沧浪之水

on 三.26, 2009,

星期四, 三月 01, 2007

89/90/91/130/142/144/210/251/254/263/265/285

Download OSS Service Activation API (See also JSR-000089 Web Page)

Download OSS Quality of Service API (See also JSR-000090 Web Page)

Download OSS Trouble Ticket API (See also JSR-000091 Web Page)

Download OSS Billing Mediation API (See also JSR-000130 Web Page)

Download OSS Inventory API (See also JSR-000142 Web Page)

Download OSS Common API (See also JSR-000144 Web Page)

Download OSS Service Quality Management API (See also JSR-000210 Web Page)

Download Pricing API (See also JSR-000251 Web Page)

Download OSS Discovery API (See also JSR-000254 Web Page)

Download Fault Management API (See also JSR-000263 Web Page)

Download Order Management API (See also JSR-000264 Web Page)

Download Performance Management API (See also JSR-000285 Web Page)

星期二, 三月 20, 2007

本文主要阐述在编译，打包和在JBOSS上部署和运行JOSSO单点登陆程序的步骤，认证数据存放Mysql数据库

＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃
建立基础数据库

选择认证信息存放介质，本文考虑用mysql数据库

mysql 连接信息为：
“com.mysql.jdbc.Driver”
“jdbc:mysql://localhost/test”
下载mysql jdbc驱动
把驱动程序放到
$JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/ 目录下 或 josso src lib 目录下

建立数据库，执行下列SQL
– Roles

CREATE TABLE JOSSO_ROLE (

NAME VARCHAR(16) NOT NULL,

DESCRIPTION VARCHAR(64) NULL

);

ALTER TABLE JOSSO_ROLE

ADD ( PRIMARY KEY (NAME) ) ;

– Users

CREATE TABLE JOSSO_USER (

LOGIN VARCHAR(16) NOT NULL,

PASSWORD VARCHAR(20) NOT NULL,

NAME VARCHAR(64) NULL,

DESCRIPTION VARCHAR(64) NULL

);

ALTER TABLE JOSSO_USER

ADD ( PRIMARY KEY (LOGIN) ) ;

– Users Properties

CREATE TABLE JOSSO_USER_PROPERTY (

LOGIN VARCHAR(16) NOT NULL,

NAME VARCHAR(255) NOT NULL,

VALUE VARCHAR(255) NOT NULL

);

ALTER TABLE JOSSO_USER_PROPERTY

ADD ( PRIMARY KEY (LOGIN, NAME) ) ;

ALTER TABLE JOSSO_USER_PROPERTY

ADD ( FOREIGN KEY (LOGIN)

REFERENCES JOSSO_USER ) ;

– Roles by user

CREATE TABLE JOSSO_USER_ROLE (

LOGIN VARCHAR(16) NOT NULL,

NAME VARCHAR(255) NOT NULL

);

ALTER TABLE JOSSO_USER_ROLE

ADD ( PRIMARY KEY (LOGIN, NAME) ) ;

ALTER TABLE JOSSO_USER_ROLE

ADD ( FOREIGN KEY (NAME)

REFERENCES JOSSO_ROLE ) ;

ALTER TABLE JOSSO_USER_ROLE

ADD ( FOREIGN KEY (LOGIN)

REFERENCES JOSSO_USER ) ;

– SSO Sessions

CREATE TABLE JOSSO_SESSION

(

SESSION_ID VARCHAR (64) NOT NULL

, USERNAME VARCHAR (128) NOT NULL

, CREATION_TIME INTEGER NOT NULL

, LAST_ACCESS_TIME INTEGER NOT NULL

, ACCESS_COUNT INTEGER NOT NULL

, MAX_INACTIVE_INTERVAL INTEGER NOT NULL

, VALID INTEGER NOT NULL

);

ALTER TABLE JOSSO_SESSION

ADD ( PRIMARY KEY (SESSION_ID) ) ;



INSERT INTO JOSSO_ROLE (NAME,DESCRIPTION) VALUES(’role1′,’The Role1′);

INSERT INTO JOSSO_ROLE (NAME,DESCRIPTION) VALUES(’role2′,’The Role2′);

INSERT INTO JOSSO_ROLE (NAME,DESCRIPTION) VALUES(’role3′,’The Role3′);

INSERT INTO JOSSO_USER (LOGIN,PASSWORD,DESCRIPTION)

VALUES(’user1′, ‘user1pwd’, ‘The User1′);

INSERT INTO JOSSO_USER_ROLE (LOGIN,NAME) VALUES(’user1′, ‘role1′);

INSERT INTO JOSSO_USER_ROLE (LOGIN,NAME) VALUES(’user1′, ‘role2′);

INSERT INTO JOSSO_USER (LOGIN,PASSWORD,DESCRIPTION)

VALUES(’user2′, ‘user2pwd’, ‘The User2′);

INSERT INTO JOSSO_USER_ROLE (LOGIN,NAME) VALUES(’user2′, ‘role3′);

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)

VALUES(’user1′, ‘user.name’, ‘User1 Name’);

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)

VALUES(’user1′, ‘user.lastName’, ‘User1 Last Name’);

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)

VALUES(’user1′, ‘user.registrationDate’, ‘User1 Registration Date’);

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)

VALUES(’user2′, ‘user.name’, ‘User2 Name’);

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)

VALUES(’user2′, ‘user.lastName’, ‘User2 Last Name’);

INSERT INTO JOSSO_USER_PROPERTY(LOGIN,NAME,VALUE)

VALUES(’user2′, ‘user.registrationDate’, ‘User2 Registration Date’);


—————————————-
设置好环境变量 ：

set JAVA_HOME=c:jdk1.5.0_03
set JBOSS_HOME=c:jboss-4.0.3SP1 类似
—————————————-
＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃
设置JOSSO配置文件信息 ％JOSSO_HOME％srcresources
1.设置网关配置文件 【Gateway Configuration】josso-gateway-config.xml
<?xml version=”1.0″ encoding=”ISO-8859-1″?>
<domain>
<name>SampleDomain</name>
<type>web</type>
<authenticator>
<class>org.josso.auth.AuthenticatorImpl</class>
<authentication-schemes>
<!– Basic Authentication Scheme –>
<authentication-scheme>
<name>basic-authentication</name>
<class>org.josso.auth.scheme.UsernamePasswordAuthScheme</class>
<!–JDBC Credential Store–>
<credential-store>
<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore </class>
<credentialsQueryString>SELECT login AS username , password AS password FROM josso_user
WHERE login = ?</credentialsQueryString>
<connectionName>cernet</connectionName>
<connectionPassword>password</connectionPassword>
<connectionURL>jdbc:mysql://localhost/cernet</connectionURL>
<driverName>com.mysql.jdbc.Driver</driverName>
</credential-store>
<credential-store-key-adapter>
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter </class>
</credential-store-key-adapter>
</authentication-scheme>
</authentication-schemes>
</authenticator>
<sso-identity-manager>
<class>org.josso.gateway.identity.service.SSOIdentityManagerImpl</class>
<!– JDBC Identity Store –>
<sso-identity-store>
<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore </class>
<userQueryString>SELECT login FROM josso_user WHERE login = ? </userQueryString>
<rolesQueryString>SELECT josso_role.name FROM josso_role , josso_user_role , josso_user
WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login
AND josso_role.name = josso_user_role.name</rolesQueryString>
<connectionName>cernet</connectionName>
<connectionPassword>password</connectionPassword>
<connectionURL>jdbc:mysql://localhost/cernet</connectionURL>
<driverName>com.mysql.jdbc.Driver</driverName>
</sso-identity-store>
<sso-identity-store-key-adapter>
<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
</sso-identity-store-key-adapter>
</sso-identity-manager>
<sso-session-manager>
<class>org.josso.gateway.session.service.SSOSessionManagerImpl</class>
<!–
Set the maximum time interval, in minutes, between client requests
before the SSO Service will invalidate the session. A negative time
indicates that the session should never time out.
–>
<maxInactiveInterval>1</maxInactiveInterval>
<sso-session-store>
<class>
org.josso.gateway.session.service.store.MemorySessionStore
</class>
</sso-session-store>
<sso-session-id-generator>
<class>
org.josso.gateway.session.service.SessionIdGeneratorImpl
</class>
<!–
The message digest algorithm to be used when generating session
identifiers. This must be an algorithm supported by the
java.security.MessageDigest class on your platform.

In J2SE 1.4.2 you can check :
Java Cryptography Architecture API Specification & Reference -
Apendix A : Standard Names
Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512
–>
<algorithm>MD5</algorithm>
</sso-session-id-generator>
</sso-session-manager>
<sso-audit-manager>
<class>org.josso.gateway.audit.service.SSOAuditManagerImpl</class>
<handlers>
<!– This handler logs all audit trails using Log4J, under the given category –>
<handler>
<class>org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler</class>
<name>LoggerAuditTrailHandler</name>
<category>org.josso.gateway.audit.SSO_AUDIT</category>
</handler>
</handlers>
</sso-audit-manager>
<!– SSO Event Manager component –>
<sso-event-manager>
<class>org.josso.gateway.event.security.JMXSSOEventManagerImpl</class>
<!–
JMX Name of the EventManager MBean that will send SSO Events as JMX Notifications
The MBean will be registered by the MBeanComponentKeeper.
–>
<oname>josso:type=SSOEventManager</oname>
</sso-event-manager>
</domain>

2.设置智能代理配置文件 【Agent Configuration】josso-agent-config.xml
<?xml version=”1.0″ encoding=”ISO-8859-1″ ?>

<agent>



<!– JOSSO Agent classes –>

<!–class>org.josso.tc50.agent.CatalinaSSOAgent</class–>

<!–class>org.josso.tc55.agent.CatalinaSSOAgent</class–>

<!–class>org.josso.jb32.agent.JBossCatalinaSSOAgent</class–>

<class>org.josso.jb4.agent.JBossCatalinaSSOAgent</class>



<!– Login/Logout URLs –>

<gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl>

<gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl>

<!–gatewayLoginErrorUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginErrorUrl–>



<!–

Usefull when working in N-Tier modes behind a reverse proxy or load balancer

Here you should place the reverse proxy or load balancer base URL.



Note : When using this options, the gatewayLoginURL and gatewayLogoutURL should also point to this host.



<singlePointOfAccess>http://reverse-proxy-host:8080</singlePointOfAccess>



<gatewayLoginUrl>http://reverse-proxy-host:8080/josso/signon/login.do</gatewayLoginUrl>

<gatewayLogoutUrl>http://reverse-proxy-host:8080/josso/signon/logout.do</gatewayLogoutUrl>

–>



<!– Mininum interval between sso session access , in milliseconds –>

<sessionAccessMinInterval>1000</sessionAccessMinInterval>



<!– JOSSO Agent service locator configuration –>

<service-locator>

<class>org.josso.gateway.WebserviceGatewayServiceLocator</class>

<endpoint>localhost:8080</endpoint>



<!– Associate an identity to SOAP messages

<username>wsclient</username>

<password>wsclientpwd</password>

–>



<!– Enabled SSL on the SOAP circuit.

<transportSecurity>confidential</transportSecurity>

–>

</service-locator>



<!–

JOSSO Parnter application definicions :



Configure all web applications that should be a josso partner application within this server.

For each partner application you have to define the propper web-context.

–>

<partner-apps>



<partner-app>

<context>/partnerapp</context>

<!– This is an optional feature :

You can reference any web resource collection that should not be subject to SSO protection.

The SSO agent will not provide identity nor demand authentication to requests matching the

security constraint associated to this web resource collections.

In order to work, the security constraint must not contain auth-constraints declarations.

See sample web.xml file from josso partnerapp.

<security-constraint>

<ignore-web-resource-collection>public-resources</ignore-web-resource-collection>

</security-constraint>

–>

</partner-app>



</partner-apps>



</agent>


3.设置 josso-reverseproxy-config.xml 配置文件

4.设置 josso配置文件 josso-config.xml
<?xml version=”1.0″ encoding=”ISO-8859-1″ ?>
<configuration>
<hierarchicalXml fileName=”josso-gateway-config.xml”/>
<hierarchicalXml fileName=”josso-agent-config.xml”/>
<hierarchicalXml fileName=”josso-reverseproxy-config.xml”/>
</configuration>

#####################################################

配置应用服务器文件

—————————————-

编辑server.xml $JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xml

<Server>
…
<Service>
…
<Engine>
…
<Host name=”localhost” …>
…
<Valve className=”org.josso.tc55.agent.SSOAgentValve” debug=”1″/>
…
</Host>
</Engine>
</Service>
</Server>


<Server>
…
<Service>
…
<Engine name=”Catalina” defaultHost=”localhost” debug=”0″>
…
<Realm className=”org.josso.jb4.agent.JBossCatalinaRealm”
appName=”josso”
userClassNames=”org.josso.gateway.identity.service.BaseUserImpl”
roleClassNames=”org.josso.gateway.identity.service.BaseRoleImpl”
debug=”1″ />
…
</Engine>
</Service>
</Server>

—————————————-
编辑 login-config.xml $JBOSS_HOME/server/default/conf

<application-policy name = “josso”>
<authentication>
<login-module code = “org.josso.jb4.agent.JBossSSOGatewayLoginModule”
flag = “required”>
<module-option name=”debug”>true</module-option>
</login-module>
</authentication>
</application-policy>

拷贝文件到$JBOSS_HOME/server/default/conf
josso-config.xml
josso-gateway-config.xml
josso-agent-config.xml
josso-reverseproxy-config.xml

＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃
执行 Ant Build 任务列表部署和启动JOSSO on JBOSS
—————————————-
//编译War包
build.bat war
—————————————-
//安装josso到jboss
build.bat install-jboss4

—————————————-
//部署 josso应用ear包
build.bat deploy-jboss4
—————————————-
//启动 Jboss 进程
cd $JBOSS_HOME/bin
cd %JBOSS_HOME%bin
run.bat
—————————————-
访问受保护地址验证SSO
http://localhost:8080/partnerapp/protected
user and password is : user1/user1pwd user2/user2pwd
—————————————-


＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃
错误诊断

15:30:15,922 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
错误，一般是因为 login-config.xml 没有设置

很有趣，估计是04年前后拍的。前面的高层还没开始盖。）

我们家的地址，欢迎路远的兄弟预览 具体是北伟 39 52′ 32.55′’ , 东经116 39′ 44.55′’

Fri 14 Jul 2006

Consulting maxim:

You must give the customer The Warm Fuzzy Feeling™
“Trust” is your best job security
Working by yourself requires substantial time-management discipline.
You have no job security, even if you think you do
A financially-struggling consultant does not give a customer The Warm Fuzzy Feeling™
You are primarily in the customer service business, not the technical business
The best way to appreciate the value of a good spec is to do a project without one
Customers hate unhappy surprises much more than timely bad news
Churning by dishonest consultants is the single worst thing that has ever happened to honest consultants
Ongoing business is much more important than maximizing every billable hour
It’s better to give away some time than to throw away your reputation
Detail is comforting to a customer
If the customer doesn’t know you did work off the clock, you don’t get credit for it
Your best advertisement is publishing original, technical content
It’s a huge asset to communicate well – cultivate this skill vigorously
Your references are your reputation in the consulting world
Your customers cannot wonder where your interests are
Customers are comforted by consultants who don’t act entitled to their engagements
The customer is NOT always right
The internet never forgets: don’t provide dirt for your future
If you’re booked up solid, your rates are too low
Your long-term customers are your best customers
The best way to make a lot of money is to make your customers a lot of money
As long as you’re sleeping, you still have inventory
The fear of an empty pipeline is with most consultants constantly, even if they’re consistently very busy
You must know how to read your customer
Your customers are buying your judgment, not just your time
Being known for your integrity is the Holy Grail of consulting
An open customer relationship cultivates The Warm Fuzzy Feeling™
If you have a reputation for stealing customers, you’ll never be trusted by other professionals
Your references and your experience are far more important than your certifications
“Education” is one of the best investments a consultant can make
Don’t quit your day job solely based on what you read here

——Tue 11 Apr 2006——

Owners

1. Payout
2. Equity
3. Stock price
4. Nonmonetary desires

Customers

1. Business reliability
2. Product reliability
3. Product improvement
4. Product price
5. Product service
6. Continuity
7. Marketing efficiency

Employees of all ranks

1. Monetary reward
2. Reward of recognition
3. Reward of pride
4. Environment
5. Challenge
6. Continuity
7. Advancement

Suppliers

1. Price
2. Stability
3. Continuity
4. Growth

Banking community and other lenders

1. Sound risk
2. Interest payment
3. Repayment of principal

Government (federal, state, and local)

1. Taxes
2. Security and law enforcement
3. Management expertise
4. Democratic government
5. Capitalistic system
6. Implementation of programs

Immediate community

1. Economic growth and efficiency
2. Education
3. Employment and training

Society at large

1. Civil rights
2. Urban renewal and development
3. Pollution abatement
4. Conservation and recreation
5. Culture and arts
6. Medical care

—Thu 6 Jul 2006—

走了几个地方：
门耳茶坊，西湖断桥，西泠印社，潘天寿纪念馆，西湖博物馆，中国美院

杭州是一个喜好休闲的城市

–Mon 3 Jul 2006—

1.国图 看书查资料
2.玉渊潭,紫竹院，中山公园等.. 休息,思考
3.海碗居,富亭轩 进餐
4.法国文化中心，法国教育中心 学法语
5.避风塘 喝茶，消耗时间
6.地铁 上下班路上
7.官园鱼市，潘家园 鱼趣淘宝

…充不到十个，待补充

—Thu 6 Apr 2006–

文/潞

　　使用古书里的成语来形容所要表现的事物，不但可以减省笔墨，而且可以增益文采，所以人们喜欢采用。时常在文章中看到作者自称为”下里巴人”以示自谦，这其实是一种误用。”下里巴人”中虽有一个”人”字，但并非是指人，而是指歌曲。《文选·宋玉〈对楚王问〉》中记载： “客有歌于郢中者，其始曰《下里》、《巴人》，国中属而和者数千人。其为阳阿薤露，国中属而和者数百人。其为《阳春》、《白雪》，国中属而和者，不过数十人。引商刻羽，杂以流徵，国中属而和者，不过数人而已。是其曲弥高，其和弥寡”李周翰注曰：”《下里》、《巴人》，下曲名也。《阳春》、《白雪》高曲名也。”由此可知，”阳春白雪”与”下里巴人”都是古代楚国的歌曲名。

　　从各种文献中不难发现，下里巴人一类的巴人歌谣，很早就已影响到了中原地区。巴人的歌舞多是群体的，唱歌时大家情不自禁的手舞足蹈。

　　巴渝民歌因曲调流畅、曲风明快活泼和富有浓郁的地方风情，从而被人们广为喜爱。大家所熟悉的《竹枝词》就是在《下里》《巴人》这样的歌曲上衍变而来的。 “竹枝词”，又名”竹枝”、”竹枝子”、”竹枝曲”、”竹枝歌”。在唐《乐府》中以地名命名而将”竹枝”称为”巴渝歌”。杜甫在夔州有诗说：”万里巴渝曲，三年实饱闻”。

　　从唐人拟作的《竹枝词》中，可以看出民间在《竹枝歌》的基调是愁苦悲凉的，后来经过文人的采录与润色后流传下来。我们熟悉的刘禹锡的《竹枝词》就属于这一类。与民间的《竹枝词》一样，《薅草锣鼓》是巴渝、巴楚一带薅草时节以锣鼓伴奏的传统民歌演唱形式。《薅草锣鼓》的起源很早，起源于农事，人们祭拜农神田畯，驱邪避害，与巴楚先民信巫尚鬼的民俗有密切关系。

　　”下里巴人”、”竹枝词”、”薅草锣鼓”是巴渝古代民歌中最具有代表性和影响力的样式，它们之间有着明显的传承关系。”竹枝词”和”薅草锣鼓”是不同时代的”下里巴人”，是对 “下里巴人”丰富和发展。一方面是艺术形式、艺术风格的传承、一方面又是形式和内容随着历史和社会生活的变迁而变易。

　　像所有活跃在民间的大众艺术一样，无论是”下里巴人”还是”竹枝词”他们最大的长处便是”通俗性”。它们虽然语言通俗但反映的内涵却十分深刻。所以人说”山歌无本句句真。”

　　”阳春白雪”与”下里巴人”虽然一个高雅清丽、一个活泼灵动但都是表达真实感情的思之声，因而得以丰富和发扬至今。

参考论文：陈正平 《巴渝古代民歌简论》

—-Thu 6 Apr 2006—–

中国政府研究人员表示，中国经济2008年有急剧衰退的危险，可能不得不容忍超标的通货膨胀以维持经济增长。

中国国务院发展研究中心的宏观经济研究负责人余斌表示，中国可能不得不将注意力由遏制通胀转到维持经济增长上面。他说，许多人看到通胀的危险，也注意到经济过热的风险，但是看到2008年经济严重衰退的人却不多。

北京一直在极力遏制高通货膨胀。中国在4月的通胀率达到8.5%，接近过去12年当中的最高水平。不过在5月通胀率下降到了7.7%，许多经济学家估计通胀率在2008年其余时间会进一步下降。

余斌说，现在几乎已经不可能将消费指数（CPI）控制在4.8%的官方指标内，但是他认为决策者应该担心经济急剧衰退的危险。中国经济增长必须要保持在10%左右才能满足今年的就业目标，即创造1,000万个就业机会。

他还补充说，中国出口以美元计算，在今年头4个月比去年同期增加了21.5%，数量上并不大。在宁波，青岛和大连等主要港口，货物转运量有所下降。

国内股市不稳也增加了公司募集资金的难度，房屋市场冷却可能限制钢铁等上游行业。原材料和劳动力价格上涨也可能使许多投资者对新项目更加谨慎投入。

原文地址

—-29 04 2008 —-