1

I am currently in the process of writing a WebApp to access reports from our ICCube-System. The Application page is hosted on a server different to the IcCube-server. The server is currently a local Apache server (xampp) using Basic Auth to authenticate users before they can access my htdocs. I would like my Apache to do the authentication while icCube's internal authorization manages report access, with only a single login being required.

My application is based on the live demo for web reporting provided by IcCube; therefore it's using explicit JavaScript authentication (it's getting the demo user data through ic3.getDemoDataSourceSettings()).

After trying to work through the IcCube documentation on the matter, I am just as confused as before. The related page on Apache configuration lists possible configurations for Apache & icCube, but I don't understand which I should use (advantages & disadvantages) and if all of them even work with our server setup.

  1. Apache Configuration Overview: If I set these proxy parameters in my server config, what exactly is forwarded to IcCube?
  2. icCube Authentication Servlet Filter: Does this config extract belong to IcCube or Apache? What exactly are these filters doing?

Any help with the issue or pointers to a more in-depth documentation would be greatly appreciated.

4

1 回答 1

1

您的 Web 应用程序(即 Apache)将必须转发与访问 icCube 中的报告相关的调用。例如,您可以将 Apache 配置为转发与 icCube 相关的所有内容,如下所示:

<VirtualHost *:80>
ServerName your.domain.com

ProxyRequests Off

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass        /icCube http://your-ip:8383/icCube
ProxyPassReverse /icCube http://your-ip:8383/icCube

</VirtualHost>

然后使用 icCube 配置 (icCube.xml) 中的 Servlet 过滤器保护 Apache 和 icCube 之间的通信:

IcCubeApacheAuthenticationServletFilter
IcCubeApacheGwtAuthenticationServletFilter

第一个过滤器可用于除 GWT 之外的所有服务;对于 GWT,您可以使用第二个。这是可能的 icCube.xml 的摘录:

<xmlaComponentConfiguration>
    <!--<tcpPortNumber>8484</tcpPortNumber>-->
    <httpUrl>/icCube/xmla</httpUrl>
    <enableHttpCompression>true</enableHttpCompression>
    <filter>XMLA (Apache) Authentication</filter>
</xmlaComponentConfiguration>

<gwtServiceComponentConfiguration>
    <enableFileDownloadCompression>true</enableFileDownloadCompression>
    <filter>GWT (Apache) Authentication</filter>
</gwtServiceComponentConfiguration>

<reportingComponentConfiguration>
    <url>/icCube/doc/*</url>
    <enableCompression>true</enableCompression>
    <filter>Report Authentication</filter>
</reportingComponentConfiguration>

<gviComponentConfiguration>
    <url>/icCube/gvi</url>
    <enableCompression>true</enableCompression>
    <filter>GVI Authentication</filter>
    <filter>GVI Authentication (logout)</filter>
</gviComponentConfiguration>

<filterConfiguration>
    <filter>
        <filter-name>XMLA (Apache) Authentication</filter-name>
        <filter-class>crazydev.iccube.server.authentication.IcCubeApacheAuthenticationServletFilter</filter-class>
    </filter>
    <filter>
        <filter-name>GWT (Apache) Authentication</filter-name>
        <filter-class>crazydev.iccube.server.authentication.IcCubeApacheGwtAuthenticationServletFilter</filter-class>
    </filter>
    <filter>
        <filter-name>Report Authentication</filter-name>
        <filter-class>crazydev.iccube.server.authentication.IcCubeApacheAuthenticationServletFilter</filter-class>
    </filter>
    <filter>
        <filter-name>GVI Authentication</filter-name>
        <filter-class>crazydev.iccube.server.authentication.IcCubeApacheAuthenticationServletFilter</filter-class>
        <init-param>
            <param-name>anonymousLogon</param-name>
            <param-value>false</param-value>
        </init-param>
    </filter>
    <filter>
        <filter-name>GVI Authentication (logout)</filter-name>
        <filter-class>crazydev.iccube.server.authentication.IcCubeGviLogoutAuthenticationServletFilter</filter-class>
    </filter>
</filterConfiguration>

希望有帮助。

于 2015-11-23T08:39:31.093 回答