沧浪之水

    经过一周零零星星的整理。博客总算恢复了。
    一个多月前，我们租用的IXWebhosting服务器停止提供服务，原因大体是因为数据库过载多次。经过多次交涉，仍然没给我们恢复服务。几个兄弟的网站都被关停了，数据也没法去除，实在大意啊。
    痛定思痛，考虑良久，觉得需要重新整理历史数据，搭建新的博客。
    网站数据大部分还是从网站存档服务网站，google cache里面抓取的。发现最近几年推了不少博，但精品文章还是很少。很多都是牢骚之类的。随丢弃。整理下来50多篇还算完整的博文。
    服务器思来想去，最后决定用一套免费的服务器，0fees和000webhost之类。最近2周试用下来，速度还算不错。但主机IP不是独立IP，希望别被GFW了就是。
    博文在本机和Google Doc做了备份。以后更换主机也方便些。这也算是这次服务商“拒绝服务” 吃到的一记教训和经验。数据要多做备份和存档，不能太相信服务商。

    现在新的博文通过Zoundry Blog Writer，Live Writer 或 Google Docs撰写后实时发布。三个工具用下来，本地我更偏向Zoundry Blog Writer，在线则非Google Docs莫属。Zoundry Blog Writer 支持多帐号，本地数据库也很容易做备份，但对WP的标签支持不是太好。Google Docs的博客发布功能比较简陋。但在线编辑和共享功能很完备。
    博客系统仍然用钟情的WordPress系统，这次界面风格以简洁为主，不做修饰，内容为王；插件装了不少，adsense-manager 管理广告、generalstats 更新统计、google-analytics-for-wordpress 管理网站流量监控、new-tag-cloud.0.6 标签云、twitter-tools.2.0 推特、wordpress-popular-posts.1.5.1 文章排行、wp-cumulus flash标签云、wp-mobile 博客手机版、feedburner_plug FeedBurner插件。

    我现在拥有的三个域名  corlin.cn cybercorlin.com cybercorlin.net 都指向了目前的博客 ,主域名是cybercorlin.com; 这个.com域名也算是我00年最早注册的域名，虽然长点，但承载了不少美好。）

    欢迎朋友们继续关注我和我的博客。 您也可以通过手机端访问本站，移动界面很IPhone哦。）

    希望我也能继续推一些有用的博文给大家分享，践行“每天进步一点点”的允诺。

    另：希望和志同道合的朋友交换博客链接。） call me : me at  corlin.cn

管理层必须有强烈的危机感和变革意识

必须有管理层参与

有资深的咨询专家参与

有业务部门主管和业务专家

有一只肯闯肯干的规划实施团队,大家相互间彼此信任

必须做好项目管理和监控

分步骤，分轻重缓急，迭代进行

定期给高层，中层，实施人员灌输思想

和财务部门、总裁办、董事会、审计处等干系部门处理好关系

做好、做足数据可视化工作

on 三.26, 2009,

星期四, 三月 01, 2007

89/90/91/130/142/144/210/251/254/263/265/285

Download OSS Service Activation API (See also JSR-000089 Web Page)

Download OSS Quality of Service API (See also JSR-000090 Web Page)

Download OSS Trouble Ticket API (See also JSR-000091 Web Page)

Download OSS Billing Mediation API (See also JSR-000130 Web Page)

Download OSS Inventory API (See also JSR-000142 Web Page)

Download OSS Common API (See also JSR-000144 Web Page)

Download OSS Service Quality Management API (See also JSR-000210 Web Page)

Download Pricing API (See also JSR-000251 Web Page)

Download OSS Discovery API (See also JSR-000254 Web Page)

Download Fault Management API (See also JSR-000263 Web Page)

Download Order Management API (See also JSR-000264 Web Page)

Download Performance Management API (See also JSR-000285 Web Page)

星期二, 三月 20, 2007

本文主要阐述在编译，打包和在JBOSS上部署和运行JOSSO单点登陆程序的步骤，认证数据存放Mysql数据库

＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃
建立基础数据库

选择认证信息存放介质，本文考虑用mysql数据库

mysql 连接信息为：
“com.mysql.jdbc.Driver”
“jdbc:mysql://localhost/test”
下载mysql jdbc驱动
把驱动程序放到
$JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/ 目录下 或 josso src lib 目录下

建立数据库，执行下列SQL
– Roles

CREATE TABLE JOSSO_ROLE (

NAME VARCHAR(16) NOT NULL,

DESCRIPTION VARCHAR(64) NULL

);

ALTER TABLE JOSSO_ROLE

ADD ( PRIMARY KEY (NAME) ) ;

– Users

CREATE TABLE JOSSO_USER (

LOGIN VARCHAR(16) NOT NULL,

PASSWORD VARCHAR(20) NOT NULL,

NAME VARCHAR(64) NULL,

DESCRIPTION VARCHAR(64) NULL

);

ALTER TABLE JOSSO_USER

ADD ( PRIMARY KEY (LOGIN) ) ;

– Users Properties

CREATE TABLE JOSSO_USER_PROPERTY (

LOGIN VARCHAR(16) NOT NULL,

NAME VARCHAR(255) NOT NULL,

VALUE VARCHAR(255) NOT NULL

);

ALTER TABLE JOSSO_USER_PROPERTY

ADD ( PRIMARY KEY (LOGIN, NAME) ) ;

ALTER TABLE JOSSO_USER_PROPERTY

ADD ( FOREIGN KEY (LOGIN)

REFERENCES JOSSO_USER ) ;

– Roles by user

CREATE TABLE JOSSO_USER_ROLE (

LOGIN VARCHAR(16) NOT NULL,

NAME VARCHAR(255) NOT NULL

);

ALTER TABLE JOSSO_USER_ROLE

ADD ( PRIMARY KEY (LOGIN, NAME) ) ;

ALTER TABLE JOSSO_USER_ROLE

ADD ( FOREIGN KEY (NAME)

REFERENCES JOSSO_ROLE ) ;

ALTER TABLE JOSSO_USER_ROLE

ADD ( FOREIGN KEY (LOGIN)

REFERENCES JOSSO_USER ) ;

– SSO Sessions

CREATE TABLE JOSSO_SESSION

(

SESSION_ID VARCHAR (64) NOT NULL

, USERNAME VARCHAR (128) NOT NULL

, CREATION_TIME INTEGER NOT NULL

, LAST_ACCESS_TIME INTEGER NOT NULL

, ACCESS_COUNT INTEGER NOT NULL

, MAX_INACTIVE_INTERVAL INTEGER NOT NULL

, VALID INTEGER NOT NULL

);

ALTER TABLE JOSSO_SESSION

ADD ( PRIMARY KEY (SESSION_ID) ) ;



INSERT INTO JOSSO_ROLE (NAME,DESCRIPTION) VALUES(‘role1′,’The Role1′);

INSERT INTO JOSSO_ROLE (NAME,DESCRIPTION) VALUES(‘role2′,’The Role2′);

INSERT INTO JOSSO_ROLE (NAME,DESCRIPTION) VALUES(‘role3′,’The Role3′);

INSERT INTO JOSSO_USER (LOGIN,PASSWORD,DESCRIPTION)

VALUES(‘user1′, ‘user1pwd’, ‘The User1′);

INSERT INTO JOSSO_USER_ROLE (LOGIN,NAME) VALUES(‘user1′, ‘role1′);

INSERT INTO JOSSO_USER_ROLE (LOGIN,NAME) VALUES(‘user1′, ‘role2′);

INSERT INTO JOSSO_USER (LOGIN,PASSWORD,DESCRIPTION)

VALUES(‘user2′, ‘user2pwd’, ‘The User2′);

INSERT INTO JOSSO_USER_ROLE (LOGIN,NAME) VALUES(‘user2′, ‘role3′);

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)

VALUES(‘user1′, ‘user.name’, ‘User1 Name’);

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)

VALUES(‘user1′, ‘user.lastName’, ‘User1 Last Name’);

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)

VALUES(‘user1′, ‘user.registrationDate’, ‘User1 Registration Date’);

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)

VALUES(‘user2′, ‘user.name’, ‘User2 Name’);

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)

VALUES(‘user2′, ‘user.lastName’, ‘User2 Last Name’);

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)

VALUES(‘user2′, ‘user.registrationDate’, ‘User2 Registration Date’);


—————————————-
设置好环境变量 ：

set JAVA_HOME=c:jdk1.5.0_03
set JBOSS_HOME=c:jboss-4.0.3SP1 类似
—————————————-
＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃
设置JOSSO配置文件信息 ％JOSSO_HOME％srcresources
1.设置网关配置文件 【Gateway Configuration】josso-gateway-config.xml
<?xml version=”1.0″ encoding=”ISO-8859-1″?>
<domain>
<name>SampleDomain</name>
<type>web</type>
<authenticator>
<class>org.josso.auth.AuthenticatorImpl</class>
<authentication-schemes>
<!– Basic Authentication Scheme –>
<authentication-scheme>
<name>basic-authentication</name>
<class>org.josso.auth.scheme.UsernamePasswordAuthScheme</class>
<!–JDBC Credential Store–>
<credential-store>
<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore </class>
<credentialsQueryString>SELECT login AS username , password AS password FROM josso_user
WHERE login = ?</credentialsQueryString>
<connectionName>cernet</connectionName>
<connectionPassword>password</connectionPassword>
<connectionURL>jdbc:mysql://localhost/cernet</connectionURL>
<driverName>com.mysql.jdbc.Driver</driverName>
</credential-store>
<credential-store-key-adapter>
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter </class>
</credential-store-key-adapter>
</authentication-scheme>
</authentication-schemes>
</authenticator>
<sso-identity-manager>
<class>org.josso.gateway.identity.service.SSOIdentityManagerImpl</class>
<!– JDBC Identity Store –>
<sso-identity-store>
<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore </class>
<userQueryString>SELECT login FROM josso_user WHERE login = ? </userQueryString>
<rolesQueryString>SELECT josso_role.name FROM josso_role , josso_user_role , josso_user
WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login
AND josso_role.name = josso_user_role.name</rolesQueryString>
<connectionName>cernet</connectionName>
<connectionPassword>password</connectionPassword>
<connectionURL>jdbc:mysql://localhost/cernet</connectionURL>
<driverName>com.mysql.jdbc.Driver</driverName>
</sso-identity-store>
<sso-identity-store-key-adapter>
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
</sso-identity-store-key-adapter>
</sso-identity-manager>
<sso-session-manager>
<class>org.josso.gateway.session.service.SSOSessionManagerImpl</class>
<!–
Set the maximum time interval, in minutes, between client requests
before the SSO Service will invalidate the session. A negative time
indicates that the session should never time out.
–>
<maxInactiveInterval>1</maxInactiveInterval>
<sso-session-store>
<class>
org.josso.gateway.session.service.store.MemorySessionStore
</class>
</sso-session-store>
<sso-session-id-generator>
<class>
org.josso.gateway.session.service.SessionIdGeneratorImpl
</class>
<!–
The message digest algorithm to be used when generating session
identifiers. This must be an algorithm supported by the
java.security.MessageDigest class on your platform.

In J2SE 1.4.2 you can check :
Java Cryptography Architecture API Specification & Reference -
Apendix A : Standard Names
Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512
–>
<algorithm>MD5</algorithm>
</sso-session-id-generator>
</sso-session-manager>
<sso-audit-manager>
<class>org.josso.gateway.audit.service.SSOAuditManagerImpl</class>
<handlers>
<!– This handler logs all audit trails using Log4J, under the given category –>
<handler>
<class>org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler</class>
<name>LoggerAuditTrailHandler</name>
<category>org.josso.gateway.audit.SSO_AUDIT</category>
</handler>
</handlers>
</sso-audit-manager>
<!– SSO Event Manager component –>
<sso-event-manager>
<class>org.josso.gateway.event.security.JMXSSOEventManagerImpl</class>
<!–
JMX Name of the EventManager MBean that will send SSO Events as JMX Notifications
The MBean will be registered by the MBeanComponentKeeper.
–>
<oname>josso:type=SSOEventManager</oname>
</sso-event-manager>
</domain>

2.设置智能代理配置文件 【Agent Configuration】josso-agent-config.xml
<?xml version=”1.0″ encoding=”ISO-8859-1″ ?>

<agent>



<!– JOSSO Agent classes –>

<!–class>org.josso.tc50.agent.CatalinaSSOAgent</class–>

<!–class>org.josso.tc55.agent.CatalinaSSOAgent</class–>

<!–class>org.josso.jb32.agent.JBossCatalinaSSOAgent</class–>

<class>org.josso.jb4.agent.JBossCatalinaSSOAgent</class>



<!– Login/Logout URLs –>

<gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl>

<gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl>

<!–gatewayLoginErrorUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginErrorUrl–>



<!–

Usefull when working in N-Tier modes behind a reverse proxy or load balancer

Here you should place the reverse proxy or load balancer base URL.



Note : When using this options, the gatewayLoginURL and gatewayLogoutURL should also point to this host.



<singlePointOfAccess>http://reverse-proxy-host:8080</singlePointOfAccess>



<gatewayLoginUrl>http://reverse-proxy-host:8080/josso/signon/login.do</gatewayLoginUrl>

<gatewayLogoutUrl>http://reverse-proxy-host:8080/josso/signon/logout.do</gatewayLogoutUrl>

–>



<!– Mininum interval between sso session access , in milliseconds –>

<sessionAccessMinInterval>1000</sessionAccessMinInterval>



<!– JOSSO Agent service locator configuration –>

<service-locator>

<class>org.josso.gateway.WebserviceGatewayServiceLocator</class>

<endpoint>localhost:8080</endpoint>



<!– Associate an identity to SOAP messages

<username>wsclient</username>

<password>wsclientpwd</password>

–>



<!– Enabled SSL on the SOAP circuit.

<transportSecurity>confidential</transportSecurity>

–>

</service-locator>



<!–

JOSSO Parnter application definicions :



Configure all web applications that should be a josso partner application within this server.

For each partner application you have to define the propper web-context.

–>

<partner-apps>



<partner-app>

<context>/partnerapp</context>

<!– This is an optional feature :

You can reference any web resource collection that should not be subject to SSO protection.

The SSO agent will not provide identity nor demand authentication to requests matching the

security constraint associated to this web resource collections.

In order to work, the security constraint must not contain auth-constraints declarations.

See sample web.xml file from josso partnerapp.

<security-constraint>

<ignore-web-resource-collection>public-resources</ignore-web-resource-collection>

</security-constraint>

–>

</partner-app>



</partner-apps>



</agent>


3.设置 josso-reverseproxy-config.xml 配置文件

4.设置 josso配置文件 josso-config.xml
<?xml version=”1.0″ encoding=”ISO-8859-1″ ?>
<configuration>
<hierarchicalXml fileName=”josso-gateway-config.xml”/>
<hierarchicalXml fileName=”josso-agent-config.xml”/>
<hierarchicalXml fileName=”josso-reverseproxy-config.xml”/>
</configuration>

#####################################################

配置应用服务器文件

—————————————-

编辑server.xml $JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xml

<Server>
…
<Service>
…
<Engine>
…
<Host name=”localhost” …>
…
<Valve className=”org.josso.tc55.agent.SSOAgentValve” debug=”1″/>
…
</Host>
</Engine>
</Service>
</Server>


<Server>
…
<Service>
…
<Engine name=”Catalina” defaultHost=”localhost” debug=”0″>
…
<Realm className=”org.josso.jb4.agent.JBossCatalinaRealm”
appName=”josso”
userClassNames=”org.josso.gateway.identity.service.BaseUserImpl”
roleClassNames=”org.josso.gateway.identity.service.BaseRoleImpl”
debug=”1″ />
…
</Engine>
</Service>
</Server>

—————————————-
编辑 login-config.xml $JBOSS_HOME/server/default/conf

<application-policy name = “josso”>
<authentication>
<login-module code = “org.josso.jb4.agent.JBossSSOGatewayLoginModule”
flag = “required”>
<module-option name=”debug”>true</module-option>
</login-module>
</authentication>
</application-policy>

拷贝文件到$JBOSS_HOME/server/default/conf
josso-config.xml
josso-gateway-config.xml
josso-agent-config.xml
josso-reverseproxy-config.xml

＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃
执行 Ant Build 任务列表部署和启动JOSSO on JBOSS
—————————————-
//编译War包
build.bat war
—————————————-
//安装josso到jboss
build.bat install-jboss4

—————————————-
//部署 josso应用ear包
build.bat deploy-jboss4
—————————————-
//启动 Jboss 进程
cd $JBOSS_HOME/bin
cd %JBOSS_HOME%bin
run.bat
—————————————-
访问受保护地址验证SSO
http://localhost:8080/partnerapp/protected
user and password is : user1/user1pwd user2/user2pwd
—————————————-


＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃
错误诊断

15:30:15,922 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
错误，一般是因为 login-config.xml 没有设置

很有趣，估计是04年前后拍的。前面的高层还没开始盖。）

我们家的地址，欢迎路远的兄弟预览 具体是北伟 39 52′ 32.55′’ , 东经116 39′ 44.55′’

Fri 14 Jul 2006

Consulting maxim:

You must give the customer The Warm Fuzzy Feeling™
“Trust” is your best job security
Working by yourself requires substantial time-management discipline.
You have no job security, even if you think you do
A financially-struggling consultant does not give a customer The Warm Fuzzy Feeling™
You are primarily in the customer service business, not the technical business
The best way to appreciate the value of a good spec is to do a project without one
Customers hate unhappy surprises much more than timely bad news
Churning by dishonest consultants is the single worst thing that has ever happened to honest consultants
Ongoing business is much more important than maximizing every billable hour
It’s better to give away some time than to throw away your reputation
Detail is comforting to a customer
If the customer doesn’t know you did work off the clock, you don’t get credit for it
Your best advertisement is publishing original, technical content
It’s a huge asset to communicate well – cultivate this skill vigorously
Your references are your reputation in the consulting world
Your customers cannot wonder where your interests are
Customers are comforted by consultants who don’t act entitled to their engagements
The customer is NOT always right
The internet never forgets: don’t provide dirt for your future
If you’re booked up solid, your rates are too low
Your long-term customers are your best customers
The best way to make a lot of money is to make your customers a lot of money
As long as you’re sleeping, you still have inventory
The fear of an empty pipeline is with most consultants constantly, even if they’re consistently very busy
You must know how to read your customer
Your customers are buying your judgment, not just your time
Being known for your integrity is the Holy Grail of consulting
An open customer relationship cultivates The Warm Fuzzy Feeling™
If you have a reputation for stealing customers, you’ll never be trusted by other professionals
Your references and your experience are far more important than your certifications
“Education” is one of the best investments a consultant can make
Don’t quit your day job solely based on what you read here

——Tue 11 Apr 2006——

Owners

1. Payout
2. Equity
3. Stock price
4. Nonmonetary desires

Customers

1. Business reliability
2. Product reliability
3. Product improvement
4. Product price
5. Product service
6. Continuity
7. Marketing efficiency

Employees of all ranks

1. Monetary reward
2. Reward of recognition
3. Reward of pride
4. Environment
5. Challenge
6. Continuity
7. Advancement

Suppliers

1. Price
2. Stability
3. Continuity
4. Growth

Banking community and other lenders

1. Sound risk
2. Interest payment
3. Repayment of principal

Government (federal, state, and local)

1. Taxes
2. Security and law enforcement
3. Management expertise
4. Democratic government
5. Capitalistic system
6. Implementation of programs

Immediate community

1. Economic growth and efficiency
2. Education
3. Employment and training

Society at large

1. Civil rights
2. Urban renewal and development
3. Pollution abatement
4. Conservation and recreation
5. Culture and arts
6. Medical care

—Thu 6 Jul 2006—

走了几个地方：
门耳茶坊，西湖断桥，西泠印社，潘天寿纪念馆，西湖博物馆，中国美院

杭州是一个喜好休闲的城市

–Mon 3 Jul 2006—

1.国图 看书查资料
2.玉渊潭,紫竹院，中山公园等.. 休息,思考
3.海碗居,富亭轩 进餐
4.法国文化中心，法国教育中心 学法语
5.避风塘 喝茶，消耗时间
6.地铁 上下班路上
7.官园鱼市，潘家园 鱼趣淘宝

…充不到十个，待补充

—Thu 6 Apr 2006–