在 Worklight 开发中使用 https 和安全端口打开 Worklight Console

Posted 2023-02-25

【中文标题】在 Worklight 开发中使用 https 和安全端口打开 Worklight Console

【英文标题】：Open Worklight Console using https and secure port on Worklight development

【发布时间】：2015-08-20 18:43:39

【问题描述】：

我面临一个问题，我需要使用安全端口打开我的 Worklight 开发控制台，这样我也可以使用安全端口打开分析服务器。

我试图在此找到我的答案：

IBM Worklight 6.0 - Mixed port numbers after enabling console login authentication?

但没有成功：

我的 server.xml 是：

<server description="worklight">

       <featureManager>
    <feature>servlet-3.0</feature>
    <feature>jndi-1.0</feature>
    <feature>jdbc-4.0</feature>
    <feature>restConnector-1.0</feature>
    <feature>jsp-2.2</feature>
    <feature>appSecurity-1.0</feature>
    <feature>ssl-1.0</feature>

<!--
        <feature>appSecurity-2.0</feature>
        <feature>ldapRegistry-3.0</feature>
-->
        <feature>localConnector-1.0</feature>
    </featureManager>

    <webContainer invokeFlushAfterService="false"/>
    <webContainer com.ibm.ws.webcontainer.suppressLoggingServiceRuntimeExcep="true"/>
    <webContainer deferServletLoad="false"/>

    <!-- non standard ports were used to avoid future collision with other WebSphere products. -->
    <httpEndpoint host="*" httpPort="10080" httpsPort="10443" id="defaultHttpEndpoint">
    <tcpOptions soReuseAddr="true"/>

    </httpEndpoint>

<!--  change Worklight server side logging: 
      change consoleLogLevel to INFO to see Worklight javascript Logger API output
      (for example: in Worklight Adapters).
-->
    <logging consoleLogLevel="AUDIT" copySystemStreams="false"/>

    <!-- enable next element for Worklight Server traces. 
         change traceSpecification to enable fine grain printing to trace.log file. 
    <logging traceSpecification="com.worklight.*=debug=enabled"/>
    -->

    <applicationMonitor updateTrigger="mbean"/>

    <!--
        Thread pool
    -->
    <executor coreThreads="200" id="default" keepAlive="60s" maxThreads="400" name="LargeThreadPool" rejectedWorkPolicy="CALLER_RUNS" stealPolicy="STRICT"/>

    <administrator-role>
       <user>admin</user>
    </administrator-role>
    <keyStore id="defaultKeyStore" password="worklight"/>
    <jndiEntry jndiName="ibm.worklight.admin.jmx.host" value="localhost"/>
    <jndiEntry jndiName="ibm.worklight.admin.jmx.port" value="10443"/>
    <jndiEntry jndiName="ibm.worklight.topology.platform" value="Liberty"/>
    <jndiEntry jndiName="ibm.worklight.topology.clustermode" value="Standalone"/>


<!--
    Worklight Console settings START ...
-->
    <basicRegistry id="worklight" realm="worklightRealm">
        <user name="demo" password="demo"/>
        <user name="monitor" password="demo"/>
        <user name="deployer" password="demo"/>
        <user name="operator" password="demo"/>
        <user name="admin" password="admin"/>
    </basicRegistry>
<!--
    JMX admin user JNDI entries
-->
    <jndiEntry jndiName="ibm.worklight.admin.jmx.user" value="admin"/>

    <jndiEntry jndiName="ibm.worklight.admin.jmx.pwd" value="admin"/>
<!--
    Disabling security integration
-->
    <httpSession securityIntegrationEnabled="false"/>
<!--
    Declare the IBM Worklight Admin Services application.
-->
    <application context-root="worklightadmin" id="worklight-management-service" location="worklight-management-service.war" name="WorklightServices" type="war">
        <application-bnd>
            <security-role name="worklightadmin">
                <user name="admin"/>
            </security-role>
                <security-role name="worklightdeployer">
                <user name="deployer"/>
            </security-role>
                <security-role name="worklightmonitor">
                <user name="monitor"/>
            </security-role>
                <security-role name="worklightoperator">
                <user name="operator"/>
            </security-role>
        </application-bnd>
        <classloader delegation="parentLast">
            <privateLibrary>
                <fileset dir="$wlp.install.dir/lib" includes="com.ibm.ws.crypto.passwordutil*.jar"/>
            </privateLibrary>
        </classloader>
    </application>
<!--
    Declare the IBM Worklight Admin Console application.
-->
    <application context-root="worklightconsole" id="worklight-management-ui" location="worklight-management-ui.war" name="WorklightConsole" type="war">
        <application-bnd>
            <security-role name="worklightadmin">
                <user name="admin"/>
            </security-role>
                <security-role name="worklightdeployer">
                <user name="deployer"/>
            </security-role>
                <security-role name="worklightmonitor">
                <user name="monitor"/>
            </security-role>
                <security-role name="worklightoperator">
                <user name="operator"/>
            </security-role>
        </application-bnd>
    </application>

    <library id="DerbyLib">
        <fileset dir="$wlp.user.dir/shared/resources/derby" includes="derby.jar"/>
    </library>
<!--
    Declare the IBM Worklight Console admin database.
-->
    <dataSource jndiName="worklightadmin/jdbc/WorklightAdminDS" transactional="false">
        <jdbcDriver libraryRef="DerbyLib"/>
        <properties.derby.embedded createDatabase="create" databaseName="$wlp.user.dir/shared/resources/derbyDB/WLADMIN" user="WLADMINISTRATOR"/>
    </dataSource>
<!--
    ... Worklight Console settings END
-->

    <application id="_MobileBrowserSimulator" location="_MobileBrowserSimulator.war" name="_MobileBrowserSimulator" type="war"/>

    <application context-root="/_analytics" id="_analytics" location="_analytics.war" name="_analytics" type="war">
        <classloader delegation="parentLast"/>
    </application>





    <library id="worklight-6.2.0">
        <fileset dir="$wlp.user.dir/shared/resources" includes="worklight-jee-library-6.2.0.jar"/>
        <fileset dir="$wlp.install.dir/lib" includes="com.ibm.ws.crypto.passwordutil*.jar"/>
    </library>





    <application context-root="/MobileGRS" id="MobileGRS" location="MobileGRS.war" name="MobileGRS" type="war">
        <classloader commonLibraryRef="worklight-6.2.0">
            <privateLibrary>
                <fileset dir="$wlp.user.dir/shared/resources" includes="org.hsqldb.hsqldb_2.2.5.jar"/>
            </privateLibrary>
        </classloader>
    </application>

    <jndiEntry jndiName="MobileGRS/wl.analytics.queue.size" value="1"/>

    <jndiEntry jndiName="MobileGRS/wl.analytics.url" value="http://localhost:10080/_analytics/data"/>
</server>

worklight.properties：

# HTTP or HTTPS
publicWorkLightProtocol=https
# For default port leave empty
publicWorkLightPort=10443

当我从 Eclipse 中点击打开工作灯控制台时，它正在打开端口 10080：

http://192.168.0.102:10080/worklightconsole/index.html#

如果我将端口更改为 10443，我将无法连接。

我是不是错过了什么。

WL 版本 6.2.0.1

谢谢

【参考方案1】：

从您的 server.xml 中可以看出，您没有将 Analytics URL 更改为 HTTPS 和 10443...

<jndiEntry jndiName="MobileGRS/wl.analytics.url" value="http://localhost:10080/_analytics/data"/>

之后，通过https://localhost:10443/worklightconsole 和https://localhost:10443/_analytics/console 访问控制台就可以了。

上述网址当然被提示为不安全，因为我没有向服务器添加有效的 SSL 证书。

请注意，Worklight 控制台中的分析控制台 URL 仍使用 HTTP。您需要手动将其更改为 HTTPS（找不到更改的位置）。

【讨论】：

我对分析 jndi 值进行了更改，当我部署我的适配器时，它仍然显示 10080：[2015-08-21 12:36:41] 开始构建适配器：图像 [2015-08 -21 12:36:41] 部署适配器：图像 [2015-08-21 12:36:41] 服务器主机：192.168.0.102 [2015-08-21 12:36:41] 服务器端口：10080 [2015-08] -21 12:36:47] 适配器构建和部署完成。