- Parar OpenKM
- Coges el OpenKM.war ( haces un backup ) y te lo copias en otro directorio
- Con el winrar mismame, puedes abrir el OpenKM.war y extraes el fichero WEB-INF/applicationContext.xml
- Editas el fichero y realizas los siguientes cambios
Esto seria un script en linux que por ejemplo modificaria la entrada <security:http-basic por <security:temp-http-basic, etc... creo que se puede entender bien sin mas explicaciones. En este caso se ha reemplazado el ROLE_USER por un OPENKM_ROLE_USER y OPENKM_ROLE_ADMIN. Antes de modificar el fichero busca la cadena ROLE_ ( esta en pocos sitios y así veras la idea ). En tu caso vas a tener que realizar los cambios con un editor de texto.
Code: Select all#!/bin/bash
sed -i "s|<security:http-basic|<security:temp-http-basic|g" applicationContext.xml
sed -i "s|ROLE_|OPENKM_ROLE_|g" applicationContext.xml
sed -i 's|IS_AUTHENTICATED_FULLY|isFullyAuthenticated()|g' applicationContext.xml
sed -i 's|IS_AUTHENTICATED_ANONYMOUSLY|permitAll|g' applicationContext.xml
sed -i 's|<security:http|<security:http use-expressions="true"|g' applicationContext.xml
sed -i "s|<security:temp-http-basic|<security:http-basic|g" applicationContext.xml
Al final te quedará algo parecido a esto:
Code: Select all<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:task="http://www.springframework.org/schema/task"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:jaxrs="http://cxf.apache.org/jaxrs"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task-3.1.xsd
http://www.springframework.org/schema/jee
http://www.springframework.org/schema/jee/spring-jee-3.1.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/jaxrs
http://cxf.apache.org/schemas/jaxrs.xsd">
<context:component-scan base-package="com.openkm"/>
<!-- <task:annotation-driven/> -->
<!-- Tasks configuration moved to $CATALINA_HOME/OpenKM.xml -->
<!-- Apache CXF Web Services -->
<beans:import resource="classpath:META-INF/cxf/cxf.xml" />
<beans:import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<!--
<beans:bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<beans:property name="targetClass" value="org.springframework.security.core.context.SecurityContextHolder" />
<beans:property name="targetMethod" value="setStrategyName" />
<beans:property name="arguments" value="_INHERITABLETHREADLOCAL" />
</beans:bean>
-->
<beans:bean id="WSS4JInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<beans:constructor-arg>
<beans:map>
<beans:entry key="action" value="UsernameToken" />
<beans:entry key="passwordType" value="PasswordText" />
<beans:entry key="passwordCallbackClass" value="com.openkm.spring.ClientPasswordCallback" />
</beans:map>
</beans:constructor-arg>
</beans:bean>
<!-- SOAP -->
<jaxws:endpoint id="authService" implementor="com.openkm.ws.endpoint.AuthService" address="/OKMAuth"/>
<jaxws:endpoint id="bookmarkService" implementor="com.openkm.ws.endpoint.BookmarkService" address="/OKMBookmark"/>
<jaxws:endpoint id="documentService" implementor="com.openkm.ws.endpoint.DocumentService" address="/OKMDocument"/>
<jaxws:endpoint id="folderService" implementor="com.openkm.ws.endpoint.FolderService" address="/OKMFolder"/>
<jaxws:endpoint id="mailService" implementor="com.openkm.ws.endpoint.MailService" address="/OKMMail"/>
<jaxws:endpoint id="noteService" implementor="com.openkm.ws.endpoint.NoteService" address="/OKMNote"/>
<jaxws:endpoint id="notificationService" implementor="com.openkm.ws.endpoint.NotificationService" address="/OKMNotification"/>
<jaxws:endpoint id="propertyGroupService" implementor="com.openkm.ws.endpoint.PropertyGroupService" address="/OKMPropertyGroup"/>
<jaxws:endpoint id="propertyService" implementor="com.openkm.ws.endpoint.PropertyService" address="/OKMProperty"/>
<jaxws:endpoint id="repositoryService" implementor="com.openkm.ws.endpoint.RepositoryService" address="/OKMRepository"/>
<jaxws:endpoint id="searchService" implementor="com.openkm.ws.endpoint.SearchService" address="/OKMSearch"/>
<jaxws:endpoint id="dashboardService" implementor="com.openkm.ws.endpoint.DashboardService" address="/OKMDashboard"/>
<jaxws:endpoint id="workflowService" implementor="com.openkm.ws.endpoint.WorkflowService" address="/OKMWorkflow"/>
<jaxws:endpoint id="testService" implementor="com.openkm.ws.endpoint.TestService" address="/OKMTest">
<!--
<jaxws:inInterceptors>
<beans:ref bean="WSS4JInInterceptor"/>
</jaxws:inInterceptors>
-->
</jaxws:endpoint>
<!-- OpenCMIS -->
<jaxws:endpoint id="cmisNavigationService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.NavigationService" address="/cmis/NavigationService"/>
<jaxws:endpoint id="cmisPolicyService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.PolicyService" address="/cmis/PolicyService"/>
<jaxws:endpoint id="cmisDiscoveryService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.DiscoveryService" address="/cmis/DiscoveryService"/>
<jaxws:endpoint id="cmisMultiFilingService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.MultiFilingService" address="/cmis/MultiFilingService"/>
<jaxws:endpoint id="cmisRepositoryService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.RepositoryService" address="/cmis/RepositoryService"/>
<jaxws:endpoint id="cmisRelationshipService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.RelationshipService" address="/cmis/RelationshipService"/>
<jaxws:endpoint id="cmisVersioningService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.VersioningService" address="/cmis/VersioningService"/>
<jaxws:endpoint id="cmisObjectService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.ObjectService" address="/cmis/ObjectService"/>
<jaxws:endpoint id="cmisAclService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.AclService" address="/cmis/ACLService"/>
<!-- REST -->
<jaxrs:server id="restAuth" address="/rest/auth">
<jaxrs:serviceBeans>
<beans:bean class="com.openkm.rest.endpoint.AuthService"/>
</jaxrs:serviceBeans>
</jaxrs:server>
<jaxrs:server id="restDocument" address="/rest/document">
<jaxrs:serviceBeans>
<beans:bean class="com.openkm.rest.endpoint.DocumentService"/>
</jaxrs:serviceBeans>
</jaxrs:server>
<jaxrs:server id="restFolder" address="/rest/folder">
<jaxrs:serviceBeans>
<beans:bean class="com.openkm.rest.endpoint.FolderService"/>
</jaxrs:serviceBeans>
</jaxrs:server>
<jaxrs:server id="restNote" address="/rest/note">
<jaxrs:serviceBeans>
<beans:bean class="com.openkm.rest.endpoint.NoteService"/>
</jaxrs:serviceBeans>
</jaxrs:server>
<jaxrs:server id="restPropertyGroup" address="/rest/propertyGroup">
<jaxrs:serviceBeans>
<beans:bean class="com.openkm.rest.endpoint.PropertyGroupService"/>
</jaxrs:serviceBeans>
</jaxrs:server>
<jaxrs:server id="restSearch" address="/rest/search">
<jaxrs:serviceBeans>
<beans:bean class="com.openkm.rest.endpoint.SearchService"/>
</jaxrs:serviceBeans>
</jaxrs:server>
<jaxrs:server id="restRepository" address="/rest/repository">
<jaxrs:serviceBeans>
<beans:bean class="com.openkm.rest.endpoint.RepositoryService"/>
</jaxrs:serviceBeans>
</jaxrs:server>
<jaxrs:server id="restProperty" address="/rest/property">
<jaxrs:serviceBeans>
<beans:bean class="com.openkm.rest.endpoint.PropertyService"/>
</jaxrs:serviceBeans>
</jaxrs:server>
<jaxrs:server id="restTest" address="/rest/test">
<jaxrs:serviceBeans>
<beans:bean class="com.openkm.rest.endpoint.TestService"/>
</jaxrs:serviceBeans>
</jaxrs:server>
<security:global-method-security secured-annotations="enabled"/>
<!-- Remove prefix to be able of use custom roles -->
<beans:bean class="org.springframework.security.access.vote.RoleVoter">
<beans:property name="rolePrefix" value="OPENKM_ROLE_"/>
</beans:bean>
<!-- OpenCMIS -->
<beans:bean id="CmisLifecycleBean" class="com.openkm.cmis.CmisLifecycleBean">
<beans:property name="cmisServiceFactory" ref="CmisServiceFactory" />
</beans:bean>
<beans:bean id="CmisServiceFactory" class="com.openkm.cmis.CmisServiceFactory" />
<!-- Status -->
<security:http use-expressions="true" pattern="/Status" create-session="stateless">
<security:intercept-url pattern="/**" access="isFullyAuthenticated()" />
<security:http-basic />
</security:http>
<!-- Download -->
<security:http use-expressions="true" pattern="/Download" create-session="stateless">
<security:intercept-url pattern="/**" access="isFullyAuthenticated()" />
<security:http-basic />
</security:http>
<!-- Workflow deploy -->
<security:http use-expressions="true" pattern="/workflow-register" create-session="stateless">
<security:intercept-url pattern="/**" access="isFullyAuthenticated()" />
<security:http-basic />
</security:http>
<!-- WebDAV using Basic authentication -->
<security:http use-expressions="true" pattern="/webdav/**" create-session="stateless">
<security:intercept-url pattern="/**" access="isFullyAuthenticated()" />
<security:http-basic />
</security:http>
<!-- Syndication using Basic authentication -->
<security:http use-expressions="true" pattern="/feed/**" create-session="stateless">
<security:intercept-url pattern="/**" access="isFullyAuthenticated()" />
<security:http-basic />
</security:http>
<!-- OpenCMIS (Browser) using Basic authentication -->
<security:http use-expressions="true" pattern="/cmis/browser/**" create-session="stateless">
<security:intercept-url pattern="/**" access="isFullyAuthenticated()" />
<security:http-basic />
</security:http>
<!-- OpenCMIS (AtomPub) using Basic authentication -->
<security:http use-expressions="true" pattern="/cmis/atom/**" create-session="stateless">
<security:intercept-url pattern="/**" access="isFullyAuthenticated()" />
<security:http-basic />
</security:http>
<!-- OpenCMIS (AtomPub) using Basic authentication -->
<security:http use-expressions="true" pattern="/cmis/atom11/**" create-session="stateless">
<security:intercept-url pattern="/**" access="isFullyAuthenticated()" />
<security:http-basic />
</security:http>
<!-- REST -->
<security:http use-expressions="true" pattern="/services/rest/**" create-session="stateless">
<security:intercept-url pattern="/**" access="isFullyAuthenticated()" />
<security:http-basic />
</security:http>
<!-- Additional filter chain for normal users, matching all other requests -->
<!-- http://info.michael-simons.eu/2011/01/28/disable-jsessionid-path-parameter-in-java-web-applications/ -->
<security:http use-expressions="true" access-denied-page="/unauthorized.jsp">
<!-- GWT -->
<security:intercept-url pattern="/frontend/**" access="isFullyAuthenticated()" />
<!-- JSPs -->
<security:intercept-url pattern="/login.jsp" access="permitAll" />
<security:intercept-url pattern="/admin/**" access="hasRole('OPENKM_ROLE_ADMIN')" />
<security:intercept-url pattern="/mobile/**" access="isFullyAuthenticated()" />
<!-- Servlets -->
<security:intercept-url pattern="/RepositoryStartup" access="isFullyAuthenticated()" />
<security:intercept-url pattern="/TextToSpeech" access="isFullyAuthenticated()" />
<security:intercept-url pattern="/HtmlPreview" access="isFullyAuthenticated()" />
<security:intercept-url pattern="/SyntaxHighlighter" access="isFullyAuthenticated()" />
<security:intercept-url pattern="/Test" access="isFullyAuthenticated()" />
<!-- Extensions -->
<security:intercept-url pattern="/extension/ZohoFileUpload" access="permitAll" />
<security:intercept-url pattern="/extension/**" access="isFullyAuthenticated()" />
<!-- Login page -->
<security:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=1"/>
</security:http>
<!-- Security access logger -->
<beans:bean id="loggerListener" class="com.openkm.spring.LoggerListener" />
<jee:jndi-lookup id="dataSource" jndi-name="jdbc/OpenKMDS" resource-ref="true" />
<!-- Security configuration moved to $CATALINA_HOME/OpenKM.xml -->
<!-- WINFIX
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:password-encoder hash="md5"/>
<security:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="select usr_id, usr_password, 1 from OKM_USER where usr_id=? and usr_active='T'"
authorities-by-username-query="select ur_user, ur_role from OKM_USER_ROLE where ur_user=?"/>
</security:authentication-provider>
</security:authentication-manager>
WINFIX -->
</beans:beans>
- Finalmente vuelves a poner el fichero dentro del OpenKM.war ( en la misma localización -> lo remplazas por el existente ). O utilizas el winrar nuevamente o te creas un pequeño script.
Code: Select allecho "Parcheando WAR...";
jar uvf OpenKM.war WEB-INF/applicationContext.xml
echo "Hecho!"
pause
- Sobreescribes el OpenKM.war
- Eliminas las carpetas webapps/OpenKM y work/Calina/locahost
- Arrancas el OpenKM y ya esta.