2017年8月28日月曜日

Apache JSPWikiがインストールされた仮想マシン(CentOS7.3)を作成する

VagrantでApache JSPWikiがインストールされた仮想マシンを作成するには以下のVagrantfileを使用します。この構成では、編集するのにユーザadmin/パスワードadminでログインすることが必要なwikiサイトになります。

Vagrantfile

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.box = "bento/centos-7.3"
  config.vm.hostname = "centos7jspwiki"
  config.vm.network :public_network, ip:"192.168.1.73"
  config.vm.provider :virtualbox do |vbox|
     vbox.name = "centos7jspwiki"
  end
  config.vm.provision "shell", inline: <<-SHELL
vgshare=/vagrant

# download and install jdk8
jdkfile=jdk-8u144-linux-x64.rpm
if [ ! -e /vagrant/$jdkfile ]; then
  wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" -P $vgshare http://download.oracle.com/otn-pub/java/jdk/8u144-b01/090f390dda5b47b9b721c7dfaa008135/jdk-8u144-linux-x64.rpm
fi

yum remove java-1.6.0-openjdk
yum remove java-1.7.0-openjdk
yum remove java-1.8.0-openjdk
rpm -ivh $vgshare/$jdkfile

# download and install tomcat8
tomcat=apache-tomcat-8.5.20
tomcatfile=$tomcat.tar.gz
if [ ! -e $vgshare/$tomcatfile ]; then
  wget -P $vgshare http://ftp.meisei-u.ac.jp/mirror/apache/dist/tomcat/tomcat-8/v8.5.20/bin/$tomcatfile
fi
tar xvfz $vgshare/$tomcatfile -C /opt

# download jspwiki and install it.
mkdir JSPWiki
cd JSPWiki
wget http://ftp.riken.jp/net/apache/jspwiki/2.10.2/binaries/webapp/JSPWiki.war
jar xvf JSPWiki.war
echo 'jspwiki.baseURL=http://192.168.1.73:8080/JSPWiki/' > /home/vagrant/JSPWiki/WEB-INF/classes/jspwiki-custom.properties
cp /vagrant/jspwiki.policy /home/vagrant/JSPWiki/WEB-INF/
cp /vagrant/userdatabase.xml /home/vagrant/JSPWiki/WEB-INF/
cd ..
mv JSPWiki /opt/$tomcat/webapps

# setup tomcat as a service...
cp $vgshare/tomcat.service /etc/systemd/system/
cp $vgshare/tomcat /etc/sysconfig
systemctl enable tomcat.service
systemctl start tomcat.service

SHELL

end
tomcat.service

[Unit]
Description=Apache Tomcat Servlet Container
After=syslog.target network.target

[Service]
Type=forking
EnvironmentFile=/etc/sysconfig/tomcat
ExecStart=/opt/apache-tomcat-8.5.20/bin/startup.sh
ExecStop=/opt/apache-tomcat-8.5.20/bin/shutdown.sh
KillMode=none

[Install]
WantedBy=multi-user.target
tomcat

JAVA_HOME="/usr/java/default"
jspwiki.policy

//  Licensed to the Apache Software Foundation (ASF) under one
//  or more contributor license agreements.  See the NOTICE file
//  distributed with this work for additional information
//  regarding copyright ownership.  The ASF licenses this file
//  to you under the Apache License, Version 2.0 (the
//  "License"); you may not use this file except in compliance
//  with the License.  You may obtain a copy of the License at
//
//    http://www.apache.org/licenses/LICENSE-2.0
//
//  Unless required by applicable law or agreed to in writing,
//  software distributed under the License is distributed on an
//  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
//  KIND, either express or implied.  See the License for the
//  specific language governing permissions and limitations
//  under the License.

// $Id: jspwiki.policy,v 1.23 2007-07-06 10:36:36 jalkanen Exp $
//
// This file contains the local security policy for JSPWiki.
// It provides the permissions rules for the JSPWiki
// environment, and should be suitable for most purposes.
// JSPWiki will load this policy when the wiki webapp starts.
//
// As noted, this is the 'local' policy for this instance of JSPWiki.
// You can also use the standard Java 2 security policy mechanisms
// to create a consolidated 'global policy' (JVM-wide) that will be checked first,
// before this local policy. This is ideal for situations in which you are
// running multiple instances of JSPWiki in your web container.
// To set a global security policy for all running instances of JSPWiki,
// you will need to specify the location of the global policy by setting the
// JVM system property 'java.security.policy' in the command line script
// you use to start your web container. See the documentation
// pages at http://doc.jspwiki.org/2.4/wiki/InstallingJSPWiki. If you
// don't know what this means, don't worry about it.
//
// Also, if you are running JSPWiki with a security policy, you will probably
// want to copy the contents of the file jspwiki-container.policy into your
// container's policy. See that file for more details.
//
// ------ EVERYTHING THAT FOLLOWS IS THE 'LOCAL' POLICY FOR YOUR WIKI ------

// The first policy block grants privileges that all users need, regardless of
// the roles or groups they belong to. Everyone can register with the wiki and
// log in. Everyone can edit their profile after they authenticate.
// Everyone can also view all wiki pages unless otherwise protected by an ACL.
// If that seems too loose for your needs, you can restrict page-viewing
// privileges by moving the PagePermission 'view' grant to one of the other blocks.

grant principal org.apache.wiki.auth.authorize.Role "All" {
    permission org.apache.wiki.auth.permissions.PagePermission "*:*", "view";
#    permission org.apache.wiki.auth.permissions.WikiPermission "*", "editPreferences";
#    permission org.apache.wiki.auth.permissions.WikiPermission "*", "editProfile";
    permission org.apache.wiki.auth.permissions.WikiPermission "*", "login";
};


// The second policy block is extremely loose, and unsuited for public-facing wikis.
// Anonymous users are allowed to create, edit and comment on all pages.
//
// Note: For Internet-facing wikis, you are strongly advised to remove the
// lines containing the "modify" and "createPages" permissions; this will make
// the wiki read-only for anonymous users.

// Note that "modify" implies *both* "edit" and "upload", so if you wish to
// allow editing only, then replace "modify" with "edit".

//grant principal org.apache.wiki.auth.authorize.Role "Anonymous" {
//    permission org.apache.wiki.auth.permissions.PagePermission "*:*", "modify";
//    permission org.apache.wiki.auth.permissions.WikiPermission "*", "createPages";
//};


// This next policy block is also pretty loose. It allows users who claim to
// be someone (via their cookie) to create, edit and comment on all pages,
// as well as upload files.
// They can also view the membership list of groups.

//grant principal org.apache.wiki.auth.authorize.Role "Asserted" {
//    permission org.apache.wiki.auth.permissions.PagePermission "*:*", "modify";
//    permission org.apache.wiki.auth.permissions.WikiPermission "*", "createPages";
//    permission org.apache.wiki.auth.permissions.GroupPermission "*:*", "view";
//};


// Authenticated users can do most things: view, create, edit and
// comment on all pages; upload files to existing ones; create and edit
// wiki groups; and rename existing pages. Authenticated users can also
// edit groups they are members of.

grant principal org.apache.wiki.auth.authorize.Role "Authenticated" {
    permission org.apache.wiki.auth.permissions.PagePermission "*:*", "modify,rename";
    permission org.apache.wiki.auth.permissions.GroupPermission "*:*", "view";
    permission org.apache.wiki.auth.permissions.GroupPermission "*:", "edit";
    permission org.apache.wiki.auth.permissions.WikiPermission "*", "createPages,createGroups";
};


// Administrators (principals or roles possessing AllPermission)
// are allowed to delete any page, and can edit, rename and delete
// groups. You should match the permission target (here, 'JSPWiki')
// with the value of the 'jspwiki.applicationName' property in
// jspwiki.properties. Two administative groups are set up below:
// the wiki group "Admin" (stored by default in wiki page GroupAdmin)
// and the container role "Admin" (managed by the web container).

grant principal org.apache.wiki.auth.GroupPrincipal "Admin" {
    permission org.apache.wiki.auth.permissions.AllPermission "*";
};
grant principal org.apache.wiki.auth.authorize.Role "Admin" {
    permission org.apache.wiki.auth.permissions.AllPermission "*";
};
userdatabase.xml

<?xml version="1.0" encoding="UTF-8"?>
<users>
<!-- use following command to generate sha1 hash : echo -n 'password' | sha1sum -->
    <user uid="b70c1100-7093-4290-aee9-eb3bac4954cc" loginName="admin" wikiName="Administrator" fullName="Administrator" email="test@localdomain" password="{SSHA}PQ2cmVbYoBW1wyzFxikvlJiHVoutbQdGqQmYig==" created="01-jan-2017 01:01:01" lastModified="2017.08.27 at 13:52:04:663 UTC" lockExpiry="" >
    </user>
</users>
ユーザを追加するには、userdatabase.xmlにuser属性を追加します。パスワードはecho -n 'password' | sha1sum を実行してhash値を生成して使用してください。

0 件のコメント:

コメントを投稿