惌两台(或N?机器怺通信Q先要设|它们之间的Host文g?br />每一台机器分别执行如下命?
sudo vi /etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain610.23.10.237 puppet-server.noah.blogjava.net#上面可能是打开q个文g里默认的Q不用管Q直接在下面加agent的ip可以了,有多加多少?/span>10.52.27.71 agent001.noah-test.net10.52.27.72 agent002.noah-test.net10.52.27.73 agent003.noah-test.net接下来回到agent端,配置puppet 的配|文Ӟ执行如下命o
sudo vi /etc/puppetlabs/puppet/puppet.conf
[main]
#q个certname是上面host里面的名?/span>
certname = agent001.noah-test.net
#server 是puppet的server的地址
server = puppet-server.noah.blogjava.net
environment = production
runinterval = 1h
#q个certname是上面host里面的名?/span>certname = agent001.noah-test.net#server 是puppet的server的地址server = puppet-server.noah.blogjava.netenvironment = productionruninterval = 1h然后在agent端,执行如下命oQ向server端申误?br />
sudo /opt/puppetlabs/bin/puppet agent --testInfo: Creating a new SSL key for agent01.noah-test
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Exiting; no certificate found and waitforcert is disabled
证明Q申h功,{待server端同意。这时可以{到server端,执行如下命o查看如些机器要申误?
sudo /opt/puppetlabs/bin/puppet cert list --allsudo /opt/puppetlabs/bin/puppet cert sign agent001.noah-test.net也可以直接在sgin 后面?"--all",q行全部审批?br />
审批完成后,再回到agent端,执行同样的命?br />
sudo /opt/puppetlabs/bin/puppet agent --test如下昄的全是类似如下绿色的信息Q证明它们之间的通信已经建立成功
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent001.noah-test.net
Info: Applying configuration version '1481877703'
问题汇总:
cloud@cdt-dev-cafews-yabinx:/etc/puppetlabs/puppet> sudo puppet agent -t
Warning: Setting 'pluginsync' is deprecated.
(at /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/defaults.rb:1713:in `block in <module:Puppet>')
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: getaddrinfo: Name or service not known
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': getaddrinfo: Name or service not known
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: getaddrinfo: Name or service not known
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': getaddrinfo: Name or service not known
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: getaddrinfo: Name or service not known
Info: Loading facts
Error: Could not retrieve catalog from remote server: getaddrinfo: Name or service not known
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: getaddrinfo: Name or service not known
用的命o不对Q改用这?/span>
sudo /opt/puppetlabs/bin/puppet agent --test
sudo/opt/puppetlabs/bin/puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Error: Could not retrieve catalog from remote server: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: Server hostname 'cdt-dev-cafews-yabinx' did not match server certificate; expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
其实它已l告诉你了,改一?etc/hosts可以了Q改成下面的其中一?/span>
expected one of cdt-dev-cafews-yabinx.emea1.cis.trcloud, DNS:puppet, DNS:cdt-dev-cafews-yabinx.emea1.cis.trcloud
sudo /opt/puppetlabs/bin/puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=cdt-dev-cafews-yabinx2.emea1.cis.trcloud]
一般这U情况就是由于某U原因没有认证没有成功,但它又不会重新认证了Q所以就报这个错误,解决办法是到q个目录?etc/puppetlabs/puppetQ把生成的ssl文g夹给删除Q让它重新生成一ơkey。如果生成一ơ还没有成功的话Q你要看一下是不是其它地方的问题,然后Q要重新重复上面的步骤,重新生成密钥?/span>
]]>
cat /etc/redhat-release
sudo rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
Enterprise Linux 6sudo rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-6.noarch.rpm
Ubuntu 16.04 Xenial Xeruswget https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb
sudo dpkg -i puppetlabs-release-pc1-xenial.deb
sudo apt update
sudo dpkg -i puppetlabs-release-pc1-xenial.deb
sudo apt update
Ubuntu 15.10 Wily Werewolf
wget https://apt.puppetlabs.com/puppetlabs-release-pc1-wily.deb
sudo dpkg -i puppetlabs-release-pc1-wily.deb
sudo apt update
sudo dpkg -i puppetlabs-release-pc1-wily.deb
sudo apt update
Ubuntu 14.04 Trusty Tahr
wget https://apt.puppetlabs.com/puppetlabs-release-pc1-trusty.deb
sudo dpkg -i puppetlabs-release-pc1-trusty.deb
sudo apt-get update
sudo dpkg -i puppetlabs-release-pc1-trusty.deb
sudo apt-get update
Ubuntu 12.04 Precise Pangolin
wget https://apt.puppetlabs.com/puppetlabs-release-pc1-precise.deb
sudo dpkg -i puppetlabs-release-pc1-precise.deb
sudo apt-get update
sudo dpkg -i puppetlabs-release-pc1-precise.deb
sudo apt-get update
Debian 8 Jessie
wget https://apt.puppetlabs.com/puppetlabs-release-pc1-jessie.deb
sudo dpkg -i puppetlabs-release-pc1-jessie.deb
sudo apt-get update
sudo dpkg -i puppetlabs-release-pc1-jessie.deb
sudo apt-get update
Debian 7 Wheezy
wget https://apt.puppetlabs.com/puppetlabs-release-pc1-wheezy.deb
sudo dpkg -i puppetlabs-release-pc1-wheezy.deb
sudo apt-get update
sudo dpkg -i puppetlabs-release-pc1-wheezy.deb
sudo apt-get update
如果遇到q个错误Q应该是你的rpm没有讄代理Q请看文章结N误汇?br />curl: (7) couldn't connect to host
接下来用YUM安装
sudo yum install puppetserver
?br />
apt-get install puppetserver
遇到q个错误是YUM没有讄代理Q文章结N题汇?
28, 'connect() timed out!'
接下来就可以正常启动?br />
可以通过如下命o查看是否启动成功
默认它会分配2G内存Q需要调整的话,可以在这?br />
接下来在另外一台器上安装agent
用相同的Ҏ(gu)先下载资源包Qsudo rpm xxxx,{??br />然后Q安装agent
接下来就可以正常启动?br />
sudo service puppetserver start
可以通过如下命o查看是否启动成功
sudo service puppetserver status
默认它会分配2G内存Q需要调整的话,可以在这?br />
/etc/sysconfig/puppetserver -- RedHeat
/etc/default/puppetserver -- Debian
接下来在另外一台器上安装agent
用相同的Ҏ(gu)先下载资源包Qsudo rpm xxxx,{??br />然后Q安装agent
sudo yum install puppet
通过如下命o启动agentsudo service puppet start
通过如下命o查看是否启动成功service puppet status
https://yum.puppetlabs.com/puppetlabs-release-pc1-el-6.noarch.rpm
Retrieving https://yum.puppetlabs.com/puppetlabs-release-pc1-el-6.noarch.rpm
curl: (7) couldn't connect to host
error: skipping https://yum.puppetlabs.com/puppetlabs-release-pc1-el-6.noarch.rpm - transfer failed
sudo rpm -Uvh --httpproxy http://webproxy.lon.corp.services --httpport 80 https://yum.puppetlabs.com/puppetlabs-release-pc1-el-6.noarch.rpm
在安装过E中Q如果Yum不能下蝲的话Q可能没有设|代理,
执行 sudo vi /etc/yum.conf 然后加上代理
proxy=http://xxxxxxxxxx:80
puppet 默认使用8140Q查看端口占用情况
sudo netstat -nlatp | grep 8140
]]>
@Named("bean1") // or @ManagedBean(name="bean1") or 不指定名字,默认Bean的名QsampleBean
@SessionScoped
public class SampleBean {
public int getLuckyNumber() { }
public void setLuckyNumber(int value) { }
public String login() {
if () return "success"; else return "error";
}
}
面q样写,直接调相应的Ҏ(gu)@SessionScoped
public class SampleBean {
public int getLuckyNumber() { }
public void setLuckyNumber(int value) { }
public String login() {
if () return "success"; else return "error";
}
}
<h:commandButton value="press me" action="#{bean1.login}"/>
2.链?br />
<h:link outcome="#{custVM.gotoDetail}" includeViewParams="true" target="_blank">
<f:param name="scmNo" value="#{warr.project_no}"/>
<f:param name="custNo" value="#{warr.cust_no}"/>
<f:param name="custName" value="#{warr.cust_name}"/>
<h:outputText value="#{warr.accrued_amt}">
<f:convertNumber currencySymbol="$" type="currency" />
</h:outputText>
</h:link>
在目标页面写下面q个Q这样就可以传过来了<f:param name="scmNo" value="#{warr.project_no}"/>
<f:param name="custNo" value="#{warr.cust_no}"/>
<f:param name="custName" value="#{warr.cust_name}"/>
<h:outputText value="#{warr.accrued_amt}">
<f:convertNumber currencySymbol="$" type="currency" />
</h:outputText>
</h:link>
<f:metadata>
<f:viewParam name="scmNo" value="#{custVM.scmNo}" />
<f:viewParam name="custNo" value="#{custVM.custNo}" />
<f:viewParam name="custName" value="#{custVM.custName}" />
</f:metadata>
3.下拉菜单写法Q?br /><f:viewParam name="scmNo" value="#{custVM.scmNo}" />
<f:viewParam name="custNo" value="#{custVM.custNo}" />
<f:viewParam name="custName" value="#{custVM.custName}" />
</f:metadata>
private List<SelectItem> monthItems; //它有自己的SelectItem c,用来存键值对?/span>
@PostConstruct
public void init() {
Calendar now = Calendar.getInstance();
date = now.getTime();
monthItems = new ArrayList<SelectItem>();
try {
List<Date> monthList = amoritizateService.getMonthList();
for(Date month:monthList){
monthItems.add(new SelectItem(month, DateUtil.format(month, "yyyy - MM")));
}
} catch (Exception e) {
LOG.error("ERROR!",e);
}
}
面可以直接q样写:@PostConstruct
public void init() {
Calendar now = Calendar.getInstance();
date = now.getTime();
monthItems = new ArrayList<SelectItem>();
try {
List<Date> monthList = amoritizateService.getMonthList();
for(Date month:monthList){
monthItems.add(new SelectItem(month, DateUtil.format(month, "yyyy - MM")));
}
} catch (Exception e) {
LOG.error("ERROR!",e);
}
}
<p:selectOneMenu value="#{amoritizateVM.date}" converter="monthItemConverter" style="width:145px">
<f:selectItems value="#{amoritizateVM.monthItems}"></f:selectItems>
</p:selectOneMenu>
q里面用C另外一个知识点Converter,用来转换cdQ比如这里是用来Date和String的互转,所以要写上q个c?br /><f:selectItems value="#{amoritizateVM.monthItems}"></f:selectItems>
</p:selectOneMenu>
/**
只要实现它的接口Q它会自动完成{换,q是很方便的
*/
@FacesConverter("monthItemConverter")
public class MonthItemConverter implements Converter {
private static final Logger LOG = LoggerFactory.getLogger(MonthItemConverter.class);
@Override
public Object getAsObject(FacesContext arg0, UIComponent arg1, String arg2) {
return DateUtil.parseDate(arg2);
}
@Override
public String getAsString(FacesContext arg0, UIComponent arg1, Object arg2) {
return DateUtil.format((Date)arg2);
}
}
只要实现它的接口Q它会自动完成{换,q是很方便的
*/
@FacesConverter("monthItemConverter")
public class MonthItemConverter implements Converter {
private static final Logger LOG = LoggerFactory.getLogger(MonthItemConverter.class);
@Override
public Object getAsObject(FacesContext arg0, UIComponent arg1, String arg2) {
return DateUtil.parseDate(arg2);
}
@Override
public String getAsString(FacesContext arg0, UIComponent arg1, Object arg2) {
return DateUtil.format((Date)arg2);
}
}
4.表单提交的话Q用q个
<p:commandButton value="Query" update="dataForm"/>
q里面的update要对应这个页面里的form的id<h:form id="dataForm">
]]>
]]>
首先下蝲mod_jk.soQ?br />windows:http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/win32/
Linux:http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/linux/jk-1.2.21/
下蝲后,如果名字不一P要改成和q个名字一LQ然后放|在apache的modules目录?br />然后在apache的conf目录新徏一个workers.properties文gQ内容如下:
# Define 1 real worker using ajp13worker.list=worker1# Set properties for worker1 (ajp13)worker.worker1.type=ajp13worker.worker1.host=127.0.0.1# 好多人都?080端口# 但如果用了的话,׃被apache占用Q?br /># q样无法直接访问Glassfish?br />worker.worker1.port=9090worker.worker1.lbfactor=1worker.worker1.cachesize=128worker.worker1.cache_timeout=600worker.worker1.socket_keepalive=1#worker.worker1.reclycle_timeout=300<IfModule !mod_jk>LoadModule jk_module "modules/mod_jk.so"</IfModule># Where to find workers.propertiesJkWorkersFile conf/workers.properties# Where to put jk logsJkLogFile logs/mod_jk.log# Set the jk log level [debug/error/info]JkLogLevel info# Select the log formatJkLogStampFormat "[%a %b %d %H:%M:%S %Y] "# JkOptions indicate to send SSL KEY SIZE,JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories# JkRequestLogFormat set the request formatJkRequestLogFormat "%w %V %T"JkShmFile logs/mod_jk.shmJkMount /*.jsp worker1JkMount /*.action worker1JkMount /*.do worker1下面配置GlassFish v3Q?/p>
通过览器进入GlassFish v3的admin consoleQ展开configuration->network config->network listenersQ页面会列出现有的所有监听的端口。例如默认的http-listener1监听8080Qhttp-listener2监听8181Qadmin-listener监听4848?br />刚才说了Z不媄?Glassfish的单独访问,q里我们不用8080Q我们可以新Z个Listener,除了端口以外其它都一?如图
然后建成功后Q点击进入,N上 JK Listener?br />
q样以来Q所有有兛_态解析的一些请求就会{lGlassfish处理了?br />
]]>
配置deploy/jboss-web.deployer/server.xml文g .
<Connector
port="8080"
address="0.0.0.0"
maxThreads="1600"
minSpareThreads="100"
maxSpareThreads="250"
emptySessionPath="false"
enableLookups="false"
redirectPort="8443"
acceptCount="800"
connectionTimeout="20000"
disableUploadTimeout="true"
URIEncoding="UTF-8"
/>
maxThreadsQ表C最多同时处理的q接数。应该将U程敎ͼ最大线E数Q设|比最大预期负载(同时q发的点击)?font face="Times New Roman">25%Q经验规则)?br />
acceptCountQ当同时q接的h数达到maxThreadsӞq可以接收排队的q接?/p>
minSpareThreadQ指“启动以后QL保持该数量的U程I闲{待”Q设|比预期负蝲?font face="Times New Roman">25%?/font>
maxSpareThreadQ指“如果过?/font>minSpareThreadQ然后L保持该数量的U程I闲{待”Q设|比预期负蝲?font face="Times New Roman">25%?/font>
其中主要修改两个参数maxThreads和acceptCount倹{增加maxThreadsQ减acceptCount值有利羃短系l的响应旉。但是maxThreads和acceptCount的d最高g能超q?000Q而且maxThreadsq大会增加CPU和内存消耗,故低配置用户可通过降低maxThreadsq同时增大acceptCount值来保证pȝ的稳定?/p>
下表|列Z在不同ƈ发情况下jboss参数与ƈ发在U的一般关pR?br />
|
q发?/p> |
服务器内?/p> |
jboss参数 |
|
| maxThreads | acceptCount | ||
| 50以下 | 2G | 256 | 800 |
| 50-300 | 4G | 600 | 1024 |
| 300-800 | 8G | 1024 | 1528 |
| 800-1000 | 8G | 1024 | 2048 |
| 1000-1200 | 12G | 1526 | 2048 |
| 1200-1500 | 16G | 2048 | 2048 |
?调整 jvm参数
AQJVM启动参数共分Zc:
其一是标准参敎ͼ-Q,所有的JVM实现都必d现这些参数的功能Q而且向后兼容Q?br />
其二是非标准参数Q?XQ,指的是JVM底层的一些配|参敎ͼq些参数在一般开发中默认卛_Q不需要Q何配|。但是在生环境中,q不保证所有jvm实现都满I所以ؓ了提高性能Q往往需要调整这些参敎ͼ以求pȝ辑ֈ最x能。另外这些参C保证向后兼容Q也x?#8220;如有变更Q恕不在后箋版本的JDK通知”Q这是官|上的原话)Q?br />
其三是非Stable参数Q?XXQ,q类参数在jvm中是不稳定的Q不适合日常使用的,后箋也是可能会在没有通知的情况下q接取消了Q需要慎重用?br />
BQ?strong>JVM 内存又可分ؓ三个主要的域 Q?br />
新域、旧域以及永久域。JVM生成的所有新对象攑֜新域中。一旦对象经历了一定数量的垃圾攉循环后,便进入旧域。而在怹域中是用来存储JVM自己的反对象的Q如class和method对象Q而且GC(Garbage Collection)不会在主E序q行期对怹域进行清理。其中新域和旧域属于堆,怹域是一个独立域q且不认为是堆的一部分?br />
CQ各主要参数的作用如?/strong> Q?br />
-XmsQ设|jvm内存的初始大?br />
-XmxQ设|jvm内存的最大?br />
-XmnQ设|新域的大小Q这个似乎只?jdk1.4来说是有效的Q后来就废弃了)
-XssQ设|每个线E的堆栈大小(也就是说,在相同物理内存下Q减这个D生成更多的线E?
-XXQNewRatio :讄新域与旧域之比,?XXQNewRatio = 4pC新域与旧域之比?Q?
-XX:NewSizeQ设|新域的初始?br />
-XX:MaxNewSize Q设|新域的最大?br />
-XX:PermSizeQ设|永久域的初始?br />
-XX:MaxPermSizeQ设|永久域的最大?br />
-XX:SurvivorRatio=n:讄新域中EdenZ两个Survivor区的比倹{(EdenZ要是用来存放新生的对象,而两?Survivor区则用来存放每次垃圾回收后存zM来的对象Q?br />
DQ常见的错误 Q?br />
java.lang.OutOfMemoryError怿很多开发h员都用到q,q个主要是JVM参数没有配好引v的,但是q种错误又分两种Qjava.lang.OutOfMemoryError: Java heap space和java.lang.OutOfMemoryError: PermGen spaceQ其中前者是有关堆内存的内存溢出Q可以同q配|?Xms?Xmx参数来设|,而后者是有关怹域的内存溢出Q可以通过配置 -XX:MaxPermSize来设|?br />
下面是个例子,h据实际情况进行修?修改run.conf文g中的如下内容Q?/font>
JAVA_OPTS="-Xms256m -Xmx2048m -XX:NewSize=256m -XX:MaxNewSize=512m -XX:PermSize=128m -XX:MaxPermSize=256m -XX:+UseConcMarkSweepGC -XX:+CMSPermGenSweepingEnabled -XX:+CMSClassUnloadingEnabled -Djboss.platform.mbeanserver"
]]>
log4j.rootLogger=DEBUG,CONSOLE #打印到控制台log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender log4j.appender.CONSOLE.Threshold=DEBUG log4j.appender.CONSOLE.Target=System.out #log4j.appender.CONSOLE.Encoding=GBK log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayoutlog4j.appender.CONSOLE.layout.ConversionPattern=[log] %d - %c -%-4r [%t] %-5p %c %x - %m%n #log4j.appender.CONSOLE.layout.ConversionPattern=[start]%d{DATE}[DATE]%n%p[PRIORITY]%n%x[NDC]%n%t[THREAD] n%c[CATEGORY]%n%m[MESSAGE]%n%n ###打印到单一文g#log4j.appender.FILE=org.apache.log4j.FileAppender #log4j.appender.FILE.File=info/info.log #log4j.appender.FILE.Threshold=DEBUG#log4j.appender.FILE.Append=false ##log4j.appender.FILE.Encoding=GBK #log4j.appender.FILE.layout=org.apache.log4j.PatternLayout #log4j.appender.FILE.layout.ConversionPattern=[log] %d - %c -%-4r [%t] %-5p %c %x - %m%n ## Use this layout for LogFactor 5 analysis ## log4j.appender.ROLLING_FILE=org.apache.log4j.RollingFileAppender log4j.appender.ROLLING_FILE.Threshold=INFOlog4j.appender.ROLLING_FILE.File=info/infolog4j.appender.ROLLING_FILE.Append=true ##log4j.appender.CONSOLE_FILE.Encoding=GBK log4j.appender.ROLLING_FILE.MaxFileSize=3072KB log4j.appender.ROLLING_FILE.MaxBackupIndex=10000000 log4j.appender.ROLLING_FILE.layout=org.apache.log4j.PatternLayoutlog4j.appender.ROLLING_FILE.layout.ConversionPattern=[log] %d - %c -%-4r [%t] %-5p %c %x - %m%n ## 每天生成一个文?br />
#log4j.appender.Daily=org.apache.log4j.DailyRollingFileAppender #log4j.appender.Daily.Threshold=DEBUG#log4j.appender.Daily.File=daily/log##log4j.appender.A1.Encoding=GBK #log4j.appender.Daily.DatePattern='.'yyyy-MM-dd #log4j.appender.Daily.layout=org.apache.log4j.PatternLayout #log4j.appender.Daily.layout.ConversionPattern=[log] %d - %c -%-4r [%t] %-5p %c %x - %m%n #通过socket发?br />
##log4j.appender.SOCKET=org.apache.log4j.RollingFileAppender ##log4j.appender.SOCKET.RemoteHost=localhost ##log4j.appender.SOCKET.Port=5001 ##log4j.appender.SOCKET.LocationInfo=true # Set up for Log Facter 5 ##log4j.appender.SOCKET.layout=org.apache.log4j.PatternLayout ##log4j.appender.SOCET.layout.ConversionPattern=[start]%d{DATE}[DATE]%n%p[PRIORITY]% n%x[NDC]%n%t[THREAD]%n%c[CATEGORY]%n%m[MESSAGE]%n%n # Log Factor 5 Appender ##log4j.appender.LF5_APPENDER=org.apache.log4j.lf5.LF5Appender ##log4j.appender.LF5_APPENDER.MaxNumberOfRecords=2000 # 通过mail发?br />
##log4j.appender.MAIL=org.apache.log4j.net.SMTPAppender ##log4j.appender.MAIL.Threshold=FATAL ##log4j.appender.MAIL.BufferSize=10 ##log4j.appender.MAIL.From=web@www.wuset.com ##log4j.appender.MAIL.SMTPHost=www.wusetu.com ##log4j.appender.MAIL.Subject=Log4J Message ##log4j.appender.MAIL.To=web@www.wusetu.com ##log4j.appender.MAIL.layout=org.apache.log4j.PatternLayout ##log4j.appender.MAIL.layout.ConversionPattern=[log] %d - %c -%-4r [%t] %-5p %c %x - %m%n # 存储到数据库##log4j.appender.DATABASE=org.apache.log4j.jdbc.JDBCAppender ##log4j.appender.DATABASE.URL=jdbc:mysql://localhost:3306/test ##log4j.appender.DATABASE.driver=com.mysql.jdbc.Driver ##log4j.appender.DATABASE.user=root ##log4j.appender.DATABASE.password= ##log4j.appender.DATABASE.sql=INSERT INTO LOG4J (Message) VALUES ([log] %d - %c -%-4r [%t] %-5p %c %x - %m%n') ##log4j.appender.DATABASE.layout=org.apache.log4j.PatternLayout ##log4j.appender.DATABASE.layout.ConversionPattern=[log] %d - %c -%-4r [%t] %-5p %c %x - %m%n # IM账号##log4j.appender.im = net.cybercorlin.util.logger.appender.IMAppender ##log4j.appender.im.host = mail.cybercorlin.net ##log4j.appender.im.username = username ##log4j.appender.im.password = password ##log4j.appender.im.recipient = corlin@cybercorlin.net ##log4j.appender.im.layout=org.apache.log4j.PatternLayout ##log4j.appender.im.layout.ConversionPattern =[log] %d - %c -%-4r [%t] %-5p %c %x - %m%n
]]>
W一步,创徏证书
keytool -genkey -alias tomcat -keystore c:\mykeystore -dname "CN=xyb, OU=localhost, O=localhost, L=SH, ST=SH, C=CN" -keypass 123456 -storepass 123456
PS:
-genkey 创徏一个证?br />
-alias 证书的别?br />
-keystore 指定生成此证书的路径(可不写,默认存在pȝ的Home目录?keystore文g?br />
-storepass 指定密钥库的密码
-keypass 指定别名条目的密?br />
-dname 指定证书拥有者信?可不写,但,pȝ会提CZ依次输入q些信息Q特别要注意“CN”的值是你想做ؓCAS服务器的q台机器的域名或机器名,但就是不能是IP)
-keyalg 指定密钥的算?可不?
-validity 指定创徏的证书有效期多少?可不写,默认?0?
W二步,导出证书
keytool -export -alias tomcat -keystore c:\mykeystore -file c:\mycerts.cer -storepass 123456
PS:
-export 别名指定的证书导出到文?br />
-keystore 指定生成此证书的路径(上一步中写的什么这写什么,如果没写Q这也不?
-file 指定导出到文件的文g?/p>
W三步,把导出的证书导入到客L服务?/p>
keytool -import -trustcacerts -alias tomcat -keystore "%JAVA_HOME%/JRE/LIB/SECURITY/CACERTS" -storepass 123456 -file c:\mycerts.cer
PS:
-import 已{数字证书导入密钥?br />
-file 指定要导入到密钥库的文g?也就是上一步导出的那个文g)
有一个提C:是否信Qq个证书Q输?YQ回车?/p>
W四步,下蝲cas集成包。将下蝲后的文g改名为cas-webQ放|在liferay的webapps目录下,在conf/server.xml中找C面这D,L原有的注释ƈ修改为:
<Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" keystorePass="123456" keyAlias="tomcat"/>W五步,在Liferay的webapps\ROOT\WEB-INF\classes\portal-ext.properties下添加如下内容:
cas.auth.enabled=true
cas.login.url=https://xyb:8443/cas-web/login
cas.logout.url=https://xyb:8443/cas-web/logout
cas.server.name=客户端IP:8080
cas.service.url=
#cas.service.url=http://localhost:8080/c/portal/login
cas.validate.url=https://xyb:8443/cas-web/proxyValidate
如果没在Liferay下,只是普通的WebE序可用Filter来实玎ͼ打开Web-INF\Web.XML文gQ增加如下代?/p>
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://xyb:8443/cas-web/login</param-value>
</init-param><!--q里的xyb是CAS服务端的IP或机器名-->
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https://xyb:8443/cas-web/proxyValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>localhost:8080</param-value><!--client:port是需要CAS需要拦截的地址和端口,一般就是这个TOMCAT所启动的IP和port-->
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern><!--q里是你要拦截的URLh-->
</filter-mapping>
最后一步,在客L获取CAS认证通过的用户名Qƈ修改w䆾验证E序为只通过用户名来验证。如是在Liferay下就不用做这一步了QLiferay中本w的验证是ScreenName字段
1、在JSP或Servlet中的用法Q?/p>
<%@ page import="edu.yale.its.tp.cas.client.filter.CASFilter" %><%@ page import="javax.servlet.http.HttpServletRequest" %><%@ page import="javax.servlet.http.HttpSession" %><%HttpSession ses = request.getSession();String screenName =(String)ses.getAttribute(CASFilter.CAS_FILTER_USER);System.out.println("screenName==:"+screenName);%> 2、在Java中通过 Session 获取d用户?/p>
// 以下两者都可以session.getAttribute(CASFilter.CAS_FILTER_USER);session.getAttribute("edu.yale.its.tp.cas.client.filter.user");3、在 JSTL 中获取用户名的方?/p>
<c:out value="${sessionScope[CAS:'edu.yale.its.tp.cas.client.filter.user']}"/>
问题汇总:
严重: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator prox
yList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://192.168.1.111:8443/cas/proxyValidate] ticket=[ST-0-9h7Mx5HK3pfsdxRv
MD3y] service=[http%3A%2F%2F192.168.1.222%3A8080%2Fservlets-examples%2Fservlet%2FHelloWorldExample] renew=false]]]
q个CAS异常是从CAS Client里面抛出Q是当我们不使用证书的CN去访问域名的时候(比如上文是用IP讉K而且证书的CN是该IP对应的域名而非该IPQ,CASClient无法信QQ也是我上面特意提到的那个CN的问题。要特别注意?/p>
q有一U情况就是客L证书没有导入,同样也报q个错误,最l可以归Z句话,肯定是证书验证没有通过所?
INFO [org.jasig.cas.authentication.AuthenticationManager
Impl] - <AuthenticationHandler: cn.com.tiansky.cas.authenticationHandlers.UPAuthenticationHandler successfully authenticated the user which provided the followi
ng credentials: [username: test]>
q错误Q可能是客户端的那个配置文g里写的不太对。也是上面说的W五步,要多注意一下?/p>
java.io.IOException: Cannot recover key
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14Socket
Factory.java:125)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESo
cketFactory.java:88)
at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoi
nt.java:292)
at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.j
ava:138)
at org.apache.catalina.connector.Connector.initialize(Connector.java:101
q种错误Q可能是你生成的证书有问题,如果keypass和storepass的密码不一致也会把q个?不知Z么非要设成一L)
]]>
Calendar calendar = Calendar.getInstance();2
calendar.add(Calendar.DATE, -1); //得到前一?/span>3
calendar.add(Calendar.MONTH, -1); //得到前一个月4
int year = calendar.get(Calendar.YEAR);5
int month = calendar.get(Calendar.MONTH)+1;
注意月䆾加一
]]>