Es gibt verschiedene Ansätze zum Füllen des integrierten Sicherheitsspeichers von ArcGIS-Server mithilfe der ArcGIS-REST-API. Dieses bestimmte Skript erstellt Benutzern und Rollen aus zwei Textdateien: eine enthält eine Liste der Benutzer und die andere eine Liste der Rollen. Mit diesem Skript können einem einzelnen Benutzer mehrere Rollen zugewiesen werden.
Die Eingabedatei mit den Rollen sollte wie folgt strukturiert sein:
#Role|Description|Privilege
admins|Server Administrators|ADMINISTER
publishers|Service Publishers|PUBLISH
rangers|Park rangers|ACCESS
volunteers|Volunteer staff|ACCESS
visitors|Visitors|ACCESS
- Rolle: Ein Name für die Rolle.
- Beschreibung: Eine benutzerfreundliche Beschreibung der Rolle.
- Berechtigung: Der ArcGIS for Server-Rollentyp, der die Berechtigungsebene der Rolle festlegt. Es gibt drei Berechtigungsebenen: ADMINISTER|PUBLISH|ACCESS. Weitere Informationen dazu finden Sie unter Einschränken des Zugriffs auf ArcGIS for Server.
Die Eingabedatei mit den Benutzern sollte wie folgt strukturiert sein:
#User|Password|EMail|FullName|Description|RolesThatTheUserBelongsTo
John|changeme|johndoe@esri.com|John Doe|Server admin|admins
Jane|changeme|janedoe@esri.com|Jane Doe|Server publisher|publishers,rangers
Amy|changeme|amy@esri.com|Amy Doe|Summer intern|volunteers
Bob|changeme|bob@esri.com|Bob Doe|Park visitor|visitors
- Benutzer: Der Name für den Benutzer.
- Kennwort: Das Kennwort für den Benutzer.
- E-Mail: Die E-Mail-Adresse für den Benutzer.
- FullName: Der vollständige oder detaillierte Name des Benutzers.
- Beschreibung: Eine Beschreibung des Benutzers.
- RolesThatTheUserBelongsTo: Eine durch Kommas getrennte Liste der Rollen, die dem Benutzer zugewiesen werden sollen.
Sie können den Skriptcode ändern, um einen anderen Eigenschaftensatz zu erhalten oder einige der oben genannten Eigenschaften als Standard festzulegen.
Nachfolgend sehen Sie den Skripttext:
import json
import urllib,httplib
import sys
import getpass
import codecs
def main(argv=None):
# Ask for admin user name and password
username = raw_input("Enter user name: ")
password = getpass.getpass("Enter password: ")
# Ask for server name and the port
serverName = raw_input("Enter server name: ")
serverPort = raw_input("Enter server port: ")
# Get a token and connect
token = getToken(username, password, serverName, serverPort)
if token == "":
sys.exit(1)
# Input file that contains the role information
rolesFile = raw_input("Path to pipe-delimited text file containing roles: ")
# Input file that contains the user information
usersFile = raw_input("Path to pipe-delimited text file containing users: ")
# Dictionaries to store user and role information
roles = {}
rolePrivileges = {}
users = {}
userRoles = {}
# Loop through the roles file and create the roles
# Add the user information to a dictionary
num = 0
for roleRow in readlinesFromInputFile(rolesFile):
roles["role" + str(num)] = {"rolename":roleRow[0],"description":roleRow[1]}
rolePrivileges["rolePrivilege" + str(num)] = {"rolename":roleRow[0], "privilege":roleRow[2]}
num +=1
# Read the user's file
num = 0
for userRow in readlinesFromInputFile(usersFile):
# Add the user information to a dictionary
users["user" + str(num)] = {"username":userRow[0],"password":userRow[1],"email":userRow[2], "fullname":userRow[3],"description":userRow[4].rstrip()}
userRoles["userRole"+str(num)] = {"username" : userRow[0],"roles":userRow[5]}
num +=1
# Call helper functions to add users and roles
addRoles(roles,serverName, serverPort,token)
assignPrivilegeToRole(rolePrivileges, serverName, serverPort, token)
addUsers(users,serverName, serverPort,token)
addUsersToRoles(userRoles, serverName, serverPort, token)
# A function that reads lines from the input file
def readlinesFromInputFile(filename, delim='|'):
file = codecs.open(filename,'r','utf-8-sig')
for line in file.readlines():
# Remove the trailing whitespaces and the newline characters
line = line.rstrip()
if line.startswith('#') or len(line) == 0:
pass # Skip the lines that contain # at the beginning or any empty lines
else:
# Split the current line into list
yield line.split(delim)
file.close()
# A function that will post HTTP POST request to the server
def postToServer(serverName, serverPort, url, params):
httpConn = httplib.HTTPConnection(serverName, serverPort)
headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"}
# URL encode the resource URL
url = urllib.quote(url.encode('utf-8'))
# Build the connection to add the roles to the server
httpConn.request("POST", url, params, headers)
response = httpConn.getresponse()
data = response.read()
httpConn.close()
return (response, data)
# Helper function that adds the roles
def addRoles(roleDict, serverName, serverPort, token):
for roleToAdd in roleDict:
role = roleDict[roleToAdd]
print "Adding the role: " + role['rolename']
# URL for adding a role
addroleURL = "/arcgis/admin/security/roles/add"
params = urllib.urlencode({'token':token,'f':'json','rolename':role['rolename'],'description':role['description']})
response, data = postToServer(serverName, serverPort, addroleURL, params)
if (response.status != 200 or not assertJsonSuccess(data)):
print "Error adding the role: " + role['rolename']
print str(data)
else:
print "Added the role '" + role['rolename'] + "' successfully"
# Helper function that assigns privileges to roles
def assignPrivilegeToRole(privileges, serverName, serverPort, token):
for privilegeToAssign in privileges:
privilege = privileges[privilegeToAssign]
# URL for assigning a privilege to a role
assignPrivilegeURL = "/arcgis/admin/security/roles/assignPrivilege"
params = urllib.urlencode({'token':token,'f':'json','rolename':privilege['rolename'],'privilege':privilege['privilege']})
response, data = postToServer(serverName, serverPort, assignPrivilegeURL, params)
if (response.status != 200 or not assertJsonSuccess(data)):
print "Could not assign the privilege '" + privilege['privilege'] + "' to the role '" + privilege['rolename'] + "'"
print str(data)
else:
print "Assigned the privilege '" + privilege['privilege'] + "' to the role '" + privilege['rolename'] + "' successfully"
# Helper function that adds the users
def addUsers(userDict,serverName, serverPort, token):
for userAdd in userDict:
user = userDict[userAdd]
print "Adding the user:" + user['username']
# URL for adding a user
addUserURL = "/arcgis/admin/security/users/add"
params = urllib.urlencode({'token':token,'f':'json','username':user['username'],'password':user['password'],'fullname':user['fullname'],'description':user['description'],'email':user['email']})
response, data = postToServer(serverName, serverPort, addUserURL, params)
if (response.status != 200 or not assertJsonSuccess(data)):
print "Error adding user: " + user['username']
print str(data)
else:
print "Added the user '" + user['username'] + "' successfully"
# Helper function that adds users to roles
def addUsersToRoles(userRoleDict,serverName, serverPort, token):
for userAdd in userRoleDict:
userRole = userRoleDict[userAdd]
print "Adding the user '" + userRole['username'] + "' to the role(s) '" + userRole['roles'] + "'"
addUserToRolesURL = "/arcgis/admin/security/users/assignRoles"
params = urllib.urlencode({'token':token,'f':'json',"userName":userRole['username'],"roles":userRole['roles']})
response, data = postToServer(serverName, serverPort, addUserToRolesURL, params)
if (response.status != 200 or not assertJsonSuccess(data)):
print "Could not add user '" + userRole['username'] + "' to the role(s) '" + userRole['roles'] + "'"
print str(data)
else:
print "Added the user '" + userRole['username'] + "' to the role(s) '" + userRole['roles'] + "' successfully"
def getToken(username, password, serverName, serverPort):
httpConn = httplib.HTTPConnection(serverName, serverPort)
tokenURL = "/arcgis/admin/generateToken"
params = urllib.urlencode({'username': username, 'password': password,'client': 'requestip', 'f': 'json'})
response, data = postToServer(serverName, serverPort, tokenURL, params)
if (response.status != 200 or not assertJsonSuccess(data)):
print "Error while fetching tokens from admin URL. Please check if the server is running and ensure that the username/password provided are correct"
print str(data)
return
else:
# Extract the token from it
token = json.loads(data)
return token['token']
# A function that checks that the JSON response received from the server does not contain an error
def assertJsonSuccess(data):
obj = json.loads(data)
if 'status' in obj and obj['status'] == "error":
return False
else:
return True
# Script start
if __name__ == "__main__":
sys.exit(main(sys.argv[1:]))