，以保持工具和配置设置保持同步。