|
|
This appendix contains sample MBean configuration files. It includes the following sections:
An example jetty/config/nwsp.jetty.xml file follows.
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE XmlConfig PUBLIC "-//Cisco Systems//DTD XmlConfig 1.1//EN"
"http://www.cisco.com/aggbu/xmlconfig_1_1.dtd">
<!-- Copyright (c) 2001 by Cisco Systems, Inc. All rights reserved. -->
<!-- This is the container specific configuration for the NWSP web application.
Container independant configuration can be found at:
$INSTALLROOT/nwsp/config/nwsp.xml
-->
<XmlConfig>
<!-- ================================================================ -->
<Instantiate order="10" class="com.mortbay.Jetty.JMX.LogMBean"/>
<Instantiate order="11" class="com.mortbay.Jetty.JMX.DebugMBean"/>
<Instantiate order="12"
class="com.mortbay.Jetty.JMX.HttpServerMBean"
jmxname="com.mortbay.Jetty:name=Jetty,Server=0"/>
<!-- ================================================================ -->
<Configure jmxname="com.mortbay.Jetty:name=Log,WriterLogSink=0">
<Set name="append" type="boolean">true</Set>
<Set name="filename"><SystemProperty name="application.log"
default="./logs"/>/yyyy_mm_dd.jetty.log</Set>
<Set name="logTimezone"></Set>
<Set name="logDateFormat">yyyyMMdd:HHmmss.SSS' '</Set>
<Set name="logLabels" type="boolean">false</Set>
<Set name="logOneLine" type="boolean">false</Set>
<Set name="logStackSize" type="boolean">false</Set>
<Set name="logStackTrace" type="boolean">false</Set>
<Set name="logTags" type="boolean">true</Set>
<Set name="logTimeStamps" type="boolean">true</Set>
<Set name="retainDays" type="int">31</Set>
</Configure>
<Configure class="com.mortbay.Jetty.JMX.DebugMBean" >
<Set name="debug" type="boolean">false</Set>
<Set name="debugPatterns"></Set>
<Set name="debugTriggers"></Set>
<Set name="verbose" type="int">0</Set>
<Set name="suppressStack" type="boolean">false</Set>
<Set name="suppressWarnings" type="boolean">false</Set>
</Configure>
<!-- ================================================================ -->
<Configure jmxname="com.mortbay.Jetty:name=Jetty,Server=0">
<Call name="addListener">
<Arg>
<New class="com.mortbay.HTTP.SocketListener">
<Set name="port"><SystemProperty name="application.portno"
default="8080"/></Set>
<Set name="minThreads">5</Set>
<Set name="maxThreads">255</Set>
<Set name="maxIdleTimeMs">60000</Set>
<Set name="maxReadTimeMs">60000</Set>
</New>
</Arg>
</Call>
<Call name="addListener">
<Arg>
<New class="com.mortbay.HTTP.SunJsseListener">
<Set name="port"><SystemProperty name="application.ssl.portno"
default="8130"/></Set>
<Set name="MinThreads">5</Set>
<Set name="MaxThreads">255</Set>
<Set name="MaxIdleTimeMs">50000</Set>
<Set name="Keystore"><SystemProperty name="jetty.home"
default="."/>/config/nwspkeystore</Set>
<Set name="Password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
<Set name="KeyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
</New>
</Arg>
</Call>
<Set name="logSink">
<New class="com.mortbay.Util.WriterLogSink">
<Arg><SystemProperty name="application.log"
default="./logs"/>/yyyy_mm_dd.request.log</Arg>
<Set name="retainDays">90</Set>
<Set name="append">true</Set>
</New>
</Set>
<!-- NWSP web application -->
<Call name="addWebApplication">
<Arg>localhost</Arg>
<Arg>/</Arg>
<Arg><SystemProperty name="application.home" default="."/>/docroot</Arg>
<Arg><SystemProperty name="jetty.home" default="."/>/config/webdefault.xml</Arg>
<Arg type="boolean">FALSE</Arg>
<Call name="addHandler">
<Arg type="int">0</Arg>
<Arg><New class="com.cisco.aggbu.jetty.PortBundleHandler"/></Arg>
</Call>
</Call>
<!-- Captive portal web application -->
<Call name="addWebApplication">
<Arg></Arg>
<Arg>/</Arg>
<Arg><SystemProperty name="install.root" default="."/>/captiveportal/docroot</Arg>
<Arg><SystemProperty name="jetty.home" default="."/>/config/webdefault.xml</Arg>
<Arg type="boolean">FALSE</Arg>
</Call>
<Call name="start"/>
</Configure>
</XmlConfig>
This section contains two sample files:
The following nwsp/config/nwsp.xml file shows a RADIUS mode deployment with the captive portal feature enabled.
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE XmlConfig PUBLIC "-//Cisco Systems//DTD XmlConfig 1.1//EN"
"http://www.cisco.com/aggbu/xmlconfig_1_1.dtd">
<!-- Copyright (c) 2001 by Cisco Systems, Inc. All rights reserved. -->
<!-- This is the container independent configuration for the NWSP web application.
Container specific configuration can be found at:
$INSTALLROOT/$CONTAINER/config/nwsp.xml
-->
<XmlConfig>
<!-- ================================================================ -->
<Instantiate order="1"
class="com.cisco.aggbu.jmx.LoggerMBean"
jmxname="com.cisco.aggbu:name=Logger"/>
<Instantiate order="99"
class="com.sun.jdmk.comm.HtmlAdaptorServer"
jmxname="com.cisco.aggbu:name=ManagementConsole">
<Arg type="int">
<SystemProperty name="management.portno"/>
</Arg>
<Arg>
<Array class="com.sun.jdmk.comm.AuthInfo">
<Item>
<New class="com.sun.jdmk.comm.AuthInfo">
<Arg>MgmtUser</Arg>
<Arg>MgmtPassword</Arg>
</New>
</Item>
</Array>
</Arg>
</Instantiate>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=Logger">
<Set name="debug" type="boolean"><SystemProperty name="nwsp.debug"
default="false"/></Set>
<Set name="debugPatterns"></Set>
<Set name="debugThreads"></Set>
<Set name="debugVerbosity">LOW</Set>
<Set name="logDateFormat">yyyyMMdd:HHmmss.SSS</Set>
<Set name="logFile"><SystemProperty name="application.log"
default="./logs"/>/yyyy_mm_dd.application.log</Set>
<Set name="logFrame" type="boolean">false</Set>
<Set name="logStack" type="boolean">false</Set>
<Set name="logThread" type="boolean">true</Set>
<Set name="logToErr" type="boolean"><SystemProperty name="nwsp.logToErr"
default="false"/></Set>
<Set name="trace" type="boolean">true</Set>
<Set name="warning" type="boolean">true</Set>
</Configure>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=ManagementConsole">
<Call name="start"/>
</Configure>
<!-- ================================================================ -->
<Configure class="com.cisco.aggbu.ssd.core.model.SSDMBean"
jmxname="com.cisco.aggbu:name=SSD">
<Call name="defineMode">
<Arg>Demo</Arg>
<Arg>com.cisco.aggbu.ssd.spis.demo.DemoAuthenticationService</Arg>
<Arg>com.cisco.aggbu.ssd.spis.demo.DemoAuthorizationService</Arg>
<Arg>com.cisco.aggbu.ssd.spis.demo.DemoConnectionService</Arg>
<Arg>com.cisco.aggbu.ssd.spis.demo.DemoServiceProfileService</Arg>
</Call>
<Call name="defineMode">
<Arg>RADIUS</Arg>
<Arg>com.cisco.aggbu.ssd.spis.radius.RADIUSAuthentication</Arg>
<Arg>com.cisco.aggbu.ssd.spis.radius.RADIUSAuthorization</Arg>
<Arg>com.cisco.aggbu.ssd.spis.radius.RADIUSConnection</Arg>
<Arg>com.cisco.aggbu.ssd.spis.radius.RADIUSServiceProfile</Arg>
</Call>
<Call name="defineMode">
<Arg>DESS</Arg>
<Arg>com.cisco.aggbu.ssd.spis.radius.RADIUSAuthentication</Arg>
<Arg>com.cisco.aggbu.ssd.spis.dess.DESSAuthorizationService</Arg>
<Arg>com.cisco.aggbu.ssd.spis.radius.RADIUSConnection</Arg>
<Arg>com.cisco.aggbu.ssd.spis.dess.DESSServiceProfileService</Arg>
</Call>
<Set name="mode"><SystemProperty name="ssd.mode" default="RADIUS"/></Set>
<Set name="singleSignOn" type="boolean">false</Set>
<Set name="autoConnect" type="boolean">false</Set>
<Set name="profileCachePeriod" type="int">600</Set>
</Configure>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=SSDDemoMode">
<!--
- This is the demo data file. It is in the format of a Merit
- dictionary with special extensions for this software.
-->
<Set name="demoDataFile"><SystemProperty
name="application.home"/>/config/demo.txt</Set>
<!--
- This is is an example of using brands in Demo mode.
- See the definitions for the brands below. The same example
- can be used in SSG configuration to tie subnets to brands.
-->
<Call name="setSubnetAttribute">
<Arg>127.0.0.0</Arg>
<Arg>255.0.0.0</Arg>
<Arg>SESSION_BRAND</Arg>
<Arg>gold</Arg>
</Call>
</Configure>
<!-- ================================================================ -->
<!-- Settings for the DESS SPI. -->
<Configure jmxname="com.cisco.aggbu:name=DESSMode">
<!-- The time in minutes between checking the authorization tokens. -->
<Set name="tokenCheckInterval" type="int">5</Set>
<!-- The age of a token (time since last used) for it to be removed from cache. -->
<Set name="tokenMaxAge" type="int">10</Set>
</Configure>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=SSG">
<!--
- Maxmimum number of simultaneous requests allowed to each SSG. Extra
- requests will be placed on a queue and issued as responses are received
- or timeout.
-->
<Set name="throttle" type="int">20</Set>
<!--
- Here we define attributes for RADIUS communication with the SSG If
- we are running with Port Bundle Host key then we need only define
- the global attributes for all of the SSGs.
-->
<Call name="setGlobalAttribute"><Arg>PORT</Arg><Arg>1812</Arg></Call>
<Call name="setGlobalAttribute"><Arg>TIMEOUTSECS</Arg><Arg>10</Arg></Call>
<Call name="setGlobalAttribute"><Arg>RETRIES</Arg><Arg>3</Arg></Call>
<Call name="setGlobalAttribute"><Arg>SECRET</Arg><Arg>cisco</Arg></Call>
<Call name="setGlobalAttribute"><Arg>MASK</Arg><Arg>255.255.255.255</Arg></Call>
<!--
- A non zero value here, the default should be 4, will turn Port
- Bundle Host Key on.
-->
<Call name="setGlobalAttribute"><Arg>BUNDLE_LENGTH</Arg><Arg>0</Arg></Call>
<!-- The following line configures a single non-hostkey SSG -->
<!-- Additional SSGs can be configured by adding further 'Call' elements -->
<!-- Remove the following call if the bundle size is ever set to > 0 -->
<!-- Arg list: <client subnet>, <subnet mask>, IP, <SSG IP address> -->
<Call
name="setSubnetAttribute"><Arg>10.25.0.0</Arg><Arg>255.255.0.0</Arg><Arg>IP</Arg><Arg>10.5
.5.1</Arg></Call>
<Call
name="setGlobalAttribute"><Arg>PORT_BUNDLE_HOST_KEY_SWITCH</Arg><Arg>false</Arg></Call>
<!--
- This value may be true or false. True is implied by a non zero
- BUNDLE_LENGTH. If the BUNDLE_LENGTH is non zero, then this value
- will be ignored. As a BUNDLE_LENGTH of 0 is a legal value, however,
- the Port Bundle Host Key feature can can also be turned on here
- when the BUNDLE_LENGTH is 0, which it would be for persistent - connections.
<Callname="setGlobalAttribute"><Arg>PORT_BUNDLE_HOST_KEY_SWITCH</Arg><Arg>true</Arg></Call
>
-->
<!--
- If we need to map from a client IP address to an SSG explicitly,
- then we could have an entry like this:
<Call
name="setSubnetAttribute"><Arg>213.0.0.0</Arg><Arg>255.0.0.0</Arg><Arg>IP</Arg><Arg>195.24
5.182.2</Arg></Call>
- which would map the client subnet 213.0.0.0 to the SSG at
- 195.245.182.2 with the global parameters defined above for
- the RADIUS protocol.
-->
<!-- If we need to define a location for a subnet, say London, then we
- could do this:
<Call
name="setSubnetAttribute"><Arg>213.0.0.0</Arg><Arg>255.0.0.0</Arg><Arg>SESSION_LOCATION</A
rg><Arg>London</Arg></Call>
- See the location definitions below for illustrations of how
- attributes can be associated with locations.
-->
</Configure>
<!-- ================================================================ -->
<!--
- Here we define attributes for RADIUS communication with the RADIUS
- servers for service and group profiles in RADIUS mode.
-->
<Configure jmxname="com.cisco.aggbu:name=AAA,connection=ServiceProfile">
<Set name="throttle" type="int">256</Set>
<Set name="timeOut" type="int">4</Set>
<Set name="retryCount" type="int">3</Set>
<Set name="primaryIP">127.0.0.2</Set>
<Set name="primaryPort" type="int">1812</Set>
<Set name="secret">cisco</Set>
<Set name="secondaryIP">127.0.0.3</Set>
<Set name="secondaryPort" type="int">1812</Set>
<Set name="servicePassword">servicecisco</Set>
<Call name="open"/>
</Configure>
<Configure jmxname="com.cisco.aggbu:name=AAA,connection=GroupProfile">
<Set name="throttle" type="int">256</Set>
<Set name="timeOut" type="int">4</Set>
<Set name="retryCount" type="int">3</Set>
<Set name="primaryIP">127.0.0.2</Set>
<Set name="primaryPort" type="int">1812</Set>
<Set name="secret">cisco</Set>
<Set name="secondaryIP">127.0.0.3</Set>
<Set name="secondaryPort" type="int">1812</Set>
<Set name="groupPassword">groupcisco</Set>
<Call name="open"/>
</Configure>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=captiveportal">
<!--
- This is the URL that the Captive Portal application will redirect
- to after it has copied the original request URL. It should point
- to the NWSP application.
-->
<Set name="captureToURL">http://localhost:80/decorate/pages/home.jsp</Set>
</Configure>
<!-- ================================================================ -->
<!--
- These are examples of how arbitrary contetxt properties can be used
- in the SESM applications.
-->
<Configure jmxname="com.cisco.aggbu:context=ssd">
<!--
- This section defines sub contexts of the SSD context within which
- further attributes can be defined below.
-->
<Call name="createSubContext"><Arg>options</Arg></Call>
<Call name="createSubContext"><Arg>location</Arg></Call>
<Call name="createSubContext"><Arg>brand</Arg></Call>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=options">
<!--
- These options control different aspects of the NWSP applications
- behaviours. These settings are used by the NWSP application to
- control different aspects of its behaviour.
-->
<!-- Use Icons in the service list instead of text. -->
<Put name="useIcons" type="boolean">TRUE</Put>
<!-- Confirm that you want to logon onto a service as opposed
- to single click logon. -->
<Put name="confirmAtServiceLogon" type="boolean">FALSE</Put>
<!-- Confirm that you want to logoff a service as opposed
- to single click logoff. -->
<Put name="confirmAtServiceLogoff" type="boolean">TRUE</Put>
<!-- Confirm that you want to logoff from the application as opposed
- to single click logoff. -->
<Put name="confirmAtAccountLogoff" type="boolean">TRUE</Put>
<!-- This overrides the setting in the Jetty nwsp.xml. -->
<Put name="sessionTimeOut" type="String">7200</Put>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=location">
<!-- Here we are defining separate contexts for locations. -->
<Call name="createSubContext"><Arg>London</Arg></Call>
<Call name="createSubContext"><Arg>Paris</Arg></Call>
<Call name="createSubContext"><Arg>NewYork</Arg></Call>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=location,1=London">
<!-- Here we define attributes for the London location. -->
<Put name="url">http://www.london.com</Put>
<Put name="river">Thames</Put>
<Put name="church">St Pauls</Put>
<Put name="brand">silver</Put>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=location,1=Paris">
<!-- Here we define attributes for the Paris location. -->
<Put name="url">http://www.paris-france.org/</Put>
<Put name="river">Seine</Put>
<Put name="church">Notre Dame</Put>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=location,1=NewYork">
<!-- Here we define attributes for the Hudson location. -->
<Put name="url">http://www.usa.net/newyork</Put>
<Put name="river">Hudson</Put>
<Put name="church">Wall Street</Put>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=brand">
<!-- Here we are defining separate contexts for brands. -->
<Call name="createSubContext"><Arg>acme</Arg></Call>
<Call name="createSubContext"><Arg>cisco</Arg></Call>
<!-- Silver and gold don't need additional attributes, but we
- define them here for completeness. -->
<Call name="createSubContext"><Arg>silver</Arg></Call>
<Call name="createSubContext"><Arg>gold</Arg></Call>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=brand,1=acme">
<!-- Here we define attributes for the acme brand. -->
<Put name="url">http://www.acme.com</Put>
<Put name="email">support@acme.com</Put>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=brand,1=cisco">
<!-- Here we define attributes for the cisco brand. -->
<Put name="url">http://www.cisco.com</Put>
<Put name="email">support@cisco.com</Put>
</Configure>
</XmlConfig>
The following nwsp/config/nwsp.xml file shows a DESS mode deployment with the captive portal feature enabled. RDP was installed in normal (non-proxy) mode, with the Add Services option checked.
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE XmlConfig PUBLIC "-//Cisco Systems//DTD XmlConfig 1.1//EN"
"http://www.cisco.com/aggbu/xmlconfig_1_1.dtd">
<!-- Copyright (c) 2001 by Cisco Systems, Inc. All rights reserved. -->
<!-- This is the container independent configuration for the NWSP web application.
Container specific configuration can be found at:
$INSTALLROOT/$CONTAINER/config/nwsp.xml
-->
<XmlConfig>
<!-- ================================================================ -->
<Instantiate order="1"
class="com.cisco.aggbu.jmx.LoggerMBean"
jmxname="com.cisco.aggbu:name=Logger"/>
<Instantiate order="99"
class="com.sun.jdmk.comm.HtmlAdaptorServer"
jmxname="com.cisco.aggbu:name=ManagementConsole">
<Arg type="int">
<SystemProperty name="management.portno"/>
</Arg>
<Arg>
<Array class="com.sun.jdmk.comm.AuthInfo">
<Item>
<New class="com.sun.jdmk.comm.AuthInfo">
<Arg>MgmtUser</Arg>
<Arg>MgmtPassword</Arg>
</New>
</Item>
</Array>
</Arg>
</Instantiate>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=Logger">
<Set name="debug" type="boolean"><SystemProperty name="nwsp.debug"
default="false"/></Set>
<Set name="debugPatterns"></Set>
<Set name="debugThreads"></Set>
<Set name="debugVerbosity">LOW</Set>
<Set name="logDateFormat">yyyyMMdd:HHmmss.SSS</Set>
<Set name="logFile"><SystemProperty name="application.log"
default="./logs"/>/yyyy_mm_dd.application.log</Set>
<Set name="logFrame" type="boolean">false</Set>
<Set name="logStack" type="boolean">false</Set>
<Set name="logThread" type="boolean">true</Set>
<Set name="logToErr" type="boolean"><SystemProperty name="nwsp.logToErr"
default="false"/></Set>
<Set name="trace" type="boolean">true</Set>
<Set name="warning" type="boolean">true</Set>
</Configure>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=ManagementConsole">
<Call name="start"/>
</Configure>
<!-- ================================================================ -->
<Configure class="com.cisco.aggbu.ssd.core.model.SSDMBean"
jmxname="com.cisco.aggbu:name=SSD">
<Call name="defineMode">
<Arg>Demo</Arg>
<Arg>com.cisco.aggbu.ssd.spis.demo.DemoAuthenticationService</Arg>
<Arg>com.cisco.aggbu.ssd.spis.demo.DemoAuthorizationService</Arg>
<Arg>com.cisco.aggbu.ssd.spis.demo.DemoConnectionService</Arg>
<Arg>com.cisco.aggbu.ssd.spis.demo.DemoServiceProfileService</Arg>
</Call>
<Call name="defineMode">
<Arg>RADIUS</Arg>
<Arg>com.cisco.aggbu.ssd.spis.radius.RADIUSAuthentication</Arg>
<Arg>com.cisco.aggbu.ssd.spis.radius.RADIUSAuthorization</Arg>
<Arg>com.cisco.aggbu.ssd.spis.radius.RADIUSConnection</Arg>
<Arg>com.cisco.aggbu.ssd.spis.radius.RADIUSServiceProfile</Arg>
</Call>
<Call name="defineMode">
<Arg>DESS</Arg>
<Arg>com.cisco.aggbu.ssd.spis.radius.RADIUSAuthentication</Arg>
<Arg>com.cisco.aggbu.ssd.spis.dess.DESSAuthorizationService</Arg>
<Arg>com.cisco.aggbu.ssd.spis.radius.RADIUSConnection</Arg>
<Arg>com.cisco.aggbu.ssd.spis.dess.DESSServiceProfileService</Arg>
</Call>
<Set name="mode"><SystemProperty name="ssd.mode" default="DESS"/></Set>
<Set name="singleSignOn" type="boolean">false</Set>
<Set name="autoConnect" type="boolean">false</Set>
<Set name="profileCachePeriod" type="int">600</Set>
</Configure>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=SSDDemoMode">
<!--
- This is the demo data file. It is in the format of a Merit
- dictionary with special extensions for this software.
-->
<Set name="demoDataFile"><SystemProperty
name="application.home"/>/config/demo.txt</Set>
<!--
- This is is an example of using brands in Demo mode.
- See the definitions for the brands below. The same example
- can be used in SSG configuration to tie subnets to brands.
-->
<Call name="setSubnetAttribute">
<Arg>127.0.0.0</Arg>
<Arg>255.0.0.0</Arg>
<Arg>SESSION_BRAND</Arg>
<Arg>gold</Arg>
</Call>
</Configure>
<!-- ================================================================ -->
<!-- Settings for the DESS SPI. -->
<Configure jmxname="com.cisco.aggbu:name=DESSMode">
<!-- The time in minutes between checking the authorization tokens. -->
<Set name="tokenCheckInterval" type="int">5</Set>
<!-- The age of a token (time since last used) for it to be removed from cache. -->
<Set name="tokenMaxAge" type="int">10</Set>
</Configure>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=SSG">
<!--
- Maxmimum number of simultaneous requests allowed to each SSG. Extra
- requests will be placed on a queue and issued as responses are received
- or timeout.
-->
<Set name="throttle" type="int">20</Set>
<!--
- Here we define attributes for RADIUS communication with the SSG If
- we are running with Port Bundle Host key then we need only define
- the global attributes for all of the SSGs.
-->
<Call name="setGlobalAttribute"><Arg>PORT</Arg><Arg>1812</Arg></Call>
<Call name="setGlobalAttribute"><Arg>TIMEOUTSECS</Arg><Arg>10</Arg></Call>
<Call name="setGlobalAttribute"><Arg>RETRIES</Arg><Arg>3</Arg></Call>
<Call name="setGlobalAttribute"><Arg>SECRET</Arg><Arg>cisco</Arg></Call>
<Call name="setGlobalAttribute"><Arg>MASK</Arg><Arg>255.255.255.255</Arg></Call>
<!--
- A non zero value here, the default should be 4, will turn Port
- Bundle Host Key on.
-->
<Call name="setGlobalAttribute"><Arg>BUNDLE_LENGTH</Arg><Arg>0</Arg></Call>
<!-- The following line configures a single non-hostkey SSG -->
<!-- Additional SSGs can be configured by adding further 'Call' elements -->
<!-- Remove the following call if the bundle size is ever set to > 0 -->
<!-- Arg list: <client subnet>, <subnet mask>, IP, <SSG IP address> -->
<Call
name="setSubnetAttribute"><Arg>10.25.0.0</Arg><Arg>255.255.0.0</Arg><Arg>IP</Arg><Arg>10.5
.5.1</Arg></Call>
<Call
name="setGlobalAttribute"><Arg>PORT_BUNDLE_HOST_KEY_SWITCH</Arg><Arg>false</Arg></Call>
<!--
- This value may be true or false. True is implied by a non zero
- BUNDLE_LENGTH. If the BUNDLE_LENGTH is non zero, then this value
- will be ignored. As a BUNDLE_LENGTH of 0 is a legal value, however,
- the Port Bundle Host Key feature can can also be turned on here
- when the BUNDLE_LENGTH is 0, which it would be for persistent
- connections.
<Call
name="setGlobalAttribute"><Arg>PORT_BUNDLE_HOST_KEY_SWITCH</Arg><Arg>true</Arg></Call>
-->
<!--
- If we need to map from a client IP address to an SSG explicitly,
- then we could have an entry like this:
<Call
name="setSubnetAttribute"><Arg>213.0.0.0</Arg><Arg>255.0.0.0</Arg><Arg>IP</Arg><Arg>195.24
5.182.2</Arg></Call>
- which would map the client subnet 213.0.0.0 to the SSG at
- 195.245.182.2 with the global parameters defined above for
- the RADIUS protocol.
-->
<!-- If we need to define a location for a subnet, say London, then we
- could do this:
<Call
name="setSubnetAttribute"><Arg>213.0.0.0</Arg><Arg>255.0.0.0</Arg><Arg>SESSION_LOCATION</A
rg><Arg>London</Arg></Call>
- See the location definitions below for illustrations of how
- attributes can be associated with locations.
-->
</Configure>
<!-- ================================================================ -->
<!--
- Here we define attributes for RADIUS communication with the RADIUS
- servers for service and group profiles in RADIUS mode.
-->
<!-- Uncomment and modify this element when run in RADIUS mode
<Configure jmxname="com.cisco.aggbu:name=AAA,connection=ServiceProfile">
<Set name="throttle" type="int">256</Set>
<Set name="timeOut" type="int">4</Set>
<Set name="retryCount" type="int">3</Set>
<Set name="primaryIP">127.0.0.1</Set>
<Set name="primaryPort" type="int">1812</Set>
<Set name="secret">cisco</Set>
<Set name="secondaryIP">127.0.0.2</Set>
<Set name="secondaryPort" type="int">1812</Set>
<Set name="servicePassword">servicecisco</Set>
<Call name="open"/>
</Configure>
<Configure jmxname="com.cisco.aggbu:name=AAA,connection=GroupProfile">
<Set name="throttle" type="int">256</Set>
<Set name="timeOut" type="int">4</Set>
<Set name="retryCount" type="int">3</Set>
<Set name="primaryIP">127.0.0.1</Set>
<Set name="primaryPort" type="int">1812</Set>
<Set name="secret">cisco</Set>
<Set name="secondaryIP">127.0.0.2</Set>
<Set name="secondaryPort" type="int">1812</Set>
<Set name="groupPassword">groupcisco</Set>
<Call name="open"/>
</Configure>
-->
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=captiveportal">
<!--
- This is the URL that the Captive Portal application will redirect
- to after it has copied the original request URL. It should point
- to the NWSP application.
-->
<Set name="captureToURL">http://localhost:80/decorate/pages/home.jsp</Set>
</Configure>
<!-- ================================================================ -->
<!--
- These are examples of how arbitrary contetxt properties can be used
- in the SESM applications.
-->
<Configure jmxname="com.cisco.aggbu:context=ssd">
<!--
- This section defines sub contexts of the SSD context within which
- further attributes can be defined below.
-->
<Call name="createSubContext"><Arg>options</Arg></Call>
<Call name="createSubContext"><Arg>location</Arg></Call>
<Call name="createSubContext"><Arg>brand</Arg></Call>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=options">
<!--
- These options control different aspects of the NWSP applications
- behaviours. These settings are used by the NWSP application to
- control different aspects of its behaviour.
-->
<!-- Use Icons in the service list instead of text. -->
<Put name="useIcons" type="boolean">TRUE</Put>
<!-- Confirm that you want to logon onto a service as opposed
- to single click logon. -->
<Put name="confirmAtServiceLogon" type="boolean">FALSE</Put>
<!-- Confirm that you want to logoff a service as opposed
- to single click logoff. -->
<Put name="confirmAtServiceLogoff" type="boolean">TRUE</Put>
<!-- Confirm that you want to logoff from the application as opposed
- to single click logoff. -->
<Put name="confirmAtAccountLogoff" type="boolean">TRUE</Put>
<!-- This overrides the setting in the Jetty nwsp.xml. -->
<Put name="sessionTimeOut" type="String">7200</Put>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=location">
<!-- Here we are defining separate contexts for locations. -->
<Call name="createSubContext"><Arg>London</Arg></Call>
<Call name="createSubContext"><Arg>Paris</Arg></Call>
<Call name="createSubContext"><Arg>NewYork</Arg></Call>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=location,1=London">
<!-- Here we define attributes for the London location. -->
<Put name="url">http://www.london.com</Put>
<Put name="river">Thames</Put>
<Put name="church">St Pauls</Put>
<Put name="brand">silver</Put>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=location,1=Paris">
<!-- Here we define attributes for the Paris location. -->
<Put name="url">http://www.paris-france.org/</Put>
<Put name="river">Seine</Put>
<Put name="church">Notre Dame</Put>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=location,1=NewYork">
<!-- Here we define attributes for the Hudson location. -->
<Put name="url">http://www.usa.net/newyork</Put>
<Put name="river">Hudson</Put>
<Put name="church">Wall Street</Put>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=brand">
<!-- Here we are defining separate contexts for brands. -->
<Call name="createSubContext"><Arg>acme</Arg></Call>
<Call name="createSubContext"><Arg>cisco</Arg></Call>
<!-- Silver and gold don't need additional attributes, but we
- define them here for completeness. -->
<Call name="createSubContext"><Arg>silver</Arg></Call>
<Call name="createSubContext"><Arg>gold</Arg></Call>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=brand,1=acme">
<!-- Here we define attributes for the acme brand. -->
<Put name="url">http://www.acme.com</Put>
<Put name="email">support@acme.com</Put>
</Configure>
<Configure jmxname="com.cisco.aggbu:context=ssd,0=brand,1=cisco">
<!-- Here we define attributes for the cisco brand. -->
<Put name="url">http://www.cisco.com</Put>
<Put name="email">support@cisco.com</Put>
</Configure>
</XmlConfig>
An example rdp.xml file follows. See "RDP Packet Handlers," for more information about this MBean and the possibilities for extending RDP functionality with customized packet handlers.
 |
Note The contents of this MBean is different depending on the options you checked during RDP installation. (The packet handlers are different.) The following file shows RDP installed in normal (non-proxy) mode, with the Add Services option checked. |
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE XmlConfig PUBLIC "-//Cisco Systems//DTD XmlConfig 1.1//EN"
"http://www.cisco.com/aggbu/xmlconfig_1_1.dtd">
<!-- Copyright (c) 2001 by Cisco Systems, Inc. All rights reserved. -->
<!-- This is the container independent configuration for the RDP application.
Container specific configuration can be found at:
$INSTALLROOT/$CONTAINER/config/rdp.xml
-->
<XmlConfig>
<!-- ================================================================ -->
<Instantiate order="1"
class="com.cisco.aggbu.jmx.LoggerMBean"
jmxname="com.cisco.aggbu:name=Logger" />
<Instantiate order="97"
class="com.cisco.aggbu.rdp.RDPPacketFactoryMBean"
jmxname="com.cisco.aggbu:name=RDPPacketFactory" />
<Instantiate order="98"
class="com.cisco.aggbu.rdp.RDPMBean"
jmxname="com.cisco.aggbu:name=RDP" />
<Instantiate order="96"
class="com.sun.jdmk.comm.HtmlAdaptorServer"
jmxname="com.cisco.aggbu:name=ManagementConsole">
<Arg type="int">
<SystemProperty name="management.portno"/>
</Arg>
<Arg>
<Array class="com.sun.jdmk.comm.AuthInfo">
<Item>
<New class="com.sun.jdmk.comm.AuthInfo">
<Arg>MgmtUser</Arg>
<Arg>MgmtPassword</Arg>
</New>
</Item>
</Array>
</Arg>
</Instantiate>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=Logger">
<Set name="debug" type="boolean"><SystemProperty name="rdp.debug"
default="false"/></Set>
<Set name="debugPatterns"></Set>
<Set name="debugThreads"></Set>
<Set name="debugVerbosity">LOW</Set>
<Set name="logDateFormat">yyyyMMdd:HHmmss.SSS</Set>
<Set name="logFile"><SystemProperty name="application.log"
default="./logs"/>/yyyy_mm_dd.application.log</Set>
<Set name="logFrame" type="boolean">false</Set>
<Set name="logStack" type="boolean">false</Set>
<Set name="logThread" type="boolean">true</Set>
<Set name="logToErr" type="boolean"><SystemProperty name="rdp.logToErr"
default="false"/></Set>
<Set name="trace" type="boolean">true</Set>
<Set name="warning" type="boolean">true</Set>
</Configure>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=ManagementConsole">
<Call name="start"/>
</Configure>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=RDPPacketFactory">
<Call name="addType">
<!-- The untyped handler looks for the service type AV in the packer to
- determine whether the request is for a service profile (service
- type == outbound) or a user profile (no service type)-->
<Arg>Untyped</Arg>
<Arg>com.cisco.aggbu.rdp.UntypedPacket</Arg>
</Call>
<Call name="addType">
<!-- There are six user logon handlers; userLogonPacket (authenticates),
- UserLogonFramedPacket (authenticates and adds a Service-type=2
- (Framed user) ), UserLogonFramedAddServicesPacket (authenticates
- and adds a Service-type=2 and services, i.e. authorizes),
- UserLogonAddServices (authenticates and authorizes),
- UserProxyAuthPacket (authenticates via a proxy) and
- UserProxyAuthAddServicePacket (authenticates via a proxy and
- authorizes) -->
<Arg>UserLogon</Arg>
<Arg>com.cisco.aggbu.rdp.UserLogonFramedPacket</Arg>
</Call>
<Call name="addType">
<Arg>ProfileRequest</Arg>
<!-- Attempts to match the password to the PASSWORD: attribute and
- return the matching value -->
<Arg>com.cisco.aggbu.rdp.ProfileRequestPacket</Arg>
</Call>
<!-- Following attribute and type handle service profiles -->
<Call name="setAttribute">
<Arg>PASSWORD:servicecisco</Arg>
<Arg>ServiceRequest</Arg>
</Call>
<Call name="addType">
<Arg>ServiceRequest</Arg>
<Arg>com.cisco.aggbu.rdp.ServiceProfilePacket</Arg>
</Call>
<!-- Following attribute and type handle group profiles -->
<Call name="setAttribute">
<Arg>PASSWORD:groupcisco</Arg>
<Arg>GroupRequest</Arg>
</Call>
<Call name="addType">
<Arg>GroupRequest</Arg>
<Arg>com.cisco.aggbu.rdp.GroupProfilePacket</Arg>
</Call>
<!-- Following attribute and type handle next hop profiles -->
<Call name="setAttribute">
<Arg>PASSWORD:nexthopcisco</Arg>
<Arg>NextHopRequest</Arg>
</Call>
<Call name="addType">
<Arg>NextHopRequest</Arg>
<Arg>com.cisco.aggbu.rdp.NextHopPacket</Arg>
</Call>
<Call name="addType">
<Arg>Unknown</Arg>
<!-- Does not respond to the request -->
<Arg>com.cisco.aggbu.rdp.DiscardPacket</Arg>
</Call>
<!-- Example use of a Proxy handler.
String after ';' is name of AAA connection (see AAAMBean below)
<Call name="addType">
<Arg>ProxyNextHop</Arg>
<Arg>com.cisco.aggbu.rdp.ProxyPacket;Proxy</Arg>
</Call>
-->
</Configure>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=RDP">
<Set id="RDPSecret" name="secret">cisco</Set>
<Set name="localIPAddress">10.5.5.3</Set>
<Set name="localPort" type="int"><SystemProperty name="application.portno"
default="1812"/></Set>
<Set name="minThreads" type="int">10</Set>
<Set name="maxThreads" type="int">256</Set>
<Set name="maxIdleTimeMs" type="int">10000</Set>
<Call name="startRDP"/>
</Configure>
<!-- ================================================================ -->
<!-- Uncomment and modify this element when run in proxy mode
<Configure jmxname="com.cisco.aggbu:name=AAA,connection=Proxy">
<Set name="throttle" type="int">256</Set>
<Set name="timeOut" type="int">4</Set>
<Set name="retryCount" type="int">1</Set>
<Set name="primaryIP">127.0.0.2</Set>
<Set name="primaryPort" type="int">1812</Set>
<Set id="AAASecret" name="secret">cisco</Set>
<Set name="secondaryIP">127.0.0.3</Set>
<Set name="secondaryPort" type="int">1812</Set>
<Call name="open"/>
</Configure>
-->
</XmlConfig>
An example cdat.xml file follows.
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE XmlConfig PUBLIC "-//Cisco Systems//DTD XmlConfig 1.1//EN"
"http://www.cisco.com/aggbu/xmlconfig_1_1.dtd">
<!-- Copyright (c) 2001 by Cisco Systems, Inc. All rights reserved. -->
<!-- This is the container independent configuration for the CDAT web application.
Container specific configuration can be found at:
$INSTALLROOT/$CONTAINER/config/cdat.xml
-->
<XmlConfig>
<!-- ================================================================ -->
<Instantiate order="1"
class="com.cisco.aggbu.jmx.LoggerMBean"
jmxname="com.cisco.aggbu:name=Logger" />
<Instantiate order="99"
class="com.sun.jdmk.comm.HtmlAdaptorServer"
jmxname="com.cisco.aggbu:name=ManagementConsole">
<Arg type="int">
<SystemProperty name="management.portno"/>
</Arg>
<Arg>
<Array class="com.sun.jdmk.comm.AuthInfo">
<Item>
<New class="com.sun.jdmk.comm.AuthInfo">
<Arg>MgmtUser</Arg>
<Arg>MgmtPassword</Arg>
</New>
</Item>
</Array>
</Arg>
</Instantiate>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=Logger">
<Set name="debug" type="boolean"><SystemProperty name="cdat.debug"
default="false"/></Set>
<Set name="debugPatterns"></Set>
<Set name="debugThreads"></Set>
<Set name="debugVerbosity">LOW</Set>
<Set name="logDateFormat"><SystemProperty name="cdat.logDateFormat"
default="HHmmss.SSS"/></Set>
<Set name="logFile"><SystemProperty name="application.log"
default="./logs"/>/yyyy_mm_dd.application.log</Set>
<Set name="logFrame" type="boolean">false</Set>
<Set name="logStack" type="boolean">false</Set>
<Set name="logThread" type="boolean">false</Set>
<Set name="logToErr" type="boolean"><SystemProperty name="cdat.logToErr"
default="false"/></Set>
<Set name="trace" type="boolean">true</Set>
<Set name="warning" type="boolean">true</Set>
</Configure>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=ManagementConsole">
<Call name="start"/>
</Configure>
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=CDAT">
<Set name="sessionTimeout" type="int">600</Set>
<Set name="maxVariables" type="int">40</Set>
<Set name="queryMaxResults" type="int">500</Set>
<Set name="queryTimeout" type="int">0</Set>
</Configure>
</XmlConfig>
An example DESS configuration file (config.xml) follows:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE XmlConfig PUBLIC "-//Cisco Systems//DTD XmlConfig 1.1//EN"
"http://www.cisco.com/aggbu/xmlconfig_1_1.dtd">
<!-- Copyright (c) 2001 by Cisco Systems, Inc. All rights reserved. -->
<!-- This is the dess-auth configuration -->
<XmlConfig>
<!-- ================================================================ -->
<Instantiate order="2"
class="com.cisco.aggbu.dessauth.ConnectionMBean"
jmxname="com.cisco.aggbu:name=Directory,type=Connection,instance=Primary"
/>
<Instantiate order="2"
class="com.cisco.aggbu.dessauth.ConnectionMBean"
jmxname="com.cisco.aggbu:name=Directory,type=Connection,instance=Secondary"
/>
<Instantiate order="3"
class="com.cisco.aggbu.dessauth.DirectoryMBean"
jmxname="com.cisco.aggbu:name=Directory" />
<!-- ================================================================ -->
<Configure jmxname="com.cisco.aggbu:name=Directory,type=Connection,instance=Primary">
<Set name="poolSize" type="int">2</Set>
<Set name="URL">ldap://10.0.0.2:389/</Set>
<Set name="principal">cn=admin,ou=sesm,o=cisco</Set>
<Set name="credentials">cisco</Set>
</Configure>
<Configure jmxname="com.cisco.aggbu:name=Directory,type=Connection,instance=Secondary">
<Set name="poolSize" type="int">2</Set>
<Set name="URL">ldap://10.0.0.2:389/</Set>
<Set name="principal">cn=admin,ou=sesm,o=cisco</Set>
<Set name="credentials">cisco</Set>
</Configure>
<Configure jmxname="com.cisco.aggbu:name=Directory">
<Set name="connectionNameRoot">com.cisco.aggbu:name=Directory,type=Connection,*</Set>
<Set name="factory">com.cisco.cns.security.jndi.JNDIConnection</Set>
<Set name="context">ou=sesm,o=cisco</Set>
<Set name="DESSPrincipal">cn=admin,ou=sesm,o=cisco</Set>
<Set name="alwaysGetAllAttributes" type="boolean">false</Set>
<Set name="traceFileName"><SystemProperty name="application.log"
default="./logs"/>/dess.log</Set>
<Set name="traceLevel">NONE</Set>
<Set name="printTraceToConsole" type="boolean">false</Set>
<Set name="stackTrace" type="boolean">false</Set>
<Set name="cacheMaxObjects" type="int">50000</Set>
<!-- Save at least cacheMinFreeMem% VM memory. -->
<!-- i.e. Cache can occupy 100-cacheMinFreeMem% memory -->
<Set name="cacheMinFreeMem" type="int">10</Set>
<!-- All timeout values are in seconds -->
<Set name="cacheSessionTimeout" type="int">600</Set>
<Set name="cacheExpireInterval" type="int">600</Set>
<Set name="cacheObjectTimeout" type="int">600</Set>
<Call name="commit"/>
</Configure>
</XmlConfig>
Posted: Wed Jul 24 12:09:08 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.