Uranus Flexible License for Confluence
2024年7月
1. Technical Programme
1.1 Technical Framwork
Group Change project based on the Confluence system to achieve the Confluence user group change and licence group management, in order to meet the network security, at the same time with the two-way request of the internal and external networks, the system will be deployed in the DMZ area. The system is implemented based on SpringBoot+VUE and deployed in an independent database.
Secure Authentication
The system has independent operation and maintenance management, and its login authentication is based on basic JTW token authentication, JWT adopts symmetric encryption by RSA, and the access is filtered and verified by carrying the request header.
Plug-in Integration
Confluence has been integrated with the Group Change system and uses it without login by authorizing users in JIRA.
Synchronization
The synchronization business system has a bi-directional API request to meet the bi-directional synchronization.
API Access
Synchronization business can realize API access to external Confluence site through proxy mode, and also can directly expose intranet Confluence API access through the network.
Task Scheduling
Based on Quartz task scheduling framework, it realizes the execution of tasks through the configuration of different time interval granularity.
Network Isolation
The DMZ is isolated from the intranet environment. In order to realize plug-in integration access, it is necessary to open the port access between the intranet and the DMZ environment. If you need to expose the API, you need to configure DNAT rules to realize external API access.
1.2 Functional Description
The system provides the functions of group change configuration, white list configuration, license configuration, scheduled task opening, and viewing the login information of Confluence users for internal employees and external employees respectively. The overall function module is roughly as follows:
Prerequisite Functions:
The admin account can configure the Group Change information, and other accounts will trigger the change logic to execute based on the configured Group Change information only when they log in.
The admin account is the only super administrator account.
Function Module:
1. GC Config
Group Change configures from group, to group, whitelist, license group and timed tasks to move Confluence users who have not logged in for a customized number of days out of the license group. Select whether to open Group Change configuration when users log in, and whether to enable daily timed tasks.
2. User Manage
Realize intuitive paging to view the personal information and login information of Confluence users, including user name, email address, last login time, total login times and login failure times. You can select or remove the specified users from the license group in batches.
2. Operating Instructions
2.1 Preparation
2.1.1 Preparation Before Start-up
Database Creation Configuring Database Connection Methods
Start the Sync backend Main.class
Start the frontend npm run dev
Starting nginx
2.1.2 Configuring nginx
Nginx.config
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 4000;
server_name localhost;
location / {
proxy_pass http://localhost:4010/;
}
location /user-authorized/ {
proxy_pass http://localhost:8081/;
}
}
}
2.2 Log in
Login to the Confluence system and verify username and password in the backend.
2.3 Configuring GC Information
When configuring GC information, it is divided into internal employees and external employees, and From Group configuration in the two categories cannot be selected repeatedly. Removing the license, enabling scheduled tasks, and enabling login group addition are all common configurations for internal employees and external employees.
2.3.1 Group Added When the User Log In
On the application management page, click GC Config to enter the configuration page to configure, and then initiate the enable function at login.
Take user1 as an example, before logging in, it was in group1 and permission group. Then log in to the user1 account.
After logging in, query the user2 information again, and it has been added to group2 (there is a check here. If the number of existing licenses exceeds or is equal to the maximum number of licenses in the system, the operation of adding a group will not be performed).
2.3.2 Timed Task Setting
There are also timed tasks, moving unlogged-in users with a custom number of days out of the configured license group (unaffected if the user is in a configured whitelisted group) , and adding people from the To Group to the From Group on a daily basis (custom requirement).
2.3.3 Whitelist Group Setting
Customize the white list group. Users in this white list group will not be affected by regularly cleaning up the license of unregistered users.
2.4 People Management
In user management, you can view all the Confluence users by page, including user name, email address, last login time, login failure times and user creation time.
2.4.1 Quick Find Users
Users can be quickly located by fuzzy query.
2.4.2 License Moving Users Out of License
Select users to move out of the license in batches, or specify a single user to move out of the license group.
Move user1 out of the license here, and then check the group situation of user1.
User1 is no longer in group2, that is the configured license group (the move out license feature is not affected by whitelisting).