单点登录(三)| JIRA 安装及 JIRA 集成 CAS 实践
作者:阿东
微信公众号:杰哥的IT之旅(ID:Jake_Internet)
JIRA 介绍
Jira是atlassian公司出品的一款事务管理软件。无论是需求还是BUG或者是任务,都是事务的一种,所以JIRA可以胜任非常多的角色:需求管理、缺陷跟踪、任务管理等
Jira提供专门的scrum视图和kanban视图,所以适合敏捷开发团队使用。
工具基础概念
问题:不同的组织使用jira追踪不同的问题。Jira的项目根据企业组织定制,是问题的集合。
模块:一个项目模块是这个项目中问题的逻辑分类集合。每个项目可以根据企业组织的要求设置多个模块。
例如:一个软件研发项目可以设置“文档”、“邮件系统”、“用户界面”等模块。
版本:对于一些项目类型来说,特别是软件研发项目,为问题关联产品的版本是非常有用的。
一个问题可以设置两种类型的版本信息。
影响版本----可以清晰的反映出这个问题在哪个版本中出现错误。
例如:一个软件的缺陷可能影响了产品的1.1和1.2
修复版本-----可以反映出报告的问题将在哪个版本,或已经在哪个版本中修复。
例如:软件缺陷影响了产品的1.1版和1.2版,这个缺陷已经在2.0版中修复。注意没有修复版本的问题会被归类到为规划。
版本可以有3个状态:已发布、未发布和已归档
版本可以设置发布日期,而jira会自动将到期还没有发布的版本高亮显示出来,并标注上“超期”标志。
安装
环境:
Centos 7
Jdk-1.8
Mysql-5.6
Jira-7.8.1
查看java版本
# java -versionMysql 的安装(yum)
安装mysql,为jira常见对应的数据库、用户名和密码
yum install wget
下载mysql源
安装rpm包# wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm安装后,会得到两个mysql的yum的repo源# rpm -ivh mysql-community-release-el7-5.noarch.rpm安装mysql# yum install mysql-server mysql-client启动mysql# systemctl enable mysqld# systemctl start mysqld重置mysql密码# mysql -u root > use mysql;> update user set password=password(‘new passed’) where user=’user_name’;> flush privileges;> create database jira default characher set utf8 collate utf8_bin;> show databases;> grant all on jira. To ‘jira’@’%’ indentified by ‘jirapasswd’;> flush privileges;下载并安装jira
查看 linux 系统位数
# genconf LONG_BIT64Jira的下载网站
地址:https://www.atlassian.com/software/jira/update
# wget https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-7.8.1-x64.bin# chmod 755 ./atlassian-jira-software-7.8.1-x64.bin# ./atlassian-jira-software-7.8.1-x64.binUnpacking JRE ...Starting Installer ...This will install JIRA Software 7.4.1 on your computer.OK [o, Enter], Cancel [c]o # 按o安装Choose the appropriate installation or upgrade option.Please choose one of the following:Express Install (use default settings) [1], Custom Install (recommended for advanced users) [2, Enter], Upgrade an existing JIRA installation [3]2 # 2 为自定义安装Where should JIRA Software be installed?[/opt/atlassian/jira]/usr/local/atlassina/jira # 自定义安装目录Default location for JIRA Software data[/var/atlassian/application-data/jira]/usr/local/atlassina/jira_data # 自定义数据目录Configure which ports JIRA Software will use.JIRA requires two TCP ports that are not being used by any otherapplications on this machine. The HTTP port is where you will access JIRAthrough your browser. The Control port is used to startup and shutdown JIRA.Use default ports (HTTP: 8080, Control: 8005) - Recommended [1, Enter], Set custom value for HTTP and Control ports [2]2 # 2为自定义端口HTTP Port Number[8080] # 8080 为默认端口8050 # http连接端口Control Port Number[8005]8040 # 控制端口JIRA can be run in the background.You may choose to run JIRA as a service, which means it will startautomatically whenever the computer restarts.Install JIRA as Service?Yes [y, Enter], No [n]y # 是否开机自启Details on where JIRA Software will be installed and the settings that will be used.Installation Directory: /usr/local/atlassina/jira Home Directory: /usr/local/atlassina/jira_data HTTP Port: 8050 RMI Port: 8040 Install as service: Yes Install [i, Enter], Exit [e]i # 确认已选配置Extracting files ...Please wait a few moments while JIRA Software is configured.Installation of JIRA Software 7.4.1 is completeStart JIRA Software 7.4.1 now?Yes [y, Enter], No [n]y # 启动Please wait a few moments while JIRA Software starts up.Launching JIRA Software ...Installation of JIRA Software 7.4.1 is completeYour installation of JIRA Software 7.4.1 is now ready and can be accessedvia your browser.JIRA Software 7.4.1 can be accessed at http://localhost:8050Finishing installation ...修改默认端口
Jira安装到了/opt/Atlassian/jira和/var/Atlassian/application-data/jira目录下,并且jira监听的端口是8080。Jira的主要配置文件,存放在/opt/Atlassian/jira/conf/server.xml文件中。
# vim /opt/Atlassian/jira/conf/server.xml# cd /opt/Atlassian/jira/bin# ./start-jira.sh破解JIRA
先关闭jira,将破解包里面的atlassian-extras-3.2.jar和mysql-connector-java-5.1.39-bin.jar两个文件复制到/opt/Atlassian/jira/Atlassian-jira/WEB-INF/lib的目录下
Atlassian-extras-3..2.jar 用作破解jira系统
Mysql-connectir-java 用来连接mysql数据库的驱动软件包
# cp mysql-connector-java-5.1.47.jar /opt/atlassian/jira/lib/# cp ./atlassian-extras-3.2.jar /opt/atlassian/jira/atlassian-jira/WEB-INF/lib也可自行在官网注册30天的是使用注册码:
注册官网:https://my.atlassian.com
或使用以下地址:
https://id.atlassian.com/signup?application=mac&continue=https://my.atlassian.com
登陆账号后,选择 New Evaluation License
将上图中生成的key复制到页面
设置管理员用户
安装完成。
Jira集成cas
参考文章:https://github.com/apereo/java-cas-client#atlassian-integration
下载cas-client依赖包地址:http://central.maven.org/maven2/org/jasig/cas/client/
整理思路
Cas的客户端实现是依靠正在客户端配置cas的过滤器和监听器实现的,并配置在首位,用于监听子系统的session和收取cas server发过来的命令。
Jira有自己本身的用户登录登出的验证机制,jira的登录主要依靠认证器com.atlassian.jira.security.login.JiraSeraphAuthenticator来进行认证
那么在jira的配置文件配置cas的客户端依赖,并替换条jira的认证器即可实现cas的整合,cas官网提供了相关的jar包和配置说明。
主要步骤
1.配置web.xml,需要注意的是过滤器和监听器的位置
2.配置seraph-config.xml,设定跳转地址
3.拷贝依赖包到jira目录,需要注意的是两个包版本需一致
过程
1.配置web.xml
需要配置过滤器和监听器两个配置
# vim /opt/Atlassian/jira/Atlassian-jira/WEB-INF/web.xmla.配置cas的过滤器 <!-- CAS:START - JAVA Client Filters --> <filter> <filter-name>CasSingleSignOutFilter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter> <filter-name>CasAuthenticationFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://192.168.1.133:8080/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://192.168.1.20:8080/</param-value> </init-param> </filter> <filter> <filter-name>CasValidationFilter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://192.168.1.133:8080/cas/</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://192.168.1.20:8080/</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter><!-- CAS:END--><!-- CAS:START Java client filter mappings--> <filter-mapping> <filter-name>CasSingleSignOutFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CasAuthenticationFilter</filter-name> <url-pattern>/*</url-pattern> <!--需要全匹配,不然就会直接可以访问到登录页面的问题--> </filter-mapping> <filter-mapping> <filter-name>CasValidationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!--CAS:END--> <filter-mapping> <filter-name>login</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping>过滤器filter配置说面
过滤器mapping配置说明
Mapping必须配置在login这个过滤器上面
b.配置监听器<listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class></listener>监听器配置说明
监听器,需要配置到DO NOT ADD ANY SERVLET CONTEXT LISTENERS这段话的上面,或者下面。
2.配置seraph-config.xml
需要修改seraph-config.xml,更改授权为cas,同时配置登出和登录的信息
a.配置登录和登出信息
# vim /opt/atlassian/jira/atlassian-jira/WEB-INF/classes/seraph-config.xml--> <param-name>login.url</param-name> <param-value>http://192.168.1.133:8080/cas/login?service=${originalurl}</param-value><!-- <param-value>/login.jsp?permissionViolation=true&os_destination=${originalurl}&page_caps=${pageCaps}&user_role=${userRole}</param-value>--> <!--<param-value>http://sso.mycompany.com/login?redirectTo=${originalurl}</param-value>--> </init-param> <init-param> <!-- the URL to redirect to when the user explicitly clicks on a login link (rather than being redirected after trying to access a protected resource). Most of the time, this will be the same value as 'login.url'. - same properties as login.url above --> <param-name>link.login.url</param-name> <param-value>http://192.168.1.133:8080/cas/login?service=${originalurl}</param-value><!-- <param-value>/login.jsp?os_destination=${originalurl}</param-value>--> <!--<param-value>/secure/Dashboard.jspa?os_destination=${originalurl}</param-value>--> <!--<param-value>http://sso.mycompany.com/login?redirectTo=${originalurl}</param-value>--> </init-param> <init-param> <!-- URL for logging out. - If relative, Seraph just redirects to this URL, which is responsible for calling Authenticator.logout(). - If absolute (eg. SSO applications), Seraph calls Authenticator.logout() and redirects to the URL --> <param-name>logout.url</param-name> <param-value>http://192.168.1.133:8080/cas/logout</param-value> <!--<param-value>/secure/Logout!default.jspa</param-value>--> <!--<param-value>http://sso.mycompany.com/logout</param-value>--> </init-param>配置cas的授权方式,注释点原来的验证方式
3.拷贝cas依赖包
拷贝cas的客户端依赖的jar包,(cas-client-core-3.3.3.jar,cas-client-integration-atlassian-3.3.3.jar),到/opt/atlassian/jira/Atlassian-jira/WEB-INF/lib
# cp cas-client-* /opt/atlassian/jira/atlassian-jira/WEB-INF/lib/4.重启jira服务
启动服务
# /opt/Atlassian/jira/bin/start-jira.sh关闭服务# /opt/Atlassian/jira/bin/shutdown.sh#查看日志# tail -f /opt/Atlassian/jira/logs/Catalina.out可能遇到的问题
1.com.atlassian.plugin.osgi.container.OsgiContainerException: Cannot start plugin: com.atlassian.jira.plugins.jira-development-integration-plugin
原因:语言包的问题,在破解的时候存在问题
2.未认证服务
添加服务到casa上,还需要在./tomcat/webapps/cas/WEB-INF/class/application.properties,配置cas.serviceRegistry.initFromJson=true,让cas可以从json来初始化数据。
Confluence集成cas
主要步骤:
1.配置web.xml文件,设置过滤器,匹配
2.配置seraph-config.xml,设定访问到cas的信息
3.修改xwork.xml(这个文件存在于confluence-3.0.1.jar),配置登出
4.导入cas登录的jar包
5.重启cas服务
6.登录测试
1.配置web.xml
编辑web.xml添加过滤器,监听器
# vim /opt/Atlassian/confluence/confluence/confluence/WEB-INF/web.xml过滤器定义:在所有过滤器后面,配置cas的过滤器
<!—配置过滤器和cas以及本地服务的路径信息><!--CAS:START - Java Client Filters--> <filter> <filter-name>CasSingleSignOutFilter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter> <filter-name>CasAuthenticationFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://192.168.1.136:8080/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://192.168.1.30:8090/</param-value> </init-param> </filter> <filter> <filter-name>CasValidationFilter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://192.168.1.136:8080/cas/</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://192.168.1.30:8090/</param-value> </init-param> </filter><!--CAS:END-->
过滤器匹配,在登录匹配
<!-- End plugins 2.5 filter changes --> <!--CAS:START - Java Client Filter Mappings--> <filter-mapping> <filter-name>CasSingleSignOutFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CasAuthenticationFilter</filter-name> <url-pattern>/login.action</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CasValidationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!--CAS:END --> <filter-mapping> <filter-name>login</filter-name> <url-pattern>/*</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>REQUEST</dispatcher> <dispatcher>ERROR</dispatcher></filter-mapping>
监听器配置地址
在所有监听器前面,配置监听器,也就是在Servlet Context Listeners (Executed on app startup/shutdown)这段话后面,配置监听器
<listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class></listener>
2.配置seraph-config.xml
配置seraph-config.xml,设定访问cas登录的信息,同时设置confluence的授权信息为cas的方式
# vim /opt/Atlassian/confluence/confluence/WEB-INF/classes/seraph-config,xml修改默认的登录配置
<parameters> <init-param> <param-name>login.url</param-name> <!-- <param-value>/login.action?os_destination=${originalurl}&permissionViolation=true</param-value> --> <param-value>http://192.168.1.136:8080/cas/login?service=${originalurl}</param-value> </init-param> <init-param> <param-name>link.login.url</param-name> <!-- <param-value>/login.action</param-value>--> <param-value>http://192.168.1.136:8080/cas/login?service=${originalurl}</param-value> </init-param> <init-param>设定授权信息 <!-- Default Confluence authenticator, which uses the configured user management for authentication. --> <!-- <authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>--> <authenticator class="org.jasig.cas.client.integration.atlassian.ConfluenceCasAuthenticator"/>
3.配置登出
获取到xwork.xml文件,需要从lib目录下面,获取到confluence-6.9.0.jar文件,将jar包复制到某个目录进行解压
#```
cp /opt/Atlassian/confluence/confluence/WEB-INF/lib/confluence-6.9.0.jar /home/ceshi/
yum install -y unzip
unzip confluence-6.9.0.jar -d /home/ceshi/confluence
将获取到的xwork.xml文件复制到/opt/Atlassian/confluence/confluence/WEB-INF/classes目录下
cp /home/ceshi/confluence/xwork.xml /opt/Atlassian/confluence/confluence/WEB-INF/classes/xwork.xml
vim /opt/Atlassian/confluence/confluence/WEB-INF/classes/xwork.xml
设定退出重定向到cas服务器上<action name="logout" class="com.atlassian.confluence.user.actions.LogoutAction">
<interceptor-ref name="defaultStack"/>
<!-- <result name="error" type="velocity">/logout.vm</result>-->
<result name="success" type="redirect">http://192.168.1.136:8080/cas/logout</result>
</action>
**4.添加jar包**添加的jar包为csa-client-core-3.3.3.jar和cas-client-integration-atlassian-3.5.0.jar,貌似版本不同不会报错# cp ./cas-client* /opt/Atlassian/confluence/confluence/WEB-INF/lib/**5.重启confluence服务**# /opt/Atlassian/confluence/bin/stop-confluence.sh# /opt/Atlassian/confluence.bin/start-confluence.sh6.登录测试更多相关文章
- pinpoint安装与配置
- 分环境配置
- No.11 使用firewall配置的防火墙策略的生效模式
- Linux 环境下实战 Rsync 备份工具及配置 rsync+inotify 实时同步
- Android配置心得
- Android开发 ADB配置调试命令图解
- Android项目使用私有maven仓库配置
- 使用WebView实现新浪微博Oauth2.0认证(android)
- Android(安卓)NDK开发两部曲(一)之初识篇(JNI通识与NDK配置)