JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version Current

changes.mady.by.user Uwe Risse

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The JS7 - Identity Services offer provide local management of user accounts for authentication and authorization.
  • The JS7 - Shiro Identity Service is was a built-in service available from the JOC Cockpit.
    • The Shiro Identity Service is was available for early releases of JS7.
    • The Shiro Identity Service is has been discontinued: 
      Display feature availability
      EndingWithRelease2.4.0
  • Migration tools are The JS7 - Shiro Identity Service Migration Tool is available for users who upgrade from early JS7 2.0, 2.1 releases and from JS1 1.12, 1.13 releases.
    • A Shiro Identity Service configuration will be migrated to a JS7 - JOC Identity Service.
    • Migration tools will remain in place and can be applied throughout future JS7 2.x releases independently from of the fact that the Shiro Identity Service is has been discontinued.

Anchor
when_to_migrate
when_to_migrate
When to migrate

  • Users of JS7:
    • JS7 releases up to 2.2.2 3 can be operated with an existing Shiro Identity Service configuration.
    • Later JS7 releases require migration of the Shiro Identity Service configuration.
  • Users of JS1:
    • Users of JS1 releases 1.12 and 1.13 who migrate to JS7 should apply the migration procedure.

Anchor
what_to_migrate
what_to_migrate
What to migrate

For The following applies for use of Shiro with releases 1.12, 1.13, 2.0, 2.1, 2.2 the following applies:

  • The JOC Cockpit stores user accounts, hashed passwords and role assignments
    • in its database and
    • to in the JETTY_BASE/resources/joc/shiro.ini.active file (for information purposes).
      • Users can create a copy of the shiro.ini.active file, add their modifications and submit changes by renaming the file to shiro.ini.
      • With the next login of a user the shiro.ini file will be applied and its contents are added to the JS7 database.
      • As a result of this operation the shiro.ini file is renamed to shiro.ini.active. A previously available shiro.ini.active file is renamed to shiro.ini.backup.
  • The migration procedure includes to specify specifying the location of the shiro.ini.active file or a file with a similar an arbitrary name holding the latest Shiro configuration.

...

For migration purposes the JS7 Identity Services Service management script is used: joc_manage_identity_service.sh|.cmd

The script is executed in the JS7 environment to which the Shiro configuration should be migrated and . The script is available from:

  • JETTY_HOME/install/joc_manage_identity_service.sh |.cmd
  • If not otherwise specified during installation then the JETTY HOME directory defaults to:
    • /opt/sos-berlin.com/js7/joc (for Unix environments)
    • Program Files\sos-berlin.com\js7\joc (for Windows environments)

The management script is invoked like this:

Code Block
languagebashtext
titleRun the management script for Shiro migration with Unix
/opt/sos-berlin.com/js7/joc/install/joc_manage_identity_service.sh import <shiro-configuration-file>
Code Block
languagebashtext
titleRun the management script for Shiro migration with Windows
C:\Program Files\sos-berlin.com\js7\joc\install\joc_manage_identity_service.cmd import <shiro-configuration-file>

...

The <shiro-configuration-file> specifies the file holding the latest Shiro configuration of the JobScheduler release from which is to migrate, be migrated: see What to migrate. Users can copy the file to their JS7 environment. It is not required that the JobScheduler release to be migrated is available with the same network or server to which the migration is targetedA connection to the JobScheduler installation which the Shiro configuration is being migrated from is not required.

Execution of the management script for migration performs the following operations in JS7:

  • Add an Identity Service with Service Type JOC and the name JOC-FROM-SHIRO:
    • For each LDAP realm included with the <shiro-configuration-file> a corresponding Identity Service is created form the name of the LDAP realm.
  • Populate roles of the JOC-FROM-SHIRO Identity Service:
    • Any roles and permissions from the  <shiro-configuration-file> are added to the JOC-FROM-SHIRO Identity Service.
  • Populate accounts of the JOC-FROM-SHIRO Identity Service:
    • Any user accounts from the  <shiro-configuration-file> are added to the JOC-FROM-SHIRO Identity Service.
    • This includes adding assignments of roles to user accounts provided that assignments and roles are specified.
    • This includes adding hashed passwords stored in to add hashed passwords available from the <shiro-configuration-file>.
      • JS7 implements its own password hashing algorithm. However, password hashes migrated from Shiro can be used with JS7.
      • When a user changes the password then the JS7 password hashing algorithm is applied.
      • This procedure is intended for a smooth migration that which does not force users to change passwords.
  • Should the management script find existing configuration items with the same name in the JOC-FROM-SHIRO Identity Service, for example, matching names of roles or user accounts, then they will not be overwritten from the <shiro-configuration-file>.

If things go terribly wrong then consider refer to the JS7 - Rescue in case of lost access to JOC Cockpit article.