Introduction

The JS7 - Shiro Identity Service is a built-in service available from the JOC Cockpit.

• The Shiro Identity Service was available for early releases of JS7 and for JS1 releases.
• The Shiro Identity Service has been discontinued: 
  FEATURE AVAILABILITY ENDING WITH RELEASE 2.4.0

• A migration tool is available for users who upgrade from early JS7 2.0, 2.1 releases and from JS1 1.12, 1.13 releases.
• The migration tool reads existing Shiro configurations files and populates JS7 - Identity Services from accounts, roles and permissions.

Functionality

• Imports existing Shiro configuration files into JS7 - Identity Services:
• Creates and populates Identity Services:
  • Creates a JS7 - JOC Identity Service and adds accounts, roles and permissions.
  • Creates a JS7 - LDAP Identity Service for each LDAP Realm included with the Shiro configuration file.
  • Adds settings for the session idle timeout

Download

• Download: https://download.sos-berlin.com/ShiroMigrationTool/ShiroMigrationTool.zip

Installation

• Unzip the download archive to an arbitrary location in your file system.
• Move the included .jar files to the directory:
  • JETTY_HOME/lib/user_lib (Unix)
  • JETTY_HOME/lib/user_lib (Windows)
• Restart JOC Cockpit

Usage

The migration tool is is started from the command line like this:

cd /var/sos-berlin.com/js7/joc/jetty_base

/opt/sos-berlin.com/js7/joc/install/joc_manage_identity_service.sh import shiro.ini

cd C:\ProgramData\sos-berlin.com\js7\joc\jetty_base

"C:\Program Files\sos-berlin.com\js7\joc\install\joc_manage_identity_service.cmd" import shiro.ini

Explanation:

• The first arguments expect an existing <shiro-ini-file>. 
  •  Users can specify one of the Shiro configuration files shiro.ini, shiro.ini.active, shiro.ini.backup that can be found from JOC Cockpit directory:
    • JETTY_BASE/resources/joc (Unix)
    • JETTY_BASE\resources\joc (Windows)
• The second argument <hibernate_config_file> is optional.

Proceeding:

• The JS7 - JOC Identity Service with the name JOC-FROM-SHIRO is created and is populated with the accounts from the [users] section of the Shiro configuration file.
• The roles and permissions are imported and are assigned the accounts as specified in the Shiro configuration file.
• For each LDAP Realm a  JS7 - LDAP Identity Service is created. The name of the LDAP Realm is used as the name of the Identity Service.
• The value of sessionManager.globalSessionTimeout setting in the [main] section of the Shiro configuration file is used for the session idle timeout in the global Identity Service settings.
• The import does not modify existing Identity Services. 

Further Resources

Change Management References

Links

• JS7 - Identity Services
  • JS7 - JOC Identity Service
  • JS7 - LDAP Identity Service
  • JS7 - Shiro Identity Service
    • JS7 - Shiro Identity Service Migration