Spectrum Spatial Administration Guide - Support

Spectrum Spatial Administration Guide - Support
Spectrum Technology Platform
™
Version 11.0
Spectrum Spatial Administration Guide
Table of Contents
Viewing Version Information
Viewing and Exporting License Information
Monitoring Performance with the JMX Console
Monitoring Memory Usage
1 - Introduction
What's Included in This Guide
5
5 - Managing Memory and
Threading
2 - Configuring Your System
Changing the HTTP Port Number for Spectrum
Spatial
7
Changing Your Repository Database Type
8
Uploading and Accessing Resources using Third
Party Tools
15
Configuring the Web Services
16
Disabling Accuracy Files for Datum Transforms 17
Configuring Request Timeouts
17
Configuring the Volatile Attribute for Named
Tables
18
™
Running Spectrum Technology Platform as a Linux
Service
19
Configuring a Linux Machine for MRR
21
Disabling Default HTTP Cache Control
Headers
22
24
47
4 - Monitoring Your System
Viewing System Events
Spatial Logging
Configuring a Mail Server
Selecting Items for Expiration Notification
Remote Component Configuration
Data Source Pooling Configuration
61
62
6 - Managing a Cluster
Clustered Architecture for the Location Intelligence
Module
64
Using Enterprise Designer with a Cluster
65
Managing a Cluster for the Location Intelligence
Module
66
Removing a Node from a Cluster
69
Shutting Down a Cluster
70
7 - Using the Administration
Utility
3 - Managing Security
Security for the Spectrum™ Technology
Platform
Security for the Location Intelligence Module
57
57
58
59
Getting Started with the Administration Utility
Using a Script with the Administration Utility
Location Intelligence Module
Enterprise Routing Module
72
73
74
79
8 - Enterprise Routing Module
52
53
55
56
Specifying Default Service/Stage Options
Previewing a Service/Stage
97
97
Getting Route Data using Management
Console
99
9 - Troubleshooting Your
System
Rebuilding a Corrupt Repository Index
102
Monitoring Memory Usage of a Non-Responsive
Server
102
10 - Appendix - Managing
Security with the User
Management Service
Introduction
Setting User Permissions
Spectrum™ Technology Platform 11.0
106
108
Spectrum Spatial Administration Guide
3
1 - Introduction
In this section
What's Included in This Guide
5
Introduction
What's Included in This Guide
Welcome to the Spectrum Spatial Administration Guide. This guide will help you build a web mapping
application or embed mapping in an existing application using a variety of web services, capabilities,
tools and sample code.
Addressed in this guide are:
• Configuring your system by changing the default port number or repository database; accessing
the repository; accessing and uploading resources; configuring web services; and running
Spectrum™ Technology Platform as a Linux service
• Managing security using the Management Console, including how to add users and roles, as well
as how to apply security entity overrides
• Monitoring your system, including logging, viewing version and license information, using the JMX
Console to monitor performance, and monitoring memory usage
• Managing memory and threading, including JVM performance tuning, adjusting pool size, and
increasing heap memory
• Load balancing spatial services for resilience or high capacity
• Troubleshooting your system, including rebuilding a corrupt repository index and monitory memory
usage of a non-responsive server
• Managing security using the User Management Service (deprecated in a future release)
Additional Spectrum™ Technology Platform and Location Intelligence Module documentation is
located online at support.pb.com.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
5
2 - Configuring Your
System
In this section
Changing the HTTP Port Number for Spectrum Spatial
Changing Your Repository Database Type
Uploading and Accessing Resources using Third Party Tools
Configuring the Web Services
Disabling Accuracy Files for Datum Transforms
Configuring Request Timeouts
Configuring the Volatile Attribute for Named Tables
Running Spectrum™ Technology Platform as a Linux Service
Configuring a Linux Machine for MRR
Disabling Default HTTP Cache Control Headers
7
8
15
16
17
17
18
19
21
22
Configuring Your System
Changing the HTTP Port Number for Spectrum Spatial
The HTTP port is used to access all Spectrum web services, whether via REST or SOAP, and for
the Welcome page, sample apps and Spatial Manager.
After Spectrum™ Technology Platform is installed, you can change the existing port settings that
were assigned during installation by manually editing the global, startup, and individual service
configuration files. There are several reasons you may need to change the port number:
• The silent installer for Spectrum™ Technology Platform does not allow you to specify the port; it
can only be specified after installation.
• A port conflict occurs after installation.
• You want to try out a new version of Spectrum without removing your old one. Since you cannot
install them both, you can turn off the existing version and install a Spectrum image that uses a
different port.
• You need a proxy on port 8080 but have a limited number of ports to expose externally, so you
would like to move Spectrum without re-creating all your settings and data flows.
Note: This task is only for experienced administrators who have application server experience
changing port numbers, as network port conflicts can result in module components failing
to start. One indication that a component has failed to start is if it does not appear in the
Management Console. To troubleshoot the problem, look at the Spectrum Server wrapper
log. This log shows which port is causing the problem. You can find the Spectrum Server
wrapper log in: <install folder>\server\app\repository\logs\wrapper.log.
To make Spectrum run under the new HTTP port, a number of entries in properties and configuration
files need to be changed. To change the service configurations, you must have WebDAV file editing
enabled on the server. WebDAV is available on Windows and Linux servers but may need to be
installed.
To change the port number:
1. In spectrum-container.properties change the value of spectrum.http.port to the new port
number. This file is located in <install_folder>/server/app/conf.
2. In the java.properties file change all the repository.host ports and image.webapp.url.
This file is located in <install_folder>/server/modules/spatial.
3. Using WebDAV editing while Spectrum is running, open the repository contents as a drive letter
and edit the service configurations that are located in the Configuration folder at the root of the
repository. Change the old port number to the new one in each service configuration. There are
one or two references to the port number in each configuration.
If you are relocating the server so it can use a different port, it is likely that Spectrum server is
not running. You will not be able to edit the service configuration files until the server is running.
You will need to start the server, edit the configurations and restart the server again.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
7
Configuring Your System
Note: Be sure you are editing what is in the Configuration folder in the repository, not in the
Configuration folder in your Spectrum installation.
4. Restart Spectrum so the ports and property changes can take effect.
Changing Your Repository Database Type
Spectrum stores named resources (maps, layers, tables and styles), geographic metadata and
configuration in a repository. In the default single server installation an embedded database is used
to store these resources on the local server. There are several reasons you may need to use a
database other than the embedded Derby database:
• To create a scalable solution that uses a resilient independent database.
• To use an in-house database preferred or dictated by your company.
In this release, Spectrum supports Oracle, PostGreSQL/PostGIS and Microsoft SQL Server as
repository databases.
Set Up a PostgreSQL Repository
These steps describe how to set up your repository on a PostgreSQL database:
1. Copy all repository resources to a local folder using WebDAV or the limrepo export command
in the Administration Utility (see the Administration section of the Spectrum Spatial Guide for
instructions).
The contents of the installed repository must be exported. This step only needs to be performed
once, as the contents of the repository should be the same at this point for all instances of
Spectrum™ Technology Platform.
2. Back up the folder /<spectrum root>/server/modules/spatial/jackrabbit to a local directory or disk.
3. Stop Spectrum.
4. On all instances of Spectrum™ Technology Platform, add the database JDBC driver to the
Spectrum common lib directory to allow it to use the selected database. Copy the
postgresql-x.x-x-jdbcx.jar file from /<spectrum root>/server/modules/spatial/lib
to /<spectrum root>/server/app/lib.
5. On all instances of Spectrum™ Technology Platform, edit the /<spectrum
root>/server/modules/spatial/jackrabbit/repository.xml file to point the repository to a database
and add clustering. There are four separate changes you need to make:
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
8
Configuring Your System
a) Modify the two FileSystem sections within the Repository and Workspace sections of the file:
<FileSystem class="org.apache.jackrabbit.core.fs.db.DbFileSystem">
<param name="driver" value="org.postgresql.Driver"/>
<param name="url"
value="jdbc:postgresql://<hostname>:<port>/<databasename>"/>
<param name="schema" value="postgresql"/>
<param name="user" value="<user>"/>
<param name="password" value="<pwd>"/>
<param name="schemaObjectPrefix" value="rep_"/>
</FileSystem>
b) Modify the Persistence Manager section within the Workspace section:
<PersistenceManager
class="org.apache.jackrabbit.core.persistence.bundle.PostgreSQLPersistenceManager">
<param name="url"
value="jdbc:postgresql://<hostname>:<port>/<databasename>"/>
<param name="schema" value="postgresql"/>
<param name="user" value="<user>"/>
<param name="password" value="<pwd>"/>
<param name="schemaObjectPrefix" value="${wsp.name}_"/>
<param name="externalBLOBs" value="false"/>
</PersistenceManager>
c) Enable Clustering at the end of the file, right above the </Repository> tag. Each instance of
Spectrum will need to have a distinct Cluster id to enable synchronization of clustering to work.
The delay defines the time delay for synchronization in milliseconds.
<Cluster id="node1" syncDelay="2000">
<Journal
class="org.apache.jackrabbit.core.journal.DatabaseJournal">
<param name="revision" value="${rep.home}/revision.log" />
<param name="driver" value="org.postgresql.Driver" />
<param name="url"
value="jdbc:postgresql://<hostname>:<port>/<databasename>" />
<param name="schema" value="postgresql"/>
<param name="schemaObjectPrefix" value="rep_"/>
<param name="user" value="<user>"/>
<param name="password" value="<pwd>"/>
<param name="databaseType" value="postgresql"/>
</Journal>
</Cluster>
d) Comment out the DataStore section:
<DataStore class="org.apache.jackrabbit.core.data.FileDataStore"/>
6. On all instances of Spectrum™ Technology Platform, remove the following folders from the
/server/modules/spatial/jackrabbit directory: repository, version, workspaces.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
9
Configuring Your System
7. If your PostgreSQL database has previously had repository content added, you must remove
tables from your database so a clean repository can be created. If you are starting with a new
database, make sure the tables do not exist. The following tables need to be removed from the
database:
public.default_names_id_seq
public.default_binval
public.default_bundle
public.default_names
public.default_refs
public rep_fsentry
public.rep_global_revision
public.rep_journal
public.rep_local_revisions
public.security_binval
public.security_bundle
public.security_names
public.security_refs
8. Start Spectrum.
9. Restore the resources by copying them from the local folder into the Repository using WebDAV
or the limrepo import command in the Administration Utility (see the Administration section
of the Spectrum Spatial Guide for instructions).
Import the content of the repository you previously exported back into the repository. This step
only needs to be performed on one of the Spectrum™ Technology Platform instances.
Set Up an Oracle Repository
These steps describe how to set up your repository on an Oracle database:
1. Copy all repository resources to a local folder using WebDAV or the limrepo export command
in the Administration Utility (see the Administration section of the Spectrum Spatial Guide for
instructions).
The contents of the installed repository must be exported. This step only needs to be performed
once, as the contents of the repository should be the same at this point for all instances of
Spectrum™ Technology Platform.
2. Back up the folder /<spectrum root>/server/modules/spatial/jackrabbit to a local directory or disk.
3. Stop Spectrum.
4. On all instances of Spectrum™ Technology Platform, add the database JDBC driver to the
Spectrum common lib directory to allow it to use the selected database. Copy the ojdbc6-x.x.x.x.jar
file from /<spectrum root>/server/modules/spatial/lib to /<spectrum
root>/server/app/lib.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
10
Configuring Your System
5. On all instances of Spectrum™ Technology Platform, edit the /<spectrum
root>/server/modules/spatial/jackrabbit/repository.xml file to point the repository to a database
and add clustering. There are four separate changes you need to make:
a) Modify the two FileSystem sections within the Repository and Workspace sections of the file:
<FileSystem class="org.apache.jackrabbit.core.fs.db.OracleFileSystem">
<param name="driver" value="oracle.jdbc.OracleDriver"
/>
<param name="url"
value="jdbc:oracle:thin:@//<hostname>:<port>/<databasename>" />
<param name="user" value="<user>" />
<param name="password" value="<pwd>" />
<param name="schema" value="oracle"/>
<param name="schemaObjectPrefix" value="rep_"/>
</FileSystem>
b) Modify the Persistence Manager section within the Workspace section:
<PersistenceManager
class="org.apache.jackrabbit.core.persistence.pool.OraclePersistenceManager">
<param name="driver" value="oracle.jdbc.OracleDriver"
/>
<param name="url"
value="jdbc:oracle:thin:@//<hostname>:<port>/<databasename>" />
<param name="user" value="<user>" />
<param name="password" value="<pwd>" />
<param name="schema" value="oracle"/>
<param name="schemaObjectPrefix" value="${wsp.name}_"/>
<param name="externalBLOBs" value="false"/>
</PersistenceManager>
c) Enable clustering at the end of the file, right above the </Repository> tag. Each instance of
Spectrum will need to have a distinct id to enable synchronization of clustering to work. The
delay defines the time delay for synchronization in milliseconds.
<Cluster id="node1" syncDelay="2000">
<Journal
class="org.apache.jackrabbit.core.journal.OracleDatabaseJournal">
<param name="driver" value="oracle.jdbc.OracleDriver"
/>
<param name="url"
value="jdbc:oracle:thin:@//<hostname>:<port>/<databasename>" />
<param name="schema" value="oracle"/>
<param name="schemaObjectPrefix" value="rep_"/>
<param name="user" value="<user>" />
<param name="password" value="<pwd>" />
<param name="databaseType" value="oracle"/>
<param name="revision" value="${rep.home}/revision.log"
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
11
Configuring Your System
/>
</Journal>
</Cluster>
d) Comment out the DataStore section:
<DataStore class="org.apache.jackrabbit.core.data.FileDataStore"/>
6. On all instances of Spectrum™ Technology Platform, remove the following folders from the
/server/modules/spatial/jackrabbit directory: repository, version, workspaces.
7. If your Oracle database has previously had repository content added, you must remove tables
from your database so a clean repository can be created. If you are starting with a new database,
make sure the tables do not exist. The following tables need to be removed from the database:
default_names_id_seq
default_binval
default_bundle
default_names
default_refs
public rep_fsentry
rep_global_revision
rep_journal
rep_local_revisions
security_binval
security_bundle
security_names
security_refs
8. Start Spectrum.
9. Restore the resources by copying them from the local folder into the Repository using WebDAV
or the limrepo import command in the Administration Utility (see the Administration section
of the Spectrum Spatial Guide for instructions).
Import the content of the repository you previously exported back into the repository. This step
only needs to be performed on one of the Spectrum™ Technology Platform instances.
Set Up an MS SQL Server Repository
These steps describe how to set up your repository on an MS SQL Server database:
1. Copy all repository resources to a local folder using WebDAV or the limrepo export command
in the Administration Utility (see the Administration section of the Spectrum Spatial Guide for
instructions).
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
12
Configuring Your System
The contents of the installed repository must be exported. This step only needs to be performed
once, as the contents of the repository should be the same at this point for all instances of
Spectrum™ Technology Platform.
2. Back up the folder /<spectrum root>/server/modules/spatial/jackrabbit to a local directory or disk.
3. Stop Spectrum on all nodes.
4. On all instances of Spectrum™ Technology Platform, add the database JDBC driver to the
Spectrum common lib directory to allow it to use the selected database. Copy the sqljdbcx-x.x.jar
file from /<spectrum root>/server/modules/spatial/lib to /<spectrum
root>/server/app/lib.
5. On all instances of Spectrum™ Technology Platform, edit the /<spectrum
root>/server/modules/spatial/jackrabbit/repository.xml file to point the repository to a database
and add clustering. There are four separate changes you need to make:
a) Modify the two FileSystem sections within the Repository and Workspace sections of the file:
<FileSystem class="org.apache.jackrabbit.core.fs.db.MSSqlFileSystem">
<param name="driver"
value="com.microsoft.sqlserver.jdbc.SQLServerDriver"/>
<param name="url"
value="jdbc:sqlserver://<hostname>:<port>;databaseName=<databasename>;"/>
<param name="schema" value="mssql"/>
<param name="user" value="<user>"/>
<param name="password" value="<pwd>"/>
<param name="schemaObjectPrefix" value="rep_"/>
</FileSystem>
b) Modify the Persistence Manager section within the Workspace section:
<PersistenceManager
class="org.apache.jackrabbit.core.persistence.pool.MSSqlPersistenceManager">
<param name="url"
value="jdbc:sqlserver://<hostname>:<port>;databaseName=<databasename>;"/>
<param name="schema" value="mssql"/>
<param name="user" value="<user>"/>
<param name="password" value="<pwd>"/>
<param name="schemaObjectPrefix" value="${wsp.name}_"/>
<param name="externalBLOBs" value="false"/>
<param name="tableSpace" value=""/>
</PersistenceManager>
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
13
Configuring Your System
c) Enable clustering at the end of the file, right above the </Repository> tag. Each instance of
Spectrum will need to have a distinct id to enable synchronization of clustering to work. The
delay defines the time delay for synchronization in milliseconds.
<Cluster id="node1" syncDelay="2000">
<Journal
class="org.apache.jackrabbit.core.journal.MSSqlDatabaseJournal">
<param name="revision" value="${rep.home}/revision.log" />
<param name="driver"
value="com.microsoft.sqlserver.jdbc.SQLServerDriver"/>
<param name="url"
value="jdbc:sqlserver://<hostname>:<port>;databaseName=<databasename>;"/>
<param name="user" value="<user>"/>
<param name="password" value="<pwd>"/>
<param name="schema" value="mssql"/>
<param name="schemaObjectPrefix" value="rep_"/>
<param name="databaseType" value="mssql"/>
</Journal>
</Cluster>
d) Comment out the DataStore section:
<DataStore class="org.apache.jackrabbit.core.data.FileDataStore"/>
6. On all instances of Spectrum™ Technology Platform, remove the following folders from the
/server/modules/spatial/jackrabbit directory: repository, version, workspaces.
7. If your SQL Server database has previously had repository content added, you must remove
tables from your database so a clean repository can be created. If you are starting with a new
database, make sure the tables do not exist. The following tables need to be removed from the
database:
default_names_id_seq
default_binval
default_bundle
default_names
default_refs
public rep_fsentry
rep_global_revision
rep_journal
rep_local_revisions
security_binval
security_bundle
security_names
security_refs
8. Start Spectrum on all nodes.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
14
Configuring Your System
9. Restore the resources by copying them from the local folder into the repository using WebDAV
or the limrepo import command in the Administration Utility (see the Administration section
of the Spectrum Spatial Guide for instructions).
Import the content of the repository you previously exported back into the repository. This step
only needs to be performed on one of the Spectrum™ Technology Platform instances.
Uploading and Accessing Resources using Third Party Tools
Named resource files are stored in the repository. A number of sample files that ship with Spectrum™
Technology Platform are located at
http://<server>:<port>/RepositoryService/repository/default/Samples under a particular folder.
For example:
•
•
•
•
•
NamedLayers
NamedMaps
NamedStyles
NamedTables
NamedTiles
For your own named resources, you can create any folder name you wish.
You can access these files manually using a WebDAV protocol tool such as WebFolders to access
the JCR repository.
Using WebFolders to Access Spectrum Spatial Repository Resources
To add or modify a named resource, you can copy it to or from the repository using a WebDAV tool.
Using WebFolders is an easy way to access the Spectrum Spatial repository and the resources
contained in it.
Note: To access the repository, you must be on the same machine where Spectrum™ Technology
Platform and the repository are installed.
To configure a WebFolder on Windows 7:
1. Using Windows Explorer, select Map Network Drive...
2. In the pop-up window, click on the link 'Connect to a website...' to open the Add Network
Location Wizard.
3. Click Next and select Choose a custom network location. Click Next.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
15
Configuring Your System
4. In the Internet or network address field add the repository URL; for example,
http://<server>:<port>/RepositoryService/repository/default/. Click Next.
5. Enter your credentials (username and password) if you are prompted for them.
6. Give this connection a name; for example, Spectrum Spatial Repository. Click Next.
Once finished, you will have a folder connection to the contents of the repository under your network
places.
The WebFolder connection to the repository can be used like any other Windows Explorer folder.
Note: Be aware that if you use WebDAV to make changes to named resources or metadata
resource records such that they are not located in the same folder or do not have the same
base name, then Spatial Manager will no longer make matching changes to metadata records
for move, rename or delete operations done on a resource.
Configuring the Web Services
This section provides information about how to configure the Location Intelligence Module web
services.
About Web Service Configurations
You can, and frequently must, explicitly specify the desired behavior of the Location Intelligence
Module web services via settings in each web service's configuration file. The configuration file for
1
each web service is held in the Location Intelligence Module repository as a named configuration.
Note: Named configurations are not like other named resources that are held in the repository.
You cannot use the Named Resource Service to access named configurations. Instead, you
must use a WebDAV tool such as WebFolders.
Configuration files are pre-loaded in the repository for each service. These configuration files are
located at
http://hostname:port/RepositoryService/repository/default/Configuration/.
For information about the name and location of each web service's named configuration in the
repository, as well as a list of the configuration parameters for each web service, refer to the "Working
With Spatial Services" chapter in the Spectrum Spatial Developer Guide.
1
The Geometry Service alone does not have a corresponding named configuration because the
Geometry Service has no configurable settings.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
16
Configuring Your System
Disabling Accuracy Files for Datum Transforms
Spectrum Spatial supports conversions between certain datums by using algorithms that help shift
coordinates more accurately. A separate jar file that contains these algorithms is installed by default
for each datum transform located in the Spectrum Installation Location\server\app\types directory:
• midev-core-coordsys-irishtm-version number-onprem.jar for Irish Transverse Mercator
• midev-core-coordsys-jgd2000-version number-onprem.jar (also enables the updated version,
JGD2011) for Japanese datums
• midev-core-coordsys-nadcon-version number-onprem.jar for US Nad27-Nad83
• midev-core-coordsys-ntv2-version number-onprem.jar for NTV2, which contains multiple conversions
for many countries.
Note: An XML file inside this jar controls which conversions are in use. To disable specific
conversions within that file, stop the server and extract the XML file from the jar. Use an
editor to set the entries to "false" for each conversion you want to disable. Add the edited
XML file back into the jar, then restart the server.
• midev-core-coordsys-rgf93-version number-onprem.jar for French Lambert conversions
By default, all of these jar files are loaded; however, their use can negatively affect the performance
of certain operations. These conversions can be disabled in some cases, such as when you do not
require a certain type of conversion (for example, if you have no need to convert Japanese datums)
or the performance gains outweigh the benefits of accuracy at lower zoom levels.
To disable a specific transform:
1. Stop the server.
2. Remove the jar from the directory. Alternatively, you can rename the jar file to have a different
extension (for example, .jar~) which will prevent it from being loaded.
3. Restart the server.
Configuring Request Timeouts
Spectrum Spatial allows you to set a timeout for SOAP and REST operations as part of a request
to the Mapping and Feature services. The timeout is enabled by default with a value of 300 seconds
(5 minutes).
To apply the timeout, entry and intermediate pointcuts need to be configured. This is done in the
aop.xml located under server/modules/spatial/. The file includes several implementations that you
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
17
Configuring Your System
can use. The entry point is the point where the timeout starts measuring time. The intermediary
points are where the timeout checks if the operation timed out.
Use this, for example, when you want to apply a timeout to SOAP and REST renderMap methods
and some intermediary steps (calls to the database, searching tables, retrieving candidates).
To adjust the default timeout value of 300 seconds, edit the timeout property for the Mapping and/or
Feature services in the java.properties located under /server/modules/spatial.
timeout.mapping.value=300
timeout.feature.value=300
If the specified timeout value is <= 0, then the timeout will be disabled.
After changing the timeout value changes, restart Spectrum™ Technology Platform.
Configuring the Volatile Attribute for Named Tables
Volatility is an indication to Spectrum Spatial that information from a data source can change at any
time. The default value for TAB, SAP HANA, and JDBC-based (Oracle, SQL Server and PostGIS)
named tables is set to true, meaning that for each data access operation, such as a query or insert,
Spectrum Spatial checks with the data source to find out if the table is volatile and if so, whether
the data changed. If the data has changed, the cache is flushed and the table is reloaded before
the data access operation can proceed. If the table did not change, the query or other operation is
carried out on the data in the cache. See Supported Data Sources for what triggers a change for
each data source.
Volatility is set to true for named tables that are uploaded from MapInfo Professional using Map
Uploader. Volatility is true for any named tables created with Spatial Manager. Older named tables
in the repository are considered to be volatile but will not indicate that when viewed in the Spatial
Manager table details page.
Setting this flag to false should be done on tables that do not change. For example, when generating
tiles from volatile TAB files, the operation will perform very slowly. If you are using PostGIS, you
may also want to consider setting this flag to false to avoid encountering connection errors in Spatial
Manager (for example, when viewing the sample rows on the table details page).
To change the setting to false use the Volatility toggle on the table details page in Spatial Manager.
See the Utilities section of the Spectrum Spatial Guide for more information on creating and modifying
named tables in Spatial Manager.
You must restart the server when you change the volatile flag from false to true on any existing
named table or when creating a new named table based on a database table that was previously
set to false.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
18
Configuring Your System
Note: Do not use the updateNamedResource operation in the Named Resource Service to change
this value or manually edit the named table definition that you accessed via WebDAV in a
text editor.
Running Spectrum Technology Platform as a Linux Service
™
This tutorial will show you the steps you need to follow to run Spectrum™ Technology Platform as
a Linux service.
How to Run Spectrum™ Technology Platform as a Linux Service
These instructions describe how to run the Spectrum™ Technology Platform as a Linux service.
1. Modify the provided pbspectrum script which is located here: PBSpectrum Script on page 20.
a) Modify the chkconfig parameter at line# 5. By Default this parameter is: # chkconfig:
35 90 10
First value(35) is runlevel. Use 'man init' for more information.
Second value(90) is start priority
Third value(10) is stop priority.
Start and stop priority should be set according to the dependent services. For example, if
Oracle Server is running on the same machine and is used by Spectrum™ Technology Platform
then the Spectrum™ Technology Platform starting priority should be less than the Oracle
Service and stopping priority should be higher than the Oracle service. Use 'man chkconfig'
for more information.
b) Modify SPECTRUM_ROOT variable at line #11 with your Spectrum™ Technology Platform
installation directory.
c) If you are using SUSE Linux, you must change the default preferred user from su to runuser.
2. Copy the modified pbspectrum script to either /etc/rc.d/init.d for RedHat Linux or
/etc/init.d for Suse Linux.
3. Change the mode of the pbspectrum script to executable. /etc/rc.d/init.d for RedHat
Linux or /etc/init.d for Suse Linux.
cd /etc/init.d or cd /etc/rc.d/init.d depending on your Linux version.
run chmod +x pbspectrum
4. Run chkconfig --add pbspectrum
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
19
Configuring Your System
5. Verify the script is working by restarting the machine. Use shutdown -r now to reboot from
shell.
Once completed, you may also use the following:
• service pbspectrum start to start Spatial Server
• service pbspectrum stop to stop Spatial Server
• service pbspectrum restart to restart Spatial Server
Note: The provided script runs the command 'ulimit -n 8192' which is required to increase the
number of open files in Linux.
PBSpectrum Script
The following script is used as the basis for this procedure: How to Run Spectrum™ Technology
Platform as a Linux Service on page 19.
#! /bin/bash
#
#
#
#
#
#
#
#
pbspectrum Bring up/down PB Spectrum platform
chkconfig: 35 90 10
description: Starts and stops the spectrum
/etc/rc.d/init.d/pbspectrum
See how we were called.
SPECTRUM_ROOT=/root/PBSpectrum
start() {
su - spectrum -c ". $SPECTRUM_ROOT/server/bin/setup;
ulimit -n 8192;
$SPECTRUM_ROOT/server/bin/server.start"
RETVAL=$?
return $RETVAL
}
stop() {
su - spectrum -c ". $SPECTRUM_ROOT/server/bin/setup;
$SPECTRUM_ROOT/server/bin/server.stop"
RETVAL=$?
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
20
Configuring Your System
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $"Usage: pbspectrum {start|stop|restart}"
exit 1
esac
exit $RETVAL
Configuring a Linux Machine for MRR
To use MRR (Multi Resolution Raster) files on Spectrum Spatial in a Linux environment, GCC and
LIBC must be upgraded to the proper versions.
To configure a Linux machine for MRR:
1. Install the UUID package, which installs LIBC v.2.17.
For example, to install UUID on Cent OS:
• wget
http://ftp.riken.jp/Linux/centos/6/os/x86_64/Packages/libuuid-2.17.2-12.18.el6.x86_64.rpm
• sudo yum -y install libuuid-2.17.2-12.18.el6.x86_64.rpm
• sudo yum -y install libuuid-devel
2. Install devtoolset-3, which installs GCC v.4.9. For instructions, see
https://www.softwarecollections.org/en/scls/rhscl/devtoolset-3/.
3. Verify that GCC v.4.9 and LIBC v.2.17 (or higher) are installed.
4. Ensure that all the dependencies were resolved in the above steps. If any dependency is
unresolved, install it and then repeat Step 2.
For example, the following are some of the required dependencies for an OEL 6.5 machine:
• wget https://www.softwarecollections.org/en/scls/mizdebsk/
maven30-rhel-6/epel-6-x86_64/download/mizdebsk-maven30-rhel-6-epel-6-x86_64.noarch.rpm
• sudo yum -y install mizdebsk-maven30-rhel-6-epel-6-x86_64-1-2.noarch.rpm
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
21
Configuring Your System
• wget https://www.softwarecollections.org/en/scls/rhscl/
maven30/epel-6-x86_64/download/rhscl-maven30-epel-6-x86_64.noarch.rpm
• sudo yum -y install rhscl-maven30-epel-6-x86_64-1-2.noarch.rpm
• sudo yum -y install maven30
• wget https://www.softwarecollections.org/en/scls/mbooth/
eclipse-luna/fedora-20-x86_64/download/mbooth-eclipse-luna-fedora-20-x86_64.noarch.rpm
• sudo yum -y install mbooth-eclipse-luna-fedora-20-x86_64-1-2.noarch.rpm
• sudo yum -y install --skip-broken eclipse-luna
Disabling Default HTTP Cache Control Headers
By default, Spectrum™ Technology Platform web services use the following HTTP headers for
caching:
Cache-Control: no-cache,no-store,no-transform,must-revalidate
Expires: Wed, 07 Jan 2015 15:38:03 GMT //48 hours in the past
Pragma: no-cache
These HTTP headers are not appropriate for the Map Tiling Service; however, you can disable these
default HTTP headers and instead set the HTTP cache behavior in the headers that are defined in
the individual web services.
Note: If you are applying this change to a cluster you must repeat the following procedure on each
node in the cluster.
To disable the default HTTP cache control headers:
1. Stop the Spectrum™ Technology Platform server.
2. Open the following file in a text editor:
SpectrumFolder\server\app\conf\spectrum-advanced.properties
3. Change the following property from true to false:
spectrum.cache.control.headers.enable=false
4. Save and close the properties file.
5. Start the Spectrum™ Technology Platform server.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
22
3 - Managing Security
The Location Intelligence Module uses the same role-based security model
that is used for the Spectrum™ Technology Platform. Because security is
handled at the platform level, the Management Console can be used to
manage all Location Intelligence Module security activities.
In this section
Security for the Spectrum™ Technology Platform
Security for the Location Intelligence Module
24
47
Managing Security
Security for the Spectrum Technology Platform
™
The topics in this section cover the security model and procedures at the platform level that pertain
to all modules. See Security for the Location Intelligence Module on page 47 for additional
security information that is specific to that module.
Security Model
Spectrum™ Technology Platform uses a role-based security model to control access to the system.
The following diagram illustrates the key concepts in the Spectrum™ Technology Platform security
model:
A user is an account assigned to an individual person which the person uses to authenticate to
Spectrum™ Technology Platform, either to one of the client tools such as Enterprise Designer or
Management Console, or when calling a service through web services or the API.
A user has one or more roles assigned to it. A role is a collection of permissions that grant or deny
access to different parts of the system. Roles typically reflect the kinds of interactions that a particular
type of user has with the system. For example, you may have one role for dataflow designers which
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
24
Managing Security
grants access to create and modify dataflows, and another role for people who only need to process
data through existing dataflows.
A role grants permissions to secured entity types. A secured entity type is a category of items to
which you want to grant or deny access. For example, there is a secured entity type called "Dataflows"
which controls the default permissions for all dataflows on the system.
If you need to fine-tune access you can optionally override the settings in the role or user by
configuring access control. Access control settings work in conjunction with roles to define the
permissions for a user. Roles define the permissions for categories of entities, such as all dataflows
or all database resources, and access control settings define the permissions for specific entities,
called secured entities. Examples of secured entities include specific jobs or specific database
connections. Defining access control settings is optional. If you do not define access control settings,
the permissions defined in the role will control the user's permissions.
Access control settings work in conjunction with roles to define the permissions for a user. Roles
define the permissions for categories of entities, such as all dataflows or all database resources,
and access control settings define the permissions for specific entities, called secured entities.
Examples of secured entities include specific jobs or specific database connections. For example,
you may have a role that has granted the Modify permission to the secured entity type "Dataflows",
but you may want to prevent users from modifying one specific dataflow. You could accomplish this
by using access control to remove the Modify permission for the specific dataflow you do not want
modified. You can specify access control settings for users and roles. Access control settings for a
user override that specific user's permissions as granted by the user's roles. Access control settings
for roles apply to all users who have that role.
Users
Spectrum™ Technology Platform user accounts control the types of actions users can perform on
the system. User accounts are required to:
•
•
•
•
Use Management Console or Enterprise Designer
Run jobs on a schedule
Run jobs from the command line
Access services through web services or the API
There is an administrative account called admin that comes with the system. This account has full
access. The initial password is "admin".
Important: You should change the admin password immediately after installing Spectrum™
Technology Platform to prevent unauthorized administrative access to your system.
In addition to these default accounts you can create as many user accounts as your business
requires.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
25
Managing Security
Adding a User
This procedure describes how to create a Spectrum™ Technology Platform user account and assign
a role to the account.
1. Open the Management Console.
2. Expand Security then click Users.
3. Go to System > Security.
4. Click Add.
The New User window appears.
5. Click the Add button
.
6. Leave the Enable user box checked if you want this user account to be available for use.
7. Leave the Enabled switch set to On if you want this user account to be available for use.
8. Enter the user name in the User name field.
Note: User names can only contain ASCII characters.
9. Enter the user's password in the Password field.
10. Reenter the user's password in the Confirm password field.
11. Enter the user's email address in the Email address field. The email address is used by some
modules to send notifications to users.
12. Enter a description of the user in the Description field.
13. Enter the user's password in the Password field.
14. Reenter the user's password in the Confirm password field.
15. Select the roles you want to give to this user.
16. Click OK.
17. Click Save.
Changing a Password
This procedure describes how to change a user's password.
1. Open the Management Console.
2. Expand Security then click Users.
3. Go to System > Security.
4. Select a user and click Modify.
The User Properties window appears.
5. Select a user then click the Edit button
.
6. Click Change password.
7. Enter the new password and enter it a second time to confirm it.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
26
Managing Security
8. Click OK.
9. Click Save.
Setting a Minimum Password Length
The minimum password length is enforced when creating or changing a password. Existing passwords
that are shorter than the minimum length will continue to be valid.
1. Open a web browser and go to http://<server>:<port>/jmx-console
Where:
<server> is the IP address or hostname of your Spectrum™ Technology Platform server.
<port> is the HTTP port used by Spectrum™ Technology Platform. The default is 8080.
2. Log in using the admin account.
3. Under " Domain: com.pb.spectrum.platform.config", click
com.pb.spectrum.platform.config:manager=AccountConfigurationManager.
4. In the updatePasswordPolicy operation, set the enableAdvanceControl option to True.
5. In the minLength field, enter the minimum password length.
6. Click Invoke.
7. Click Return to MBean View to go back to the Account Configuration Manager screen.
Changing Your Email Address
The email address associated with your user account is used by some modules to send you
notifications. To change your email address, follow these steps.
1. Log in to Management Console.
2. Click the user menu in the top right corner.
3. Select Profile.
4. In the Email field, enter your new email address.
5. Click Save.
Disabling a User Account
You can disable a user account so that it cannot be used to gain access to Spectrum™ Technology
Platform. Any jobs that run on a schedule using a disabled user account will not run.
Note: The user account "admin" cannot be disabled.
1. Open the Management Console.
2. Go to System > Security.
3. Check the box next to the user you want to modify then click the Edit button
.
4. Switch the Enabled switch to Off.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
27
Managing Security
5. Click Save.
The user account is now disabled and cannot be used to gain access to Spectrum™ Technology
Platform.
Deleting a User
This procedure describes how to permanently delete a Spectrum™ Technology Platform user
account.
Tip: User accounts can also be disabled, which prevents the account from being used to access
the system without deleting the account.
1. Open the Management Console.
2. Expand Security then click Users.
3. Go to System > Security.
4. From the User Management screen, select the user you want to delete and click Delete.
Note: The user account "admin" cannot be deleted.
5. Check the box next to the user you want to delete then click the Delete button
.
Note: The user account "admin" cannot be deleted.
User Account Locking
As a security precaution, user accounts are disabled after five unsuccessful authentication attempts
in row. This includes unsuccessful authentication attempts to Enterprise Designer, Management
Console, web services, and the Client API.
As an administrator, you can re-enable a user account by logging into Management Console, editing
the user, and switching the Enabled switch to On. User accounts can also be re-enabled using the
Administration Utility. Users do not have the ability to unlock their own accounts.
Note: If you are using LDAP or Active Directory for authentication, the account locking rules of
these services will apply. Your LDAP or Active Directory rules may allow more or fewer
unsuccessful login attempts than Spectrum™ Technology Platform.
Unlocking the admin Account
User accounts are locked after several unsuccessful login attempts. Most user accounts can be
unlocked through Management Console, but the admin account cannot. Instead, you must run a
script on the server to unlock the admin account.
1. Log in to the server running Spectrum™ Technology Platform.
If you are running Spectrum™ Technology Platform in a cluster, log in to any of the nodes. You
only need to run the unlock script on one of the nodes.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
28
Managing Security
2. Open a command prompt and go to the Spectrum Folder\server\bin folder.
3. Run the enableadmin script:
enableadmin -h HostAndPort -p AdminPassword [-s]
Where:
HostAndPort
The hostname and HTTP port used by Spectrum™ Technology Platform.
For example, spectrumserver:8080.
AdminPassword
The password for the admin account. If you do not know the admin
account password and the admin account is locked, contact Pitney Bowes
Technical Support.
-s
Specify -s if Spectrum™ Technology Platform is configured to use SSL.
LDAP and Active Directory Integration
Spectrum™ Technology Platform supports the use of an LDAP or Active Directory server for
authentication. This enables you to use existing credentials to log in rather than having to use
separate credentials created in Spectrum™ Technology Platform. If you are interested in using an
LDAP or Active Directory server for authentication, contact Pitney Bowes Professional Services.
Automatic Logout Due to Inactivity
Users of Enterprise Designer and web clients such as Management Console, the Relationship
Analysis Client, Business Steward Portal, and others are automatically logged out after 30 minutes
of inactivity.
Roles
A role is a collection of permissions that grant or deny access to different parts of the system. Roles
typically reflect the kinds of interactions that a particular type of user has with the system. For
example, you may have one role for dataflow designers which grants access to create and modify
dataflows, and another role for people who only need to process data through existing dataflows.
The following roles are predefined:
admin
This role has full access to all parts of the system.
designer
This role is for users that create dataflows and process flows in Enterprise
Designer. It provides the ability to design and run dataflows.
integrator
This role is for users who need to process data through Spectrum™ Technology
Platform but does not need to create or modify dataflows. It allows the user to
access services through web services and the API, and to run batch jobs.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
29
Managing Security
spatial-admin
This role is available only when the Location Intelligence Module module is
installed. It provides full access to named resources for this module when using
spatial services. (Additional access is required to manage spatial resources using
Management Console. See Security for the Location Intelligence Module on
page 47 for more information.)
spatial-user
This role is available only when the Location Intelligence Module module is
installed. It provides read-only access to named resources for this module when
using spatial services. (Additional access is required to view spatial resources
using Management Console. See Security for the Location Intelligence Module
on page 47 for more information.)
user
This is the default role. It provides no access to the system. Users who have this
role will only gain access to the system if you grant permission through secured
entity overrides.
To view the permissions granted to each of these roles, open Management Console, go to Security
and click Roles. Then select the role you want to view and click View.
Tip: You cannot modify the predefined roles. However, you can create new roles using the
predefined roles as a starting point.
Creating a Role
A role is a collection of permissions that you assign to a user. If the predefined roles that come with
Spectrum™ Technology Platform do not fit your organization's needs, you can create your own
roles.
1. Open Management Console.
2. Browse to Security then expand Roles.
3. Go to System > Security.
4. Click Roles.
5. Click Add.
6. Click the Add button
.
Tip: If you want to create a role that's similar to an existing role, you can make a copy of the
existing role by checking the box next to the role you want to copy then clicking the Copy
button
. Then, edit the new role and continue with the following steps.
7. In the Role field, enter the name you want to give to this role.In the Role name field, enter the
name you want to give to this role. The name can be anything you choose.
8. If you want to use one of the predefined roles as a starting point for your new role, check the
Copy from box then select the role that you want to use as a starting point. The predefined role's
permissions are selected for you.
9. Optional: Since the list of secured entity types can be long, you may want to display only a certain
group of secured entity types. This can be useful if you want to apply the same permissions to
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
30
Managing Security
all entities in a group. For example, if you want to remove the Modify permission from all database
resources, you could filter to show just the Database Resources group. To display and modify
only one group:
a) Check the Enable group filtering box.
b) Click the funnel icon in the header of the Group column and select the group you want to
display.
c) Check or clear the box in the column header of the permission you want to apply.
d) To return to the full list of secured entity types, click the filter icon and select (All) then clear
the Enable group filtering box.
10. Select the permissions you want to grant for each entity type. The permissions are:
View
Allows the user to view entities contained by the entity type. For example, if you
allow the View permission for the JDBC Connection entity type, users with this
role would be able to view database connections in Management Console.
Modify
Allows the user to modify entities contained by the entity type. For example, if you
allow the Modify permission for the JDBC Connection entity type, users with this
role would be able to modify database connections in Management Console.
Create
Allows the user to create entities that fall into this entity type's category. For
example, if you allow the Create permission for the JDBC Connection entity type,
users with this role would be able to create new database connections in
Management Console.
Delete
Allows the user to delete entities contained by the entity type. For example, if you
allow the Delete permission for the JDBC Connection entity type, users with this
role would be able to delete database connections in Management Console.
Execute
Allows the user to initiate processing of jobs, services, and process flows. For
example, if you allow the Execute permission for the Job entity type, users with
this role would be able to run batch jobs. If you allow the Execute permission for
the Service entity type, users with this role would be able to access services running
on Spectrum™ Technology Platform through the API or web services.
11. Click OK.
12. Click Save.
The role is now available to be assigned to a user.
Deleting a Role
A role may be deleted if it is no longer assigned to any users.
Note: The following roles cannot be deleted: admin, user, designer, and integrator.
1. Open Management Console.
2. Expand Security and click Roles.
3. Go to System > Security.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
31
Managing Security
4. On the Users tab, make sure the role you want to delete is not assigned to any users. You cannot
delete a role if it assigned to a user.
5. Click Roles.
6. Check the box next to the role you want to delete then click the Delete button
.
7. Click the role you want to delete.
8. Click Delete.
Disabling Role-Based Security
Role-based security is enabled by default. This means that the security restrictions assigned to
users through roles are enforced. If you want to disable role-based security, the security restrictions
assigned to users will not be enforced and all users will be able to access all parts of the system.
Note that a valid user account is always required to access services even if you disable role-based
security.
This procedure describes how to disable role-based security.
Warning: If you follow this procedure all users will have full access to your Spectrum™ Technology
Platform system.
1. Open the Management Console.
2. Expand Security then click Options.
3. Go to System > Security.
4. Clear the Limit access according to user permissions check box.
5. Switch the Limit access by role switch to Off.
Secured Entity Types - Platform
An entity type is a category of items to which you want to grant or deny access. For example, there
is an entity type called "Dataflows" which controls permissions for all dataflows on the system.
Platform entity types apply to all Spectrum™ Technology Platform installations, as compared to
module-specific entity types that apply only if you have installed particular modules. The platform-level
entity types are:
Audit Log
Controls access to the System > Logs > Audit Log area in
Management Console.
Dataflows
Controls access to all dataflow types (jobs, services, and subflows)
in Enterprise Designer.
Note: If a user does not have the Edit permission, the user will only
see the exposed version and the last saved version in the
Versions pane in Enterprise Designer.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
32
Managing Security
Dataflows - Expose
Controls the ability to make dataflows available for execution.
Note: In order to expose the latest saved version of the dataflow
(the version that's always at the top of the Versions pane in
Enterprise Designer) the user must have the Edit permission
for the Dataflows secured entity type in addition to the Edit
permission for the Dataflows - Expose secured entity type.
This is because the latest saved version must first be saved
as a version before it can be exposed, which requires the Edit
permission for the dataflow.
Flow Defaults - Data Type Controls access to the Flows > Defaults > Data Type Conversions
Conversion
area in Management Console. All users have View access to data
type conversion options. You cannot remove View access.
Flow Defaults - Malformed Controls access to the Flows > Defaults > Malformed Records area
Records
in Management Console. All users have View access to malformed
record options. You cannot remove View access.
Flow Defaults - Reports
Controls access to the Flows > Defaults > Reports area in
Management Console. All users have View access to report options.
You cannot remove View access.
Flow Defaults - Sort
Performance
Controls access to the Flows > Defaults > Sort Performance area
in Management Console. All users have View access to sort
performance options. You cannot remove View access.
Flow History - Jobs
Controls access to view job execution history in Enterprise Designer
and Management Console.
Flow History - Process
Flows
Controls access to process flow execution history in Management
Console and Enterprise Designer.
Flow History Transactions
Controls access to the Flows > History > Transactions are in
Management Console.
Flow Scheduling
Controls access to the Flow > Schedules area in Management
Console.
Jobs
Controls the ability to execute jobs in Enterprise Designer,
Management Console, job executor, and the Administration Utility.
Notification - License
Expiration
Controls access to configure license expiration notification emails in
Management Console.
Notification - SMTP
Settings
Controls access to the System > Mail Server area in Management
Console.
Process Flows
Controls access to process flows in Enterprise Designer.
Note: If a user does not have the Edit permission, the user will only
see the exposed version and the last saved version in the
Versions pane in Enterprise Designer.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
33
Managing Security
Process Flows - Expose
Controls the ability in Enterprise Designer to make process flows
available for execution.
Note: In order to expose the latest saved version of the process flow
(the version that's always at the top of the Versions pane in
Enterprise Designer) the user must have the Edit permission
for the Process Flows secured entity type in addition to the
Edit permission for the Process Flows - Expose secured
entity type. This is because the latest saved version must first
be saved as a version before it can be exposed, which requires
the Edit permission for the dataflow.
Resources - Database
Connections
Controls the ability to configure database connections in Management
Console.
Resources - External Web Controls access to managing external web services in Management
Services
Console.
Resources - File Server
Connections
Controls the ability to configure file servers in Management Console.
Resources - JDBC Drivers Controls the ability to configure JDBC drivers in Management Console.
Resources - Remote
Server
Controls access to the Resources > Remote Servers area in
Management Console.
Security - Access Control Controls access to access control settings in the System > Security >
Access Control area in Management Console.
Security - Access Token
Controls the ability to view users' tokens and delete tokens. A token
facilitates authentication between a client and the server. Read
permission allows you to see a list of the active tokens, each of which
represent an active session. The Delete permission allows you to
delete users' tokens, which ends their session.
Security - Directory
Access
Controls the ability to enable or disable restrictions on server directory
resources using the System > Security > Directory Access area in
Management Console.
Security - Directory paths Controls the ability to configure server directory resources the
System > Security > Directory Access area in Management
Console.
Security - Options
Controls access to the ability to turn security on and off in the
System > Security > Roles area in Management Console.
Security - Roles
Controls access to role configuration in the System > Security >
Roles area in Management Console.
Security - Directory paths Controls the ability to configure server directory resources the
System > Security > Directory Access area in Management
Console.
Security - Users
Spectrum™ Technology Platform 11.0
Controls access for managing user accounts in the System >
Security > Users area in Management Console.
Spectrum Spatial Administration Guide
34
Managing Security
Services
Controls the ability to execute services through the API and web
services.
Stages
Controls whether exposed subflows are available as a stage in
dataflows in Enterprise Designer.
System - Licensing
Controls access to the license information displayed in the System >
Licensing and Expiration area in Management Console.
System - Version
Information
Controls access to the System > Version area in Management
Console.
System Log
Controls access to the system log in Management Console.
Secured Entity Types - Location Intelligence Module
An entity type is a category of items to which you want to grant or deny access. The Location
Intelligence Module has the following module-specific entity type:
Named Resources
Controls permissions to all named resources in the Location Intelligence Module, including named
maps, named tiles, named tables, and named connections. Users of Location Intelligence Module
services must have at least read permissions for the resources they use as well as for any dependent
resources.
Access Control
Access control settings work in conjunction with roles to define the permissions for a user. Roles
define the permissions for categories of entities, such as all dataflows or all database resources,
and access control settings define the permissions for specific entities, called secured entities.
Examples of secured entities include specific jobs or specific database connections. For example,
you may have a role that has granted the Modify permission to the secured entity type "Dataflows",
but you may want to prevent users from modifying one specific dataflow. You could accomplish this
by using access control to remove the Modify permission for the specific dataflow you do not want
modified. You can specify access control settings for users and roles. Access control settings for a
user override that specific user's permissions as granted by the user's roles. Access control settings
for roles apply to all users who have that role.
Configuring Access Control
Access control settings work in conjunction with roles to define the permissions for a user. Roles
define the permissions for categories of entities, such as all dataflows or all database resources,
and access control settings define the permissions for specific entities, such as specific jobs or
specific database connections.
In order to configure access controls you must have View and Modify permissions to these secured
entity types:
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
35
Managing Security
• Security - Access Control
• Security - Roles
• Security - Users
To configure access control:
1. In Management Console, go to System > Security.
2. Click the Access Control tab.
3. Click the Add
button.
4. Do one of the following:
• If you want to specify access controls for a role, click Role. The access control permissions
you specify will affect all users who have the role you choose.
• If you want to specify access controls for a single user, click User. The access control
permissions you specify will only affect the user you choose.
5. Select the role or user for which you want to define access controls.
6. Click the Add
button.
7. Select the secured entity type that contains the secured entity you want. For example, if you want
to configure access control for a dataflow, choose Platform.Dataflows.
8. Choose the secured entity you want to configure access controls for, then click the >> button to
add it to the Selected Entities list.
9. Click Add.
The secured entities you chose are displayed. The check boxes indicate the permissions in effect
for the selected role or user.
10. Specify the permissions that you want to grant for each secured entity. Each secured entity can
have one of the following permissions:
The permission is inherited from the role.
The permission is inherited from the role and cannot be overridden.
The permission is granted, overriding the permission specified in the user or role.
The permission is denied, overriding the permission specified in the user or role.
Access Control Example
The following shows access control settings for the role RetentionDepartmentDesigner.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
36
Managing Security
In this example, the Platform.Dataflow secured entity type is set to allow the View
and Modify permissions but not the Delete permission. So by default, any user that
has the RetentionDepartmentDesigner role would have these permissions for all
dataflows. However, you want to prevent users with this role from modifying the
ExampleJob1 dataflow only. So, you clear the checkbox in the Modify column for
ExampleJob1. Now users with this role will not be able to modify this dataflow but
will still be able to modify other dataflows.
Deleting Access Control Settings
When you delete access control settings for a user or role, the permission overrides defined by the
access control settings are removed from the user or role. For users, this means that the permissions
granted by the user's role will take effect without any overrides. For roles, this means that the
permissions defined in the role itself will take effect without overrides.
1. Open Management Console.
2. Go to System > Security.
3. Click Access Control.
4. Check the box next to the user or role for whom you want to remove access control then click
the Delete button
.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
37
Managing Security
Limiting Server Directory Access
Enterprise Designer users have the ability to access the Spectrum™ Technology Platform server's
folders and files when creating and running dataflows. For example, users can browse the server
when selecting an input or output file in a source or sink stage. As an administrator, you may want
to restrict Enterprise Designer access so that sensitive portions of the server cannot be browsed or
modified. You can prevent all access to the server's file system by making sure that users do not
have the Platform security permission Security - Directory Paths. Or, you can allow access to
some server directories but not others. The folders you allow access to appear as the top-level
folders in users' file browse windows. For example, if you allow users to only access a folder on the
server named WestRegionCustomers, when users browse the server they would only see that folder,
as shown here:
Note: Restricting access to the server's file system only affects Enterprise Designer users. It does
not limit access to folders when performing administrative tasks in Management Console
such browsing for database files when defining database resources.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
38
Managing Security
To provide limited access to the server's file system, follow this procedure.
1. Open Management Console.
2. Under Resources, select Server Directory Access.
3. Go to System > Security.
4. Click Directory Access.
5. Click Add.
6. Click the Add button
.
7. In the Name field, give a meaningful name for the folder to which you are granting access.
The name you provide here appears as the root name of the directory to users when browsing
the server. In the example shown at the beginning of this topic, the name given to the acessible
directory is WestRegionCustomers.
8. In the Path field, specify the folder to which you want to grant access. Users will be able to access
all file and subfolders contained in the folder you specify.
9. Click OK.
10. Click Save.
11. If you want to grant access to additional folders, repeat the previous steps as needed.
12. Enforce the restrictions by checking the Restrict server directory access box.Enforce the
restrictions by setting the Limit access to server directories switch to On.
Users now have access only to the folders you have specified. Note that users must have the
Platform security permission Security - Directory Paths in order to access server directories.
Note: If there are any dataflows that had previously accessed files that are no longer available
because of file browsing restrictions, those dataflows will fail.
Configuring HTTPS Communication
By default the Spectrum™ Technology Platform server uses HTTP for communication with Enterprise
Designer and Management Console, as well as web service, API calls, and remote server
communication. You can configure Spectrum™ Technology Platform to use HTTPS if you want to
secure these network communications.
1. Stop the Spectrum™ Technology Platform server.
• To stop the server on Windows, right-click the Spectrum™ Technology Platform icon in the
Windows system tray and select Stop Spectrum™. Alternatively, you can use the Windows
Services control panel and stop the Pitney Bowes Spectrum™ Technology Platform service.
• To stop the server on Unix or Linux, source the SpectrumLocation/server/bin/setup
script then execute the SpectrumLocation/server/bin/server.stop script.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
39
Managing Security
2. Create a certificate signed by a trusted CA and load it into a JSSE keystore. For more information,
see www.eclipse.org/jetty/documentation/current/configuring-ssl.html.
3. Create an XML file named spectrum-override-container-ssl.xml containing the following:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.0.xsd">
<bean id="defaultWebServerConnector"
class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="webServer"/>
<constructor-arg>
<bean class="org.eclipse.jetty.util.ssl.SslContextFactory">
<property name="keyStorePath"
value="/SpectrumKeystore"/>
<property name="keyManagerPassword" value="password"/>
<property name="keyStorePassword" value="password"/>
</bean>
</constructor-arg>
<property name="host" value="${spectrum.bind.address}"/>
<property name="port" value="${spectrum.http.port}"/>
<property name="idleTimeout" value="-1"/>
</bean>
</beans>
4. Modify the following lines as needed to reflect your environment:
<property name="keyStorePath"
value="/SpectrumKeystore"/>
Modify the value to be the path to the keystore
you are using. This example assumes the
keystore in the root of the drive on which the
Spectrum™ Technology Platform server is
installed.
<property name="keyManagerpassword" Modify the value to be the password to the
keystore.
value="password"/>
<property name="keyStorePassword"
value="password"/>
Modify the value to be the password to the key
within the keystore.
5. Save the spectrum-override-container-ssl.xml file to
SpectrumLocation/server/app/conf/spring.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
40
Managing Security
6. Using a text editor, open the file spectrum-container.properties located in
SpectrumLocation/server/app/conf. Uncomment and set the following properties:
spectrum.http.port=port
spectrum.runtime.port=port
spectrum.runtime.hostname=dnsname
Where port is the network port to use for communication with the clients (for example 8443) and
dnsname is the hostname of the Spectrum™ Technology Platform server. The port you specify
must be the same for both spectrum.http.port and spectrum.runtime.port.
7. If you are configuring HTTPS communication for the Location Intelligence Module and Spectrum
Spatial services, you must perform additional configuration prior to restarting the Spectrum™
Technology Platform server:
a) Modify the java.properties file (SpectrumLocation\server\modules\spatial) by
changing all hostnames and ports to be exactly the same as the ones used for the Spectrum™
Technology Platform server. The hostname must match the DNS name of the server and the
CN in the certificate. Set property repository.useSecureConnection to true. For example:
images.webapp.url=https://www.spectrum.com:8443/Spatial/images
thumbnail.location=https://www.spectrum.com:8443/Spatial/Thumbnails
repository.host=www.spectrum.com
repository.port=8443
repository.useSecureConnection=true
b) Modify the service configuration files
(SpectrumLocation\server\modules\spatial\Configuration) by changing all
repository URLs to use https and the hostname and port defined in the previous step. For
example, https://www.spectrum.com:8443/RepositoryService/rmi. Also, change
these URLs in the value of the elements listed for the services:
MappingConfiguration – <AccessBaseURL>
WFSConfiguration, WMSConfiguration - <OnlineResource>, <ResourceRoot>
8. Start the Spectrum™ Technology Platform server.
• To start the server on Windows, right-click the Spectrum™ Technology Platform icon in the
Windows system tray and select Start Spectrum™. Alternatively, you can use the Windows
Services control panel to start the Pitney Bowes Spectrum™ Technology Platform service.
• To start the server on Unix or Linux, execute the
SpectrumLocation/server/bin/server.start script.
9. If you are configuring HTTPS communication for the Location Intelligence Module and Spectrum
Spatial services, upload the modified files into the Repository using WebDAV (see Using
WebFolders to Access Spectrum Spatial Repository Resources on page 15 for instructions).
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
41
Managing Security
Web Service Authentication
Spectrum™ Technology Platform web services require requesters to authenticate with valid user
credentials. There are two methods for authenticating: Basic authentication and token-based
authentication.
Basic Authentication
With Basic authentication, the user ID and password are passed to Spectrum™ Technology Platform
in the HTTP header of each request to the web service. Basic authentication is allowed by default,
but your administrator may choose to disable Basic authentication. If Basic authentication is disabled
you must use token-based authentication to access web services.
Token-Based Authentication
With token-based authentication, the requester obtains a token from the Spectrum™ Technology
Platform server, then uses the token when sending a request to the web service. Instead of sending
user credentials in each request, the token is sent to the server and the server determines if the
token is valid.
The following diagram illustrates the process:
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
42
Managing Security
1. Obtain a token from the Spectrum™ Technology Platform server by sending a request to the
token manager service.
2. The token manager service issues a token. If you requested a session token it also issues a
session ID.
3. Send a request to the desired web service with the token in the HTTP header. For session tokens,
include the session ID in the HTTP header.
4. The web service issues a response. You can use the token to make additional web service
requests to either the same web service or any other web service on the Spectrum™ Technology
Platform server. There is no limit to the number of web service requests you can make with a
token, but if the token has an expiration limit (also known as a time-to-live) it will become invalid
after the time-to-live has elapsed. If the token is a session token, it will become invalid after 30
minutes of inactivity.
5. When the token is no longer needed you should log out by sending a request to the token logout
web service. This will remove the token from the list of valid tokens on the Spectrum™ Technology
Platform server.
Disabling Basic Authentication for Web Services
Spectrum™ Technology Platform supports two types of authentication for web service requests:
Basic authentication and token authentication. By default, both methods are enabled. If you want
to require web service requests to use token authentication instead of Basic authentication, you can
disable Basic authentication by following these steps.
Note: Be aware that disabling Basic authentication will cause existing clients to fail. For the Location
Intelligence Module, WMS and WFS clients will either be expecting Basic authentication or
no authentication. Leaving only token-based authentication will likely cause those clients to
fail.
1. Stop the Spectrum™ Technology Platform server.
2. Open this file in a text editor:
SpectrumLocation/server/app/conf/spectrum-container.properties
3. Set this property to false:
spectrum.security.authentication.webservice.basicauth.enabled=false
4. Start the server.
Disabling Authentication for Web Services
All services and access to resources used by the Spectrum™ Technology Platform are configured,
by default, with authentication turned on.
Service-level authentication can be disabled for all SOAP or REST web services (or both) at the
platform level. This is useful if you have your own high-level authentication built into the solution
that is using, for example, the Location Intelligence Module services.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
43
Managing Security
To disable authentication for web services on the Spectrum™ Technology Platform :
1. Stop the Spectrum™ Technology Platform server.
2. Open the following file in a text editor:
SpectrumLocation\server\app\conf\spectrum-container.properties
3. Change the value of each property as needed. For example, to disable authentication for all
SOAP services:
spectrum.security.authentication.webservice.enabled.REST=true
spectrum.security.authentication.webservice.enabled.SOAP=false
Note: For the Location Intelligence Module, REST services also include OGC web services.
4. Save and close the properties file.
5. Start the Spectrum™ Technology Platform server.
Once finished, authentication is turned off for the type of web services that you specified.
Enabling CORS
Cross-Origin Resource Sharing (CORS) is a W3C standard that allows data sharing between
domains. CORS enables web applications running in one domain to access data from another
domain. By enabling CORS on your Spectrum™ Technology Platform server, you can allow web
applications hosted in another domain to access Spectrum™ Technology Platform web services.
For example, say you have a web application hosted at webapp.example.com. This web application
contains a JavaScript function that calls a Spectrum™ Technology Platform web service hosted at
spectrum.example.com. Without CORS, you would need to use a proxy server to facilitate this
request, which would add complexity to your implementation. With CORS, you do not need to use
a proxy server. Instead, you can designate webapp.example.com as an "allowed origin", thus
permitting Spectrum™ Technology Platform to respond to web service requests that originate from
the domain webapp.example.com.
To enable CORS on your Spectrum™ Technology Platform server:
1. Stop the Spectrum™ Technology Platform server.
2. Open this file in a text editor:
SpectrumLocation/server/app/conf/spectrum-advanced.properties
3. Edit the following parameters.
spectrum.jetty.cors.enabled
Set this property to true to enable CORS. The default is false.
spectrum.jetty.cors.allowedOrigins
A comma separated list of origins that are allowed to access resources on the
Spectrum™ Technology Platform server. The default value is
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
44
Managing Security
http://localhost:8080,http://localhost:443, which allows access to resources using the
default HTTP port 8080 and the default SSL port of 443.
If an allowed origin contains one or more asterisks ("*"), for example
http://*.domain.com, then asterisks are converted to .* and dots characters (".") are
escaped to "\." and the resulting allowed origin is interpreted as a regular expression.
Allowed origins can therefore be more complex expressions such as
https?://*.domain.[a-z]{3} that matches http or https, multiple subdomains and any
three-letter top-level domain (.com, .net, .org, etc.).
spectrum.jetty.cors.allowedMethods
A comma separated list of HTTP methods that are allowed to be used when accessing
resources on the Spectrum™ Technology Platform server. The default value is
POST,GET,OPTIONS,PUT,DELETE,HEAD.
spectrum.jetty.cors.allowedHeaders
A comma separated list of HTTP headers that are allowed when accessing resources
on the Spectrum™ Technology Platform server. The default value is X-PINGOTHER,
Origin, X-Requested-With, Content-Type, Accept. If the value is a single asterisk
("*"), all headers will be accepted.
spectrum.jetty.cors.preflightMaxAge
The number of seconds that preflight requests can be cached by the client. The
default value is 1800 seconds, or 30 minutes.
spectrum.jetty.cors.allowCredentials
Indicates whether the resource allows requests with credentials. The default value
is true.
4. Save and close the file.
5. Start the Spectrum™ Technology Platform server.
Disabling Host Checks in Token Authentication
In token authentication, the Spectrum™ Technology Platform server examines the token presented
by the client before responding to the request. The server checks the token to see if it has expired,
if it is encrypted correctly, and if it is from the correct host. For session tokens, the server also checks
the session ID. If any of these checks fail, the token is rejected and the server does not respond to
the request.
In a clustered environment, it is possible that requests may be redirected in a way that makes the
request appear to be coming from a different host than is specified in the token, resulting in "invalid
token" errors. For example, say you have a cluster with two nodes as shown here:
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
45
Managing Security
Let's say that the client makes a request and is the request is routed to Node 1. A token is created
and tied to host 2.2.2.2 (the load balancer) since the node views the request as coming from the
load balancer. If the next request from the client is routed to Node 2, the token will still be tied to
host 2.2.2.2 but the request will appear to be coming from the proxy server, 3.3.3.3. In this case the
node will reject the token because it appears that it is not associated with the host making the
request.
In this situation you must configure the Spectrum™ Technology Platform server to ignore the host
information included in the token. This should only be done if you have an environment where there
are different network devices between the load balancer and the nodes. If all nodes are behind the
same network device, there is no need to disable the host check.
Note: If you follow this procedure, client tokens will in effect become open tokens since the host
check will be disabled. Session tokens will continue to be tied to a specific session ID but
not a specific host.
1. Open the following properties file on the Spectrum™ Technology Platform server:
SpectrumLocation/server/app/conf/spectrum-container.properties
2. Set the following property to false.
spectrum.security.authentication.token.remoteClientCheck.enabled=false
3. Save and close the properties file.
4. Repeat this process on all the nodes in the cluster.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
46
Managing Security
Security for the Location Intelligence Module
The Location Intelligence Module uses the role-based security that is used for the Spectrum™
Technology Platform. Because security is handled at the platform level, the Management Console
can be used to manage all Location Intelligence Module security activities. This includes setting
permissions for named resources in addition to managing user accounts (that is, creating, modifying,
and deleting user accounts).
Note: The User Management Service can still be used to set permissions if desired; however,
permissions are stored in the platform and not the repository. The User Management Service
is set to be deprecated in a future release.
Predefined Spatial Roles
After you install the Location Intelligence Module, two predefined roles are available in Management
Console, spatial-admin and spatial-user.
The spatial-admin role provides full permissions (Create/View/Modify/Delete) for all named resources
(named maps, named tiles, named layers, named connections, and named tables), whereas the
spatial-user role provides only View permissions to these resources. These permissions are controlled
using the Location Intelligence Module's secured entity type, Location Intelligence.Named Resources.
Users of Location Intelligence Module services must have at least View permissions for the resources
they use as well as for any dependent resources.
Dataflow designers who require access to named resources need additional permissions beyond
that of the "designer" role. For instructions on creating a spatial dataflow designer, see Creating a
Spatial Dataflow Designer on page 49.
Note: The permission settings in the User Management Service are mapped to the Spectrum™
Technology Platform as follows: Read>View, Modify>Modify, Add>Create, and
Remove>Delete.
Custom Spatial Roles and Access Control Settings
You can create custom roles based on the predefined spatial roles, assign them to user accounts,
then fine-tune access to named resources for those roles and users by applying access control
settings (overrides) to individual named resources or to folders or directories. A typical scenario and
best practice for setting security for the Location Intelligence Module involves creating a role with
no permissions, applying access control settings to that role (for example, allowing modify and delete
permissions for named resources in a specific folder), then assigning that custom role as well as
one of the predefined spatial roles to a user. Another common scenario involves establishing override
permissions for a single user; for example, creating a user account which has view-only permissions
to named resources, then applying access control settings to that user that allow modifying and
deleting of named resources in a specific folder.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
47
Managing Security
Folders
Folder permissions are inherited by the resources and folders underneath as long as those resources
and folders do not have any specific access control settings that override them. This is useful when
you want to set permissions on a set of resources. You can make a folder accessible only to specified
users or roles; other users will not see that folder or anything underneath it. For the Location
Intelligence.Named Resources entity type, all listed resources that end with a forward slash (/) are
folders or directories in the repository.
Permissions at the folder level, however, do not override permissions set at the lower, individual
resource level. For example, if a folder has Create permissions for a specific role or user, but a
single resource in the folder (such as a named table) has an access control setting to View
permissions for that same role or user, the View (read-only) permissions for the single resource
take precedence over the Create permissions for the folder.
Creating a Named Resources Administrator
To manage named resources in the repository using Management Console, a user must have an
assigned role that allows full access to those resources in addition to the access that is provided
by the predefined spatial roles. The predefined spatial roles cannot be modified and a predefined
"Named Resources Administrator" role is not provided by the Spectrum™ Technology Platform;
however, you can create such a role using a predefined spatial role as a base.
1. Open Management Console.
2. Go to System > Security.
3. Click Roles.
4. Check the box next to either the spatial-admin or spatial-user role to use as a starting point then
click the Copy button . The spatial-admin role provides View, Modify, Create, and Delete
permissions for the Location Intelligence Module.Named Resources secured entity type; the
spatial-user role provides View permissions.
5. In the Role name field, enter the name you want to give to this role (for example,
"resource-admin").
6. Set additional permissions as follows for these secured entity types:
Database Resources:
• Centrus Database Resources to View/Modify/Create/Delete/Execute (if required)
• Enterprise Routing to View/Modify/Create/Delete/Execute (if required)
Platform:
•
•
•
•
Resources - File Servers to View
Resources - JDBC Drivers to View
Services to View/Modify/Execute
System - Version Information to View
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
48
Managing Security
7. Click Save to save the new resource-admin role.
8. Click Users.
9. Either select an existing user and click the Edit button
to create a new user.
to modify it, or click the Add button
10. Assign the new "resource-admin" role to the user account to allow it to manage named resources
in Management Console.
The user now has the access required to manage named resources in Management Console.
Creating a Spatial Dataflow Designer
To create dataflows for Location Intelligence Module stages and services, a user must have both
the designer and spatial-user roles assigned. The spatial-user role provides View access to named
resources under the Location Intelligence.Named Resources secured entity type. The designer role
provides the necessary access to Platform secured entity types such as Dataflows.
1. In the Management Console, go to System > Security.
2. Either select an existing user and click the Edit
new user.
button, or click the Add button
to create a
3. In the Roles section, assign both the designer and spatial-user roles to the user account.
The user now has permission to view named resources and design dataflows using those resources
for Location Intelligence Module stages and services.
Limiting WebDAV Access to the Repository
WebDAV is used as a protocol to access resources within the Spectrum Spatial repository. By
default, accessing the repository using WebDAV is not restricted to a particular server, rather open
to all servers that can access the repository. You can restrict access to particular servers by modifying
the spatial java property file. You can do this by adding the following property that includes a list of
hostnames (IPs) that WebDAV is open to (comma separated). A Spectrum™ Technology Platform
server restart is required after the change.
To limit repository access using WebDAV:
1. Open the modules/spatial/java.properties file in an editor.
2. Add the following property to the file.
repository.accesscontrol.allows=
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
49
Managing Security
3. Include a list of IP addresses that you want to allow WebDAV access. Multiple servers can be
added using a comma separated list of IP addresses. Leaving the property empty disables all
access using WebDAV for all servers except the machine where Spectrum™ Technology Platform
is installed.
repository.accesscontrol.allows=192.168.2.1,192.168.2.2
4. Restart the server.
Once finished, WebDAV access is limited for the repository.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
50
4 - Monitoring Your
System
In this section
Viewing System Events
Spatial Logging
Configuring a Mail Server
Selecting Items for Expiration Notification
Viewing Version Information
Viewing and Exporting License Information
Monitoring Performance with the JMX Console
Monitoring Memory Usage
52
53
55
56
57
57
58
59
Monitoring Your System
Viewing System Events
The system log displays messages from the Spectrum™ Technology Platform server's wrapper log.
These messages include information about server operations as well as requests made to services
from the API and through web services. View the system log when you experience trouble and are
looking for information about possible causes.
If you are running Spectrum™ Technology Platform in a cluster, the system log that you will get will
be the one from the node you happen to be connected to. You can view the system log for a specific
node by using a text editor to open this file on the node you want:
ServerLocation\server\app\repository\logs\wrapper.log.
1. Open the Management Console.
2. Go to System > Logs.
3. Click the Download icon
to download the system log file.
4. Open the downloaded file in a text editor.
Setting Logging Levels for Services
You can specify the default logging level as well as logging levels for each service on your system.
When you change logging levels the change will not be reflected in the log entries made before the
change.
Note: The logging levels you specify for services do not affect the audit log. They only control the
level of logging for the event log which you can view in Management Console. At this time
you cannot view the event log in the web version of Management Console.
1. Open the Management Console.
2. Expand Event Log then click Options.
3. Go to System > Logs
4. In the System default logging level field, select a default event logging level for services on
your system.
Disabled
No event logging enabled.
Disabled
Fatal
Fatal
Minimal logging. Only fatal errors are logged. Fatal errors are those that
make the system unusable.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
52
Monitoring Your System
Error
Error
Warn
Warn
Info
Info
Debug
Debug
Trace
Trace
Errors and fatal errors are logged. Errors indicate an isolated problem that
causes part of the system to become unusable. For example, a problem
that causes a single service to not work would generate an error.
Event warnings, errors, and fatal errors are logged. Warnings indicate
problems that do not stop the system from working. For example, when
loading a service where a parameter has an invalid value, a warning is
issued and the default parameter is used. During the use of a service, if
results are returned but there is a problem, a warning will be logged.
High-level system information is logged. This is the most detailed logging
level suitable for production. Info events are typically seen during startup
and initialization, providing information such as version information and
which services were loaded.
A highly detailed level of logging, suitable for debugging problems with the
system.
The most detailed level of logging, tracing program execution (method entry
and exit). It provides detailed program flow information for debugging.
Each logging level includes the ones above it on the list. In other words, if Warning is selected
as the logging level, errors and fatal errors will also be logged. If Info is selected, informational
messages, warnings, errors, and fatal errors will be logged.
Note: Selecting the most intensive logging level can affect system performance. Therefore, you
should select the least intensive setting that meets your particular logging requirements.
5. If you want to specify different logging levels for each service choose the logging level you want.
Spatial Logging
The logback.xml file allows you to control on logging behavior, such as sending output to a log file
instead of by default sending it to the console which redirects to the wrapper.log. You can also set
the log level to turn off logging altogether or log only fatal errors, for example.
Default logback file
(<Installed>\Pitney Bowes\Spectrum\server\modules\spatial\logback.xml)
<?xml version="1.0" encoding="UTF-8"?>
<!-===================================================================================
-->
<!-- Logger configuration for remote components
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
53
Monitoring Your System
-->
<!--->
<!-- log to console, redirected to Platform log
(server\app\repository\logs\wrapper.log) -->
<!-- log to files, redirected to (server\modules\spatial\spatial.XXX.log)
-->
<!--->
<!-- for general information about the configuration file, check out
the logback manual -->
<!-- at http://logback.qos.ch/manual/configuration.html
-->
<!-===================================================================================
-->
<configuration>
<appender name="CONSOLE-SPATIAL"
class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>[Spatial] - [%thread] %-5level %logger{35} - %msg%n</pattern>
</encoder>
</appender>
<!--appender name="FILE-SPATIAL"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${g1.server.modules.dir}/spatial/${component.name}.log</file>
<encoder>
<pattern>%d [%thread] %-5level %logger{35} - %msg%n</pattern>
</encoder>
<append>true</append>
<triggeringPolicy
class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>10MB</maxFileSize>
</triggeringPolicy>
<rollingPolicy
class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>${component.name}.log.%i</fileNamePattern>
<maxIndex>1</maxIndex>
</rollingPolicy>
</appender-->
<!-- Level: OFF, ERROR, WARN, INFO, DEBUG -->
<logger name="com.mapinfo.midev" level="INFO" additivity="false">
<appender-ref ref="CONSOLE-SPATIAL"/>
<!-- appender-ref ref="FILE-SPATIAL"/ -->
</logger>
</configuration>
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
54
Monitoring Your System
Option
Values
Level
•
•
•
•
•
Output
• CONSOLE-SPATIAL –sends log information to the JMX Console
[default]
• FILE-SPATIAL–sends log information to a log file based on
component (no longer applicable - Spectrum Spatial has a single
remote component)
OFF–turn off logging
ERROR–log runtime or unexpected errors
WARN–log warnings only; for example, using a deprecated API
INFO–log runtime events such as startup or shutdown [default]
DEBUG–log detailed debugging information
Configuring a Mail Server
Spectrum™ Technology Platform can send email alerts to notify you of important events. Email
notifications can be sent as a result of conditions within dataflows and process flows, and when
time-based licenses, databases, and other items are about to expire.
Spectrum™ Technology Platform does not have a built-in mail server, so in order to enable email
notification you must configure it to use an external SMTP server.
1. Open the Management Console.
2. Go to System > Notification.
3. Go to System > Mail Server.
4. In the Host field, enter the host name or IP address of the SMTP server you want to use to send
email notifications.
5. In the Port field, enter a port number or range to use for network communication between the
Spectrum™ Technology Platform server and the SMTP server.
The default port is 25.
6. In the User name and Password fields, enter the credentials that the Spectrum™ Technology
Platform server should use to authenticate with the SMTP server.
7. Reenter the password for logging on to the SMTP server in the Confirm Password field.
8. In the From address field, enter the email address from which notification e-mail will be sent.
9. To confirm that you have correctly configured a mail server, you can send a test email. Enter the
email address you want to send the test to in the Test address field then click Test.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
55
Monitoring Your System
10. Click Save.
The Spectrum™ Technology Platform server is now connected to an SMTP server and can use that
server to send notification email.
Example: Configuring a Mail Server
You have an SMTP server named mail.example.com. You want to use this mail
server to handle email notifications sent from the Spectrum™ Technology Platform
server. You have created an account on the SMTP server called Spectrum123 with
a password of Example123, and the email address for this account is
spectrum.notification@example.com.
To configure notification with this information, you would complete the fields as follows:
Host
mail.example.com
From address
spectrum.notification@example.com
User name
Spectrum123
Password
Example123
Selecting Items for Expiration Notification
Spectrum™ Technology Platform can send an email notification when a license, database, or software
component is about to expire. This allows you to take the necessary action to ensure that your
business processes are not disrupted by an expiration. Some of the components that have expiration
dates include:
• Licenses
• Databases, such as U.S. postal databases used for CASS processing
• Certain software components, such as the engine used to validate U.S. addresses in the Universal
Addressing Module
Tip: To view the items that have expiration dates, open Management Console, expand System
and click Expiration.
Tip: To view the items that have expiration dates, open Management Console and go to System >
Licensing and Expiration.
Note: Email notifications are not available for transaction-based licenses. If you are approaching
the maximum number of transactions for a license, a message appears in the system log in
Management Console.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
56
Monitoring Your System
You can choose which items you want to receive expiration notification email about so that you only
receive email notifications for those items that concern you.
1. Open the Management Console.
2. Expand System then click Licensing and Expiration.
3. Go to System > Licensing and Expiration.
4. To receive an expiration notification email for an item, check the box in the Send Notification
column.
Note: If you cannot check the boxes in the Send Notification column it is either because
notification is disabled for your system or no mail server has been configured. To enable
notification, expand System then click Notification. Click the Expiration Settings tab
and enable the Send expiration notification option.
5. Select File > Save.
Viewing Version Information
1. In Management Console, expand System then click Version Information.
2. In a web browser go to this URL:
http://server:port/managementconsole
Where server is the server name or IP address of your Spectrum™ Technology Platform server
and port is the HTTP port used bySpectrum™ Technology Platform. By default, the HTTP port
is 8080.
3. Click System > Version.
Viewing and Exporting License Information
You can export information about your license to an XML file. This may be necessary when resolving
license issues with technical support.
1. Open the Management Console.
2. Expand System then click Licensing.
3. Click the Expiration Info tab to view a list of licenses that are about to expire. Only licenses that
are within the period specified on in the Notification node, Expiration Settings tab, are displayed.
4. Click the License Information tab to view a complete listing of all licenses installed on your
system.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
57
Monitoring Your System
5. Click Export.
6. In a web browser go to this URL:
http://server:port/managementconsole
Where server is the server name or IP address of your Spectrum™ Technology Platform server
and port is the HTTP port used bySpectrum™ Technology Platform. By default, the HTTP port
is 8080.
7. Click System > Licensing and Expiration.
8. Click the export icon.
Your license information is saved to an XML file with a .lic extension.
Monitoring Performance with the JMX Console
The JMX console is browser-based tool that provides a performance monitoring tool that records
performance statistics for each stage in a dataflow.
1. Open a web browser and go to http://<server>:<port>/jmx-console
Where:
<server> is the IP address or hostname of your Spectrum™ Technology Platform server.
<port> is the HTTP port used by Spectrum™ Technology Platform. The default is 8080.
2. Log in using the admin account.
3. Under " Domain: com.pb.spectrum.platform.performance", click
com.pb.spectrum.platform.performance:server=PerformanceMonitorManager.
4. Click the Invoke button next to enable.
5. Click Return to MBean View to go back to the PerformanceMonitorManager screen.
Performance monitoring is now enabled. When a dataflow runs, the performance statistics will
display at the top of the PerformanceMonitorManager screen. Note the following:
• You must refresh the screen to see updates.
• To reset the counters, click the Invoke button next to reset.
• If you stop the Spectrum™ Technology Platform server, performance monitoring will be turned off.
You will have to turn it back on when you start the server again.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
58
Monitoring Your System
Monitoring Memory Usage
The JMX Console allows you to monitor the JVM heap usage of the spatial remote component.
Memory usage (HeapMemoryUsage and NonHeapMemoryUsage) is based on the standard JVM
memory MBean. It shows the memory usage of the JVM that the remote component running on. It
includes the amount of init, max, committed and used memory.
RuntimeName includes the process ID that you can use to find more information from the operating
system (for example, by using the Windows Task Manager), or even kill the process.
In the heap sections, ={committed=143130624, init=134217728, max=1908932608,
used=23483928} are shown in bytes.
Init is the initial amount JVM allocated (-Xms); max is the one specified by –Xmx. Used is the amount
of memory that used by JVM for objects. The relationship is like this: –Xms < committed < -Xmx,
and used < committed.
You can modify the heap memory by modifying the -Xm in the java.vmargs file under the spatial
folder (<Installed>\Pitney Bowes\Spectrum\server\modules\spatial\java.vmargs). See Increasing
Heap Memory for more instructions.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
59
5 - Managing Memory
and Threading
This section describes approaches for improving performance by managing
memory and threading, and also relates best practices for optimizing the
performance of the Location Intelligence Module. It is intended for
experienced administrators.
Spectrum provides several tuning options to optimize performance of the
server. The optimal selection of settings is dependent on the nature of the
deployment. To create a well-tuned server environment, it is recommended
that performance tests should be executed in the deployed environment
to determine optimal settings. This section provides some general guidance
on performance tuning.
In this section
Remote Component Configuration
Data Source Pooling Configuration
61
62
Managing Memory and Threading
Remote Component Configuration
All spatial services in the Spectrum™ Technology Platform are deployed into a remote component
(JVM instance) that is separate from the platform runtime. This ensures the platform is independent
of the modules within it and that JVM configuration can be applied to the spatial services, allowing
flexibility of memory allocation and tuning for performance based on the characteristics of those
services.
The remote component supplies spatial functions to spatial services (such as the Feature Service
and Mapping Service) and stages (such as the Spatial Calculator and Query Spatial Data). The pool
size for a remote component is the number of requests the component can handle concurrently.
This affects the throughput of both spatial services and spatial stages.
To manage permissions for the spatial remote component, use the Management Console as you
would for any other secured entity type. The spatial remote component is listed as the "Spatial
Component" secured entity type under the Databases Resources group. You can set permissions
for the spatial remote component when creating or editing roles or by using access control settings.
See Managing Security on page 23 for more information.
Modifying the Pool Size
In addition to JVM tuning, you can also adjust the pool size of the spatial remote component. The
pool size for a remote component is the number of requests the component can handle concurrently.
This setting represents the number of threads on the components that are listening for service
requests from the Spectrum™ Technology Platform or executing a Location Intelligence Module
stage (that is, the maximum number of managed connections).
Every web service request enters Spectrum from the platform and is passed to the component. The
default value of 1 can be increased to accommodate greater request loads. A pool size that matches
the number of CPUs is recommended. The maximum setting should not go above twice the number
of the CPU core; for example, on a 4 CPU machine the combined number of threads for all services
should not exceed 8. Performance tests should be run with various settings until optimal performance
is achieved for the usage.
You have the ability to adjust the pool size in Management Console for the spatial remote component:
1. Open the Management Console.
2. Go to Resources > Location Intelligence.
3. Change the pool size for the remote component using the arrows or by typing in a value. The
minimum value is 1 and the maximum value is 64.
4. Click Save.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
61
Managing Memory and Threading
5. If you decreased the pool size, restart the server. Increasing the pool size takes effect immediately
and does not require a server restart.
Data Source Pooling Configuration
The pooling-datasource-factory.properties file (located under
SpectrumLocation\server\modules\spatial) may be used to configure the pooling of
connections used by JDBC-based data sources (such as Oracle and SQL Server) to maximize
performance.
You can allow objects to be validated via a static query before being borrowed from the pool. If the
validation fails, the connection will be dropped from the pool and an attempt will be made to borrow
another. Enabling validation will have a slight negative performance impact as a query is always
executed before the real query that is executed by Spectrum Spatial; however, the test query
maintains the integrity of all the connections in the connection pool in cases where communication
between Spectrum Spatial and an external database is not reliable. Set a validation interval to
mitigate the performance impact of validation. If a connection is due for validation, but has been
validated previously within this interval, it will not be validated again.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
62
6 - Managing a Cluster
In this section
Clustered Architecture for the Location Intelligence Module
Using Enterprise Designer with a Cluster
Managing a Cluster for the Location Intelligence Module
Removing a Node from a Cluster
Shutting Down a Cluster
64
65
66
69
70
Managing a Cluster
Clustered Architecture for the Location Intelligence Module
In a clustered environment, processing is shared among two or more instances of the server. The
diagram below illustrates the deployment architecture of such a configuration. Load balancing can
be used to support high availability and scaling. The deployment architecture includes a load balancer,
a Spectrum Spatial cluster, a database, and a file share. With this approach it is possible to scale
both horizontally and vertically. You can cluster the Location Intelligence Module with or without
platform clustering, starting from version 8.0.
Load Balancer
The load balancer spreads requests between the Spectrum Spatial instances. Any load balancer
that supports load balancing HTTP/HTTPs requests can be used.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
64
Managing a Cluster
Spectrum Spatial Cluster
The cluster is a collection of Spectrum instances with LIM sharing administration, named resources,
geographical metadata content and configuration settings. Additional nodes can be added to the
cluster for resilience or to deliver support for greater loads. Each node can be scaled vertically
through additional hardware resources and/or additional instances should this be required for
hardware with massive resources. Spectrum can be configured to use restricted numbers of CPUs.
Database
Spectrum stores named resources (maps, layers, tables and styles), geographic metadata and
configuration in a repository. In the default single server installation an embedded database is used
to store these resources on the local server. To create a resilient scalable solution this embedded
database should be replaced with a resilient independent database. Oracle, PostGreSQL/PostGIS
and Microsoft SQL Server are the supported repository databases.
In the load balanced configuration, Spectrum nodes cache these resources in a local cache and
search index in each node in the cluster. When a Spectrum node receives a request it uses the
local cache and index to find resources. Named resources can be added through any node in the
cluster. Each node keeps its cache current by checking for differences between its local cache and
the central database. This check occurs every 2 seconds by default. Time frequency can be
configured. This architecture ensures the server delivers high performance transactions and the
load on the repository database is kept to a minimum. If a new Spectrum node is added to the cluster
the cache and index are created automatically. Such a scenario can occur to remedy a node failure
or grow the capability of the deployment.
File Share
The file share provides a folder to hold map images generated by Spectrum. When maps are
rendered using the web services the server supports the map images being returned through URLs
or returned as a base 64 encoded image. When a URL is returned the map image is stored as a
file and served on request of the URL. To ensure any Spectrum node can return the map image a
file share is used to store the images.
Using Enterprise Designer with a Cluster
1. Launch Enterprise Designer.
2. In the Server name field, enter the server name of the load balancer.
3. In the Port field, enter the port that you have configured the load balancer to listen on.
Note: Input files, output files and database resources must be on a shared drive, or file server,
or some commonly-accessible location. Otherwise, all files must be loaded on each server
that hosts a Spectrum™ Technology Platform server and must be located in the same
path.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
65
Managing a Cluster
Once you have logged in you can use Enterprise Designer as normal. The actions you take will
apply to all Spectrum™ Technology Platform instances in the cluster where you are logged in.
Managing a Cluster for the Location Intelligence Module
Configuring a Common Repository
You must configure Spectrum to use a common repository database for the cluster. This ensures
that named resources, geographic metadata and configuration settings are managed across the
cluster.
The repository is installed with a set of named resources, geographic metadata and configuration
files. To migrate these resources to the common database repository the resources need to be
exported from the default internal repository database and reimported into the new shared repository
database.
For bulk export/import of repository content, you can use WebDAV or the limrepo import and
limrepo import commands in the Administration Utility, which give you the option of preserving
permissions (see the Administration section of the Spectrum Spatial Guide for instructions.)
Follow the steps outlined for your common repository database, either PostgreSQL, Oracle, or
Microsoft SQL Server.
Configuring Your System
Once the Spectrum™ Technology Platform is installed and you have configure a common repository,
you need to configure your instance before you can replicate it to another virtual machine. If you
are not using a virtual machine environment, you will need to perform these steps on each of your
Spectrum™ Technology Platform installations.
Configure the Map File Share
To configure the map file share (a shared image folder) to Spectrum™ Technology Platform you
first need a shared map image directory. To create a map file share, see Creating a Map Image
File Share on Unix/Linux on page 67 or Creating a Map Image File Share on Windows on page
68.
Once a map image directory has been created, configure the map file share:
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
66
Managing a Cluster
1. Modify the Mapping Service configuration by pointing to a shared image folder and load balance
server. In the ImageCache change the Directory parameter to a common image directory, and
change the AccessBaseURL parameter to the load balancer machine image URL.
If you are using a virtual machine environment, remember this IP address, as you must set the
load balancer VM to this IP address.
For Unix/Linus installations:
<ImageCache>
<Directory>/<spatial server
root>/server/modules/spatial/images</Directory>
<AccessBaseURL>http://<loadbalance_IP_address>/rest/Spatial/MappingService/internal/imageCache</AccessBaseURL>
<FileExpire>30</FileExpire>
<ScanInterval>30</ScanInterval>
</ImageCache>
For Windows installations:
<ImageCache>
<Directory>\\server\Share\images</Directory>
<AccessBaseURL>http://<loadbalance_IP_address>/rest/Spatial/MappingService/internal/imageCache</AccessBaseURL>
<FileExpire>30</FileExpire>
<ScanInterval>30</ScanInterval>
</ImageCache>
2. For Unix/Linux installations, you must set up a symbolic link to enable map images to go to the
shared file system.
Create an images subfolder in the mounted share folder, e.g., /mnt/<linux mount>/images
cd /<spatial server root>/server/modules/spatial
rm –Rf images
ln -s /mnt/<linux mount>/images ./images
Creating a Map Image File Share on Unix/Linux
The file share provides a folder to hold map images generated by Spectrum Spatial. Create a shared
folder accessible to all Spectrum nodes. The file share is not required if maps are returned from the
web services as Base64-encoded images.
To create a map image file share on Unix/Linux:
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
67
Managing a Cluster
1. Mount a shared folder on each operating system hosting Spectrum. The commands below mount
a drive on a Microsoft Windows Server or network drive supporting CIFS.
mkdir /mnt/<linux mount>
mount -t cifs //<windows host>/<windows share> /mnt/<linux mount>-o
username=shareuser,password=sharepassword,domain=pbi
2. Set the image share to load at startup in /etc/fstab.
//<windows ip address for share>/share /path_to/mount cifs
username=server_user,password=secret,_netdev 0 0
Creating a Map Image File Share on Windows
The file share provides a folder to hold map images generated by Spectrum Spatial. Create a shared
folder accessible to all Spectrum nodes. The file share is not required if maps are returned from the
web services as Base64-encoded images.
To create a map image file share on Windows:
1. In Windows Explorer, select the image folder you want to share.
2. Right-click, and then click Share or Share with.
3. Select the users who will be writing to the image folder. These users must have read/write
privileges.
Modifying the Service Configurations
To modify the service configurations for load balancing:
In each service configuration file, change the <RepositoryURL> to point to localhost for the
server repository URL. By default your server hostname will be configured in the RepositoryURL.
For example, the RepositoryURL should change to point to localhost from http://<Spectrum
Hostname>:<Port>/RepositoryService/rmi to
http://localhost:<Port>/RepositoryService/rmi. Ensure localhost can be resolved
on the server.
Modifying the Java Properties Files in All Nodes
You must change the java property file in all nodes of the cluster. To modify the java properties for
Spectrum™ Technology Platform:
1. Modify the java.properties file, located in
<spectrum>/server/modules/spatial/java.properties, to point to the load balance
server.
2. Change the images.webapp.url and all of the service host and port numbers to point to the load
balance server.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
68
Managing a Cluster
Configuring Ports for Multiple Spectrum Instances
If you have multiple Spectrum™ Technology Platform instances on a single machine, you must
change the port numbers.
To change the port numbers for each Spectrum™ Technology Platform instance:
1. Change all ports in <Spectrum
root>/server/app/conf/spectrum-container.properties to new port values that are
not in use. The http port reflects the port number entered in the installer.
2. Update the rmi port in bootstrap.properties in the /<spectrum root>/server/modules/spatial folder
(for example, 11099). The default is 1099.
Shared Spectrum Local Data
If you are using TAB file data on the file system, this data needs to be in a shared location accessible
by all instances of Spectrum in the load balanced environment. It is also important to note that all
named resources in the repository accessing data on the file system should point to this shared
location.
Each VM or machine hosting Spectrum needs to have access to the mounted shared drive.
Note: Using named resources that point to database tables do not require a shared drive, as the
named resources in the repository do not access the data using a file path; rather they use
a named connection to the data in the database.
Ensuring Security Entities Set On All Nodes
If you are adding or removing named resources in a LIM only cluster (multiple nodes), these entities
will only be registered to the node where you are making changes. To ensure these security entities
are persisted to all nodes in the cluster, you must restart each other Spectrum™ Technology Platform
LIM nodes. This will synchronize all security entities.
Note: This is only required if you are setting security entity overrides for named resources.
Removing a Node from a Cluster
To remove a node from a cluster, stop the Spectrum™ Technology Platform server.
• On Unix or Linux, change the working directory to the Spectrum™ Technology Platform server's
bin directory, source the setup file, then type the following command: ./server.stop .
• On Windows, right-click the Spectrum™ Technology Platform icon in the system tray and select
Stop Spectrum™.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
69
Managing a Cluster
If you do not want the server to rejoin the cluster the next time it starts up, open the file
server/app/conf/spectrum-container.properties in a text editor and set
spectrum.cluster.enabled to false.
For Location Intelligence Module users: If you want to keep the node standalone and able to run
outside the cluster, copy back the original repository.xml file and remove the following folders from
the /server/modules/spatial/jackrabbit directory for each instance of Spectrum™
Technology Platform: repository, version, workspaces. Restart the server and import the repository
content.
Shutting Down a Cluster
To shut down an entire cluster:
1. Shut down each Spectrum™ Technology Platform server in the cluster.
• On Unix or Linux, change the working directory to the Spectrum™ Technology Platform server's
bin directory, source the setup file, then type the following command: ./server.stop .
• On Windows, right-click the Spectrum™ Technology Platform icon in the Windows system tray
and select Stop Spectrum™.
2. Make a note of which node was shut down last. You will need this information when starting up
the cluster.
Warning: When starting up the cluster, the first node you start up must be the last node that
was shut down.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
70
7 - Using the
Administration Utility
In this section
Getting Started with the Administration Utility
Using a Script with the Administration Utility
Location Intelligence Module
Enterprise Routing Module
72
73
74
79
Using the Administration Utility
Getting Started with the Administration Utility
The Administration Utility provides command line access to several administrative functions. You
can use it in a script, allowing you to automate certain administrative tasks. You can also use it
interactively. Not all administrative functions are available in the Administration Utility. Use
Management Console to access the functions that are not available in the Administration Utility.
Note: The Administration Utility requires Java 8 or later. If you are installing the Administration
Utility on the same computer where the Spectrum™ Technology Platform server is installed,
Java 8 is already installed since it is included with the server. If you want to install the
Administration Utility on another computer, make sure that the computer has Java 8 or later
installed.
1. Open a web browser and go to the Spectrum™ Technology Platform Welcome Page at:
http://<servername>:<port>
For example, if you installed Spectrum™ Technology Platform on a computer named
"myspectrumplatform" and it is using the default HTTP port 8080, you would go to:
http://myspectrumplatform:8080
2. Click Platform Client Tools.
3. Click Command Line Clients.
4. Under Administration Utility, click Download and download the zip file to the computer where
you want to use the Administration Utility.
5. Extract the contents of the zip file.
6. To launch the command line interface, do one of the following:
• If you are running the server on a Unix or Linux system, execute cli.sh.
• If you are running the server on a Windows system, execute cli.cmd.
Note: If necessary, modify the .sh or .cmd file to use the path to your Java installation.
7. Connect to the Spectrum™ Technology Platform server that you want to administer. To connect
to the server, execute the following command:
connect --h servername:port --u username --p password --s SSLTrueOrFalse
For example:
connect --h myserver:8080 --u admin --p myPassword1 --s true
8. Once you are connected you can execute commands. Note the following tips:
• For a list of available commands, type help or press the tab key.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
72
Using the Administration Utility
• To auto-complete a command, type the first few characters then press the tab key. For example,
typing us then pressing the tab key automatically completes the command user. Pressing the
tab key again will display a list of all the user commands.
• If you specify an option value that contains a space, enclose the value in double quotes.
9. When you are done, type exit to exit the Administration Utility.
Using a Script with the Administration Utility
The Administration Utility can execute a series of commands from a script file. This is useful if you
want to automate or standardize administrative actions through the use of a script instead of manually
executing commands through the Administration Utility or by using the Management Console.
1. Using a text editor, create a script file. A script file contains the commands that you want to
execute.
To add a command to a script file, type the command and the necessary parameters as you
would if you were entering the command at the command prompt. Enter one command per line.
To insert comments into a script file, use the following notation:
/*
Indicates the start of a block comment.
*/
Indicates the end of a block comment.
//
Indicates an inline comment. Use at the start of a line only.
;
Indicates an inline comment. Use at the start of a line only.
2. Save the script either on the computer where you run the Administration Utility or in a location
that is accessible from the computer where you run the Administration Utility. You can use any
file name and extension you choose. The recommend file extension is .cli.
3. To execute the script, do one of the following:
Option
Description
To execute the script at the
command line
Specify the following at the command line or in a batch or
shell script:
cli.cmd --cmdfile ScriptFile
To execute the script form the Open the Administration Utility and connect to the Spectrum™
Administration Utility
Technology Platform server using the connect command.
Then, use the script command to execute the script. For
more information on this command, see script.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
73
Using the Administration Utility
Example: Moving Dataflows from Staging to Production
You have three dataflows: Deduplication, AddressValidation, and DrivingDirections.
You have a staging server where you make changes to these dataflows and test
them, and a production environment where the dataflows are made available for
execution. You want to have a consistent and automated way to move these dataflows
from your staging server to your production server so you decide to use an
Administration Utility script to accomplish this. The script might look like this:
// Connect to the staging server
connect --h stagingserver:8080 --u allan12 --p something123
// Export from staging
dataflow export --d "Deduplication" --e true --o exported
dataflow export --d "AddressValidation" --e true --o exported
dataflow export --d "DrivingDirections" --e true --o exported
// Close connection to the staging server
close
// Connect to the production server
connect --h productionserver:8080 --u allan12 --p something123
// Import to production
dataflow import --f exported\Deduplication.df
dataflow import --f exported\AddressValidation.df
dataflow import --f exported\DrivingDirections.df
// Close the connection to the production server
close
Location Intelligence Module
limrepo export
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The limrepo export command exports named resources (such as named tables) from the
Spectrum Spatial repository to a local file system. You must have the Location Intelligence Module
installed to use this command.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
74
Using the Administration Utility
Resources are exported with their full repository paths in the target folder. For example, if you run
limrepo export --s /Samples/NamedTables --o C:\export, the tool creates
C:\export\Samples\NamedTables\WorldTable, and so on for each named table under the
NamedTables folder or directory.
Note: The limrepo export command will always recursively export all folders, including empty
ones.
Usage
limrepo export --s SourceRepositoryPath --o OutputFilePath
Note: To see a list of parameters, type help limrepo export.
Required
Argument
Description
Yes
--s SourceRepositoryPath
Specifies the path to the resource or a folder to
be exported.
Yes
--o OutputFilePath
Specifies the path to a folder on the local file
system where you want to export. This can be a
new folder or an existing folder; however, an
existing folder must be empty otherwise the export
will fail.
No
--q or --quiet
Disables the display of the resources copied during
the export; that is, operates in quiet mode.
If the flag is specified, the default value is true. If
the flag is not specified, the default value is false.
No
--f or --fullpaths
Prints the full source and output paths.
If the flag is specified, the default value is true. If
the flag is not specified, the default value is false.
No
--r or --recursive
Recursively exports subfolders (children of the
specified source).
If the flag is specified, the default value is true. If
the flag is not specified, the default value is true.
No
--c or --continueonerror
Continues with the export if an error occurs.
If the flag is specified, the default value is true. If
the flag is not specified, the default value is false.
No
--a or --acl
Spectrum™ Technology Platform 11.0
Preserves existing permissions for the exported
resources in the export folder on the local file
system. An access control list (ACL) indicates the
operations each user or role can perform on a
Spectrum Spatial Administration Guide
75
Using the Administration Utility
Required
Argument
Description
named resource, such as create, view, edit, or
delete.
If the flag is specified, the default value is true. If
the flag is not specified, the default value is false.
Example
This example exports the named resources in the repository's \Samples folder to
C:\myrepository\samples on your local file system.
limrepo export --s /Samples --o C:\myrepository\samples
limrepo import
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The limrepo import command imports named resources (such as named tables) from a local
file system into the Spectrum Spatial repository. You must have the Location Intelligence Module
installed to use this command.
When importing, you must point to the same folder or directory you exported to previously. For
example, if you run limrepo export --s /Samples/NamedTables --o C:\export, the tool creates
C:\export\Samples\NamedTables\WorldTable, and so on for each named table under the
NamedTables folder or directory. Resources are exported with their full repository paths in the target
folder. Running limrepo import --s C:\export then imports WorldTable back to
/Samples/NamedTables/WorldTable.
Note: The limrepo import command will always recursively import all folders, including empty
ones.
After performing an import, in many cases, you will need to adjust the named connections to point
to their new path using Spatial Manager. For example, if your Native TAB files were installed on
“C:\myfiles” in your test instance and the same files are installed on
“E:\ApplicationData\Spectrum\Spatial\Spring2016” then that connection would have to be corrected
in Spatial Manager after import. See the Utilities section of the Spectrum Spatial Guide for instructions
on using Spatial Manager to edit a named connection.
Usage
limrepo import --s SourceFilePath
Note: To see a list of parameters, type help limrepo import.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
76
Using the Administration Utility
Required Argument
Description
Yes
--s SourceFilePath
Specifies the path to the resource or a folder on
the local file system that is to be imported. This
must be the root folder of a previous export on the
local file system.
No
--q or --quiet
Disables the display of the resources copied during
the import; that is, operates in quiet mode.
If the flag is specified, the default value is true. If
the flag is not specified, the default value is false.
No
--u or --update
Specifies whether to overwrite existing resources
if resources with the same name are already on
the server.
true
If there is a resource on the server with
the same name as a resource you are
importing, the resource on the server will
be overwritten. This is the default setting
if the flag is not specified or if the flag is
specified without a value.
false If there is a resource on the server with
the same name as a resource you are
importing, the resource will not be
imported.
No
--f or --fullpaths
Prints the full source and output paths.
If the flag is specified, the default value is true. If
the flag is not specified, the default value is false.
No
--c or --continueonerror
Continues with the import if an error occurs.
If the flag is specified, the default value is true. If
the flag is not specified, the default value is false.
No
--a or --acl
Preserves any previously exported permissions
and merges them with existing permissions when
importing resources. An access control list (ACL)
indicates the operations each user or role can
perform on a named resource, such as create,
view, edit, or delete.
For example, a user has read and write
permissions on a resource when exporting. If the
user only has read permissions on the resource
when importing, write permission will be granted
again after the import finishes successfully.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
77
Using the Administration Utility
Required Argument
Description
Conflicting permissions cannot be merged and will
be ignored. ACL entries for users and roles that
do not exist in the target repository are also
ignored.
If the flag is specified, the default value is true. If
the flag is not specified, the default value is false.
Example
This example imports the named resources from C:\myrepository\samples on your
local file system.
limrepo import --s C:\myrepository\samples
limrepo mwsimport
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The limrepo mwsimport command in the Spectrum™ Technology Platform Administration Utility
allows you to provision a map from a MapInfo Workspace (MWS) file that has been created either
by MapInfo Pro or the MapXtreme Workspace Manager into the Spectrum Spatial repository. The
import will create the named map and all its dependent resources (layers, tables and connections).
The connection is named by appending 'Connection’ to the map name. The named tables and
named layers are created in subfolders (NamedTables and NamedLayers, respectively).
You must have the Location Intelligence Module installed to use this command.
Usage
limrepo mwsimport --s MWSFilePath --o Output --p ServerPath
Note: To see a list of parameters, type help limrepo mwsimport.
Required Argument
Description
Yes
--s MWSFilePath
Specifies the path to an MWS file on the local file
system that is to be imported.
Yes
--o Output
Specifies the path to the named map on the
repository. All resources will be created within the
same folder as the named map.
Yes
--p ServerPath
Specifies the file path to the location of the data
on the server. This path is used to create a named
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
78
Using the Administration Utility
Required Argument
Description
connection which is then referenced by all the
named tables that are created. These tables will
use file paths relative to that named connection.
No
Specifies the file path to the location of the data
on the local file system, if the MWS contains file
paths that do not exist on the server file system.
Any occurrences of the specified value in the MWS
file will be substituted with the specified server
path. If you have partial paths in the MWS file, this
is not required; this is usually the case with
anything created from MapXtreme.
--l LocalPath
Example
This example imports an MWS file on the D: drive (where the data on the server
exists at C:\mydata) and provisions the named resources into /Europe/Countries in
the repository.
limrepo mwsimport --s D:\europe.mws --o /Europe/Countries --p
C:\mydata
Result
The following named resources are created:
/Europe/Countries/Europe (named map)
/Europe/Countries/EuropeConnection (named connection)
/Europe/Countries/NamedTables/austria (named table)
/Europe/Countries/NamedTables/belgium (named table)
.
./Europe/Countries/NamedLayers/austria (named layer)
/Europe/Countries/NamedLayers/belgium (named layer)
..
Enterprise Routing Module
ermdb list
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
79
Using the Administration Utility
The ermdb list command retrieves a list of all the existing routing database resource on the
server. You must have the Enterprise Routing Module installed to use this command.
Usage
ermdb list
Example
This example returns all the database resources on the server.
ermdb list
ermdb add
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The ermdb add command creates a new routing database resource on the server. You must have
the Enterprise Routing Module installed to use this command.
Note: The ermdb add command requires a unique name be used for each of the databases being
added.
Usage
ermdb add --name database_name --poolsize pool_size --path database_path
Note: To see a list of parameters, type help ermdb add.
Required Argument
Description
Yes
--name or --n database_name
Specifies the name of the database resource to be
added. The name must be a unique name on the
server. For a list of existing routing database
resources, use the ermdb list command.
No
--poolsize or --s pool_size
Indicates the maximum number of concurrent
requests the database should handle. The default
if not specified is 4. The accepted range for
concurrent requests is any integer between 1 and
128.
YES
--path database_path
Specifies the location of the routing database on
the file server.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
80
Using the Administration Utility
Example
This example adds the database resources US from E:
/ERM-US/2014.09/driving/south into the server.
ermdb add --name US --poolsize 10 --path E:
/ERM-US/2014.09/driving/south
ermdb delete
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The ermdb delete command removes an existing routing database resource from the server.
You must have the Enterprise Routing Module installed to use this command.
Usage
ermdb delete --name database_name
Note: To see a list of parameters, type help ermdb delete.
Required Argument
Description
Yes
Specifies the name of the database resource to be
deleted. For a list of existing routing database
resources, use the ermdb list command.
--name or --n database_name
Example
This example removes the database resources US from the server.
ermdb delete --name US
ermdb modify
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The ermdb modify command changes an existing routing database resource on the server. You
must have the Enterprise Routing Module installed to use this command.
Usage
ermdb modify --name database_name --poolsize pool_size --path database_path
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
81
Using the Administration Utility
Note: To see a list of parameters, type help ermdb modify.
Required Argument
Description
Yes
--name or --n database_name
Specifies the name of the database resource to be
modified. For a list of existing routing database
resources, use the ermdb list command.
No
--poolsize or --s pool_size
Indicates the maximum number of concurrent
requests the database should handle. The
accepted range for concurrent requests is any
integer between 1 and 128. You must specify either
a new pool size or a new database path.
No
--path database_path
Specifies the new location of the routing database
on the file server. You must specify either a new
pool size or a new database path.
Example
This example modifies both the pool size and the database path for a new vintage.
ermdb modify --name US --poolsize 20 --path E:
/ERM-US/2015.03/driving/south
erm getpointdata
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The erm getpointdata command returns segments information for a point. The closest segment(s)
is returned to the specified point. Types of information returned are; segment ID, road type, length,
speed, direction, time, road name, etc. You must have the Enterprise Routing Module installed to
use this command.
Usage
erm getpointdata --datasource db_resource --point "x,y,coordsys"
Note: To see a list of parameters, type help erm getpointdata.
Required Argument
Description
Yes
Specifies the name of the database resource to
return data. For a list of existing routing database
resources, use the ermdb list command.
--datasource db_resource
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
82
Using the Administration Utility
Required Argument
Description
Yes
Indicates the point to return the closest segment
information. The point is specified in the format
"x,y,coordsys", where coordsys is the coordinate
system of the point.
--point "x,y,coordsys"
Example
This example returns the closest segment data to the specified point from the US_NE
database resources configured on the server.
erm getpointdata --datasource US_NE --point "-72,40,epsg:4326"
erm getsegmentdata
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The erm getsegmentdata command returns segments information for a given segment ID. Types
of information returned are; segment ID, road type, length, speed, direction, time, road name, etc.
You must have the Enterprise Routing Module installed to use this command.
Usage
erm getsegmentdata --datasource db_resource --segmentid "segment_id"
Note: To see a list of parameters, type help erm getsegmentdata.
Required Argument
Description
Yes
--datasource db_resource
Specifies the name of the database resource to
return data. For a list of existing routing database
resources, use the ermdb list command.
Yes
--segmentid "segment_id"
Indicates the segment to return the information.
The segment is specified in the format specified in
the data. For example, "7e3396fc:6e5251".
Example
This example returns data for the specified segment from the US_NE database
resources configured on the server.
erm getpointdata --datasource US_NE --segmentid
"7e3396fc:6e5251"
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
83
Using the Administration Utility
erm createpointupdate
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The erm createpointupdate command overrides the routing data of the closest segment for a
given point. This command allows you to set or change the speed, or exclude a section of the route.
You must have the Enterprise Routing Module installed to use this command.
Note: The type of persistent update is valid only for the specified data resource and may not be
valid after a data update.
Usage
erm createpointupdate --datasource db_resource --point "x,y,coordsys" --exclude
--velocity velocity_value --velocityunit velocity_unit --velocityadjustment
velocity_adjustment_value --velocitypercentage velocity_percentage_value
Note: To see a list of parameters, type help erm createpointupdate.
Required Argument
Description
Yes
--datasource db_resource
Specifies the name of the database resource to
override the data. For a list of existing routing
database resources, use the ermdb list
command.
Yes
--point "x,y,coordsys"
Indicates the point to override the closest segment
information. The point is specified in the format
"x,y,coordsys", where coordsys is the coordinate
system of the point.
No
--exclude
Excludes the specified point from all route
calculations. Having this parameter in the
command specifies whether to exclude the point.
No
--velocity velocity_value
Defines a speed update where you specify the new
speed of the point by specifying the new velocity.
The default unit is mph(miles per hour) unless you
specify the velocityunit parameter.
No
--velocityunit velocity_unit
Defines a unit of speed for the velocity or
velocityadjustment overrides. The default
value is mph(miles per hour). For speed updates,
the velocity unit can have one of the following
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
84
Using the Administration Utility
Required Argument
Description
values: kph (kilometers per hour), mps(meters per
second), or mph (miles per hour).
No
--velocityadjustment
velocity_adjustment_value
Defines a speed update where you define a change
in the speed of the point by specifying the change
in velocity (unit and value). Speed values can be
increased (positive value) or decreased(negative
value). The default unit is mph(miles per hour)
unless you specify the velocityunit parameter.
No
--velocitypercentage
velocity_percentage_value
Defines a speed update where you define an
increase in the speed of the point by specifying a
percentage to increase(positive value) or
decrease(negative value) the speed.
Examples
This example overrides the speed of the point to 15 mph, from the US_NE database
resources configured on the server.
erm createpointupdate --datasource US_NE --point
"-72,40,epsg:4326" --velocity 15 --velocityunit mph
This example excludes the specified point from the US_NE database resources
configured on the server.
erm createpointupdate --datasource US_NE --point
"-72,40,epsg:4326" --exclude
This example overrides the speed of the point by increasing the speed by 45 kph,
from the US_NE database resources configured on the server.
erm createpointupdate --datasource US_NE --point
"-72,40,epsg:4326" --velocityadjustment 45 velocityunit kph
This example overrides the speed of the point by decreasing the speed by 60 percent,
from the US_NE database resources configured on the server.
erm createpointupdate --datasource US_NE --point
"-72,40,epsg:4326" --velocitypercentage -60
erm resetpointupdate
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
85
Using the Administration Utility
The erm resetpointupdate command returns any overrides to the original state of the data.
You must have the Enterprise Routing Module installed to use this command.
Usage
erm resetpointupdate --datasource db_resource --point "x,y,coordsys" --resettype
reset_type
Note: To see a list of parameters, type help erm resetpointupdate.
Required Argument
Description
Yes
--datasource db_resource
Specifies the name of the database resource that
has the overrides. For a list of existing routing
database resources, use the ermdb list
command.
Yes
--point "x,y,coordsys"
Indicates the point where the existing overrides
are located. The point is specified in the format
"x,y,coordsys", where coordsys is the coordinate
system of the point.
Yes
--resettype reset_type
The type of override to remove (undo).
speed
Removes a speed update.
exclude
Removes an exclude update.
Example
This example resets an existing exclude override for the given point, from the US_NE
database resources configured on the server.
erm resetpointupdate --datasource US_NE --point
"-72,40,epsg:4326" --resettype exclude
erm createsegmentupdate
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The erm createsegmentupdate command overrides the routing data of the specified segment.
This command allows you to set or change the speed, exclude a section of the route, or change the
road type. You must have the Enterprise Routing Module installed to use this command.
Note: The type of persistent update is valid only for the specified data resource and may not be
valid after a data update.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
86
Using the Administration Utility
Usage
erm createsegmentupdate --datasource db_resource --segmentid "segment_id"
--exclude --velocity velocity_value --velocityunit velocity_unit --velocityadjustment
velocity_adjustment_value --velocitypercentage velocity_percentage_value --roadtype
road_type
Note: To see a list of parameters, type help erm createsegmentupdate.
Required Argument
Description
Yes
--datasource db_resource
Specifies the name of the database resource to
override the data. For a list of existing routing
database resources, use the ermdb list
command.
Yes
--segmentid "segment_id"
Indicates the segment to override. The segment is
specified in the format specified in the data. For
example, "7e3396fc:6e5251".
No
--exclude
Excludes the specified segment from all route
calculations. Having this parameter in the
command specifies whether to exclude the
segment.
No
--velocity velocity_value
Defines a speed update where you specify the new
speed of the segment by specifying the new
velocity. The default unit is mph(miles per hour)
unless you specify the velocityunit parameter.
No
--velocityunit velocity_unit
Defines a unit of speed for the velocity or
velocityadjustment overrides. The default
value is mph(miles per hour). For speed updates,
the velocity unit can have one of the following
values: kph (kilometers per hour), mps(meters per
second), or mph (miles per hour).
No
--velocityadjustment
velocity_adjustment_value
Defines a speed update where you define a change
in the speed of the segment by specifying the
change in velocity (unit and value). Speed values
can be increased (positive value) or
decreased(negative value). The default unit is
mph(miles per hour) unless you specify the
velocityunit parameter.
No
--velocitypercentage
velocity_percentage_value
Defines a speed update where you define an
increase in the speed of the segment by specifying
a percentage to increase(positive value) or
decrease(negative value) the speed.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
87
Using the Administration Utility
Required Argument
Description
No
Defines the new road type for the segment.
--roadtype road_type
Examples
This example overrides the speed of the segment to 15 mph, from the US_NE
database resources configured on the server.
erm createsegmentupdate --datasource US_NE --segmentid
"7e3396fc:6e5251" --velocity 15 --velocityunit mph
This example excludes the specified segment from the US_NE database resources
configured on the server.
erm createsegmentupdate --datasource US_NE --segmentid
"7e3396fc:6e5251" --exclude
This example overrides the speed of the segment by increasing the speed by 45 kph,
from the US_NE database resources configured on the server.
erm createsegmentupdate --datasource US_NE --segmentid
"7e3396fc:6e5251" --velocityadjustment 45 velocityunit kph
This example overrides the speed of the segment by decreasing the speed by 60
percent, from the US_NE database resources configured on the server.
erm createsegmentupdate --datasource US_NE --segmentid
"7e3396fc:6e5251" --velocitypercentage -60
This example overrides the road type of the segment to ferry, from the US_NE
database resources configured on the server.
erm createsegmentupdate --datasource US_NE --segmentid
"7e3396fc:6e5251" --roadtype ferry
erm resetsegmentupdate
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The erm resetsegmentupdate command returns any overrides to the original state of the data.
You must have the Enterprise Routing Module installed to use this command.
Usage
erm resetsegmentupdate --datasource db_resource --segmentid "segment_id"
--resettype reset_type
Note: To see a list of parameters, type help erm resetsegmentupdate.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
88
Using the Administration Utility
Required Argument
Description
Yes
--datasource db_resource
Specifies the name of the database resource that
has the overrides. For a list of existing routing
database resources, use the ermdb list
command.
Yes
--segment "segment_id"
Indicates the segment where the existing overrides
are located. The segment is specified in the format
specified in the data. For example,
"7e3396fc:6e5251".
Yes
--resettype reset_type
The type of override to remove (undo).
speed
Removes a speed update.
exclude
Removes an exclude update.
roadtype
Removes a road type update.
Example
This example resets an existing road type override for the given segment, from the
US_NE database resources configured on the server.
erm resetpointupdate --datasource US_NE --point
"7e3396fc:6e5251" --resettype roadtype
erm getsegmentupdates
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The erm getsegmentupdates command returns a list of overrides in the routing data for the
specified segment(s). You must have the Enterprise Routing Module installed to use this command.
Note: segmentids is an optional parameter. If no segment ids are specified, then overrides for
all available segments are returned.
Usage
erm getsegmentupdates --datasource db_resource --segmentids "segment_ids"
Note: To see a list of parameters, type help erm getsegmentupdates.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
89
Using the Administration Utility
Required Argument
Description
Yes
--datasource db_resource
Specifies the name of the database resource that
has overrides. For a list of existing routing database
resources, use the ermdb list command.
No
--segmentids "segment_ids"
A comma separated list of segment ids to return
override information. Segments are specified in
the format specified in the data. For example,
"7e3396fc:6e5251".
Example
This example returns the overrides for a segment, from the US_NE database
resources configured on the server.
erm getsegmentupdates --datasource US_NE --segmentids
"7e3396fc:6e5251"
erm createroadtypeupdate
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The erm createroadtypeupdate command overrides the routing data of the specified road
type. This command allows you to set or change the speed of the route for the particular road type.
You must have the Enterprise Routing Module installed to use this command.
Note: The type of persistent update is valid only for the specified data resource and may not be
valid after a data update.
Usage
erm createroadtypeupdate --datasource db_resource --roadtype "road_type"
--velocity velocity_value --velocityunit velocity_unit --velocityadjustment
velocity_adjustment_value --velocitypercentage velocity_percentage_value --roadtype
road_type
Note: To see a list of parameters, type help erm createroadtypeupdate.
Required Argument
Description
Yes
Specifies the name of the database resource to
override the data. For a list of existing routing
database resources, use the ermdb list
command.
--datasource db_resource
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
90
Using the Administration Utility
Required Argument
Description
Yes
Indicates the road type to override. The road type
can be one of the following:
--roadtype "road_type"
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Spectrum™ Technology Platform 11.0
access way
back road
connector
ferry
footpath
limited access dense urban
limited access rural
limited access suburban
limited access urban
local road dense urban
local road rural
local road suburban
local road urban
major local road dense urban
major local road rural
major local road suburban
major local road urban
major road dense urban
major road rural
major road suburban
major road urban
minor local road dense Urban
minor local road rural
minor local road suburban
minor local road urban
normal road dense urban
normal road rural
normal road rural
normal road urban
primary highway dense urban
primary highway rural
primary highway suburban
primary highway urban
ramp dense urban
ramp limited access
ramp major road
ramp primary highway
Spectrum Spatial Administration Guide
91
Using the Administration Utility
Required Argument
Description
•
•
•
•
•
•
•
•
ramp rural
ramp secondary highway
ramp urban
ramp suburban
secondary highway dense urban
secondary highway rural
secondary highway suburban
secondary highway urban
No
--velocity velocity_value
Defines a speed update where you specify the new
speed of the road type by specifying the new
velocity. The default unit is mph(miles per hour)
unless you specify the velocityunit parameter.
No
--velocityunit velocity_unit
Defines a unit of speed for the velocity or
velocityadjustment overrides. The default
value is mph(miles per hour). For speed updates,
the velocity unit can have one of the following
values: kph (kilometers per hour), mps(meters per
second), or mph (miles per hour).
No
--velocityadjustment
velocity_adjustment_value
Defines a speed update where you define a change
in the speed of the road type by specifying the
change in velocity (unit and value). Speed values
can be increased (positive value) or
decreased(negative value). The default unit is
mph(miles per hour) unless you specify the
velocityunit parameter.
No
--velocitypercentage
velocity_percentage_value
Defines a speed update where you define an
increase in the speed of the road type by specifying
a percentage to increase(positive value) or
decrease(negative value) the speed.
Examples
This example overrides the speed of a road type to 25 kph, from the US_NE database
resources configured on the server.
erm createsegmentupdate --datasource US_NE --roadtype "normal
road suburban" --velocity 25 --velocityunit kph
This example increases the speed of the specified road type by 50 kph, from the
US_NE database resources configured on the server.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
92
Using the Administration Utility
erm createsegmentupdate --datasource US_NE --roadtype "normal
road suburban" --velocityadjustment 50 --velocityunit mph
This example overrides the speed of the road type by decreasing the speed by 65
percent, from the US_NE database resources configured on the server.
erm createsegmentupdate --datasource US_NE --roadtype "normal
road suburban" --velocitypercentage -65
erm resetroadtypeupdate
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The erm resetroadtypeupdate command returns any overrides to the original state of the data.
You must have the Enterprise Routing Module installed to use this command.
Usage
erm resetroadtypeupdate --datasource db_resource --roadtype "road_type"
Note: To see a list of parameters, type help erm resetroadtypeupdate.
Required Argument
Description
Yes
--datasource db_resource
Specifies the name of the database resource that
has the overrides. For a list of existing routing
database resources, use the ermdb list
command.
Yes
--roadtype "road_type"
Indicates the road type that has the existing
overrides. For a list of road types, see erm
createroadtypeupdate on page 90.
Example
This example resets the "normal road suburban" road type override, from the US_NE
database resources configured on the server.
erm resetpointupdate --datasource US_NE --roadtype "normal road
suburban"
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
93
Using the Administration Utility
erm getroadtypeupdates
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The erm getroadtypeupdates command returns a list of overrides in the routing data for the
specified road type(s). You must have the Enterprise Routing Module installed to use this command.
Note: roadtypes is an optional parameter. If no road types are specified, then overrides for all
available road types are returned.
Usage
erm getsegmentupdates --datasource db_resource --roadtypes "road_types"
Note: To see a list of parameters, type help erm getsegmentupdates.
Required Argument
Description
Yes
--datasource db_resource
Specifies the name of the database resource that
has overrides. For a list of existing routing database
resources, use the ermdb list command.
No
--roadtypes "road_types"
A comma separated list of road types to return
override information. For a list of road types, see
erm createroadtypeupdate on page 90.
Example
This example returns the overrides for the "normal road urban" road type, from the
US_NE database resources configured on the server.
erm getsegmentupdates --datasource US_NE --roadtypes "normal
road urban"
erm getallupdates
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The erm getallupdates command returns a list of overrides for a specified routing database
resource. You must have the Enterprise Routing Module installed to use this command.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
94
Using the Administration Utility
Usage
erm getsegmentupdates --datasource db_resource --segmentids "segment_ids"
Note: To see a list of parameters, type help erm getallupdates.
Required Argument
Description
Yes
Specifies the name of the database resource that
has the overrides. For a list of existing routing
database resources, use the ermdb list
command.
--datasource db_resource
Example
This example returns all the overrides from the US_NE database resources configured
on the server.
erm getallupdates --datasource US_NE
erm resetallupdates
Note: For instructions on installing and running the Administration Utility, see Getting Started with
the Administration Utility on page 72.
The erm resetallupdates command returns all overrides to the original state of the data. You
must have the Enterprise Routing Module installed to use this command.
Usage
erm resetallupdates --datasource db_resource
Note: To see a list of parameters, type help erm resetallupdates.
Required Argument
Description
Yes
Specifies the name of the database resource that
has the overrides. For a list of existing routing
database resources, use the ermdb list
command.
--datasource db_resource
Example
This example resets all overrides from the US_NE database resources configured
on the server.
erm resetallupdates --datasource US_NE
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
95
8 - Enterprise Routing
Module
In this section
Specifying Default Service/Stage Options
Previewing a Service/Stage
Getting Route Data using Management Console
97
97
99
Enterprise Routing Module
Specifying Default Service/Stage Options
Default options control the default behavior of each service or stage on your system. You can specify
a default value for each option. The default option takes effect when a request does not explicitly
define a value for a given option. These default options are also the settings used by default when
you create a dataflow in Enterprise Designer using this service.
For information about the options, see the Stages and Resources and Data sections in the Spectrum
Spatial Guide that apply to the Enterprise Routing Module.
Note: Persistent Updates are not managed using the Management Console. To make persistent
updates, use the spectrum command line functionality in the Administration Utility.
Note: The Get Route Data service in the Management Console does not set default options, rather
it is an interactive way to return routing data for segments. For more information on Get
Route Data, see Getting Route Data using Management Console on page 99.
1. Open Management Console.
2. Click Services.
3. Click the module you want (Enterprise Routing Module).
4. Click the service you want to configure from the list on the left.
5. Set the options for the service. Most services have various types of options that appear on different
tabs.
6. Click Save.
Previewing a Service/Stage
You can preview the results of a service in Management Console using the service's Preview tab.
Preview can be useful in helping you decide what options to specify because you can immediately
see the effect that different options have on the data returned by the service or stage.
1. Open Management Console.
2. Go to the Services menu and select the service you want to preview.
3. Click the Preview tab.
4. Enter the test data into each field.
Here are some tips for using preview:
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
97
Enterprise Routing Module
• You do not have to enter data in every field. Leaving a field empty results in an empty string
being used for preview.
• If you want to preview the effect of passing a null value in a field, click the Disable icon next to
the field:
• You can preview multiple records at once. To add a record, click the Add button
• You can import test data from a file. To import data, click the Import button
name and the Field separator. Note the following:
.
. Select the File
• The first row in the file must be a header record. The field names in the header must match
the field names required by the service.
• The maximum number of records that can be imported is five.
• If the file uses a space as the field separator, field values must be surrounded by quotes.
Here is an example of a file that uses a space as the field separator:
AddressLine1 AddressLine2 City StateProvince PostalCode
"One Global View" "" "Troy" "NY" "12180"
"3001 Summer St" "" "Stamford" "CT" "06926"
"224 N Michigan Ave" "Suite 300" "Chicago" "IL" ""
• To delete all records, click the Delete button at the top of the preview area:
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
98
Enterprise Routing Module
• To delete an individual record, hover over the input record name (for example, "Input Record
1") and click the Delete button next to the record name:
• If the service takes hierarchical input data:
• To add child records, hover over the parent record and click the Add button.
• To delete all children of a parent, hover over the parent record and click the Delete button.
• To delete individual child records, hover over the child record and click the Delete button.
5. Click Run Preview.
The service processes the input records and displays the results
6. Review your output data, making sure the results are what you intended to get from the service
or stage. If necessary you can make changes to the option and click Run Preview again. (You
do not need to input the data again.)
Getting Route Data using Management Console
Using the Management Console, you can preview and save segment information either from a
closest point or segment ID. The GetRouteData service returns segment information for a point or
segment ID. When a point is specified, the closest route segments are returned. When a segment
ID is specified, the route data for that specified route segment is returned.
To preview and/or save route data:
1. Open Management Console.
2. Go to the Services menu and select Enterprise Routing Module.
3. Select Get Route Data from the services list.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
99
Enterprise Routing Module
4. Select either Point Data or Segment Data from the Input Type field.
5. Select the routing database resource from the Database field.
If you need to add a new routing database resource, see Adding a Routing Database Resource.
6. Enter the required information for the Input Type you selected.
If you selected Point Data, enter the point coordinates and the coordinate system. If you selected
Segment Data, enter the segment ID.
7. Click Preview.
The route segment data is returned in the Output Data section. When there are more than one
segments associated with the input, the multiple segments will be listed with Segment Details 1,
Segment Details 2, etc.
8. Click either the Save button to save the routing data results as a text file, or the Clear button to
remove the results from the Output Data.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
100
9 - Troubleshooting
Your System
In this section
Rebuilding a Corrupt Repository Index
Monitoring Memory Usage of a Non-Responsive Server
102
102
Troubleshooting Your System
Rebuilding a Corrupt Repository Index
Sometimes the repository can become corrupt if the server is shut down abruptly or the Java process
is killed (manually or due to a power outage). As a result, you may be unable to get resources that
were previously searchable, and there will be no errors or warnings in the logs. Once you verify that
permission changes are not the cause, rebuild the index to fix this issue:
1. Shut down the server.
2. Delete the index directory at the following locations:
• <Spectrum>\server\modules\spatial\jackrabbit\workspaces\default
• <Spectrum>\server\modules\spatial\jackrabbit\workspaces\security
• <Spectrum>\server\modules\spatial\jackrabbit\repository
3. Restart the server.
Jackrabbit re-creates the index at the above locations while booting.
After rebuilding the index, the search works correctly again.
Monitoring Memory Usage of a Non-Responsive Server
If your Spectrum server stops responding, you can follow the steps below to monitor its performance
and resource consumption. This monitoring provides information you can use to adjust memory and
threading usage.
1. Check whether a service other than the Mapping Service is working. For example, start the
Feature Service on the demo page:
http://<servername>:<port>/Spatial/FeatureService//DemoPage.html. This determines whether
the whole server is down or just the Mapping Service.
2. Verify you have enough disk space for both Mapping and MapTiling images to be stored by
inspecting the configuration files:
• Mapping:
http://<server>:<port>/RepositoryService/repository/default/Configuration/MappingConfiguration
under "<Directory> C:\Program Files\Pitney
Bowes\Spectrum/server/modules/spatial/images </Directory>"
• MapTiling:
"http://<server>:<port>/RepositoryService/repository/default/Configuration/MapTilingConfiguration"
under "<Property name="diskPath" value="C:/Program Files/Pitney
Bowes/Spectrum/server/modules/spatial/TileCache"/>"
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
102
Troubleshooting Your System
3. Stop the Spectrum server.
4. In a text editor, open the java.vmargs files from <Installed>\Pitney
Bowes\Spectrum\server\modules\spatial\java.vmargs.
5. Change the vmargs default of 2GB (2048MB). For example, to increase the memory of the remote
component to 4GB, change the vmargs from the default of -Xmx2048m to -Xmx4096m. Do not
exceed the maximum memory available to your operating system and leave a suitable space for
the operating system to do its work.
6. Save the java.vmargs file.
7. Start the server wrapper:
a) Open a command prompt as Administrator.
b) Go to <Installed>\Pitney Bowes\Spectrum\server\bin\wrapper directory and
type wrapper.exe -c.
This Spectrum server will start in a few minutes.
8. When the server is started, run the following requests from the demo pages:
a) Open http://<servername>:<port>/Spatial/MappingService/DemoPage.html and run the List
Named Maps request.
b) Open http://<servername>:<port>/Spatial/FeatureService/DemoPage.html and run the List
Table Names request.
9. Go to <Installed>\Pitney Bowes\Spectrum\java64\bin and run jconsole.exe.
10. Under Local Process, select the wrapper process.
11. In Jconsole, add a new session and select the Feature Service process.
12. In Jconsole, add a new session and select the Mapping Service process.
13. Leave Jconsole running to monitor the memory, CPU, threads, and so on for the Spectrum
Platform wrapper for Feature Service and Mapping Service.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
103
Troubleshooting Your System
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
104
10 - Appendix Managing Security with
the User Management
Service
In this section
Introduction
Setting User Permissions
106
108
Appendix - Managing Security with the User Management Service
Introduction
This chapter provides a basic introduction to the User Management Service. It describes what the
User Management Service is and rules for using it.
Note: The User Management Service can still be used to set permissions if desired; however,
permissions are stored in the platform and not the repository. The User Management Service
is set to be deprecated in a future release.
What Is the User Management Service?
The User Management Service provides a simplified interface to manage security for the repository,
focused on how to restrict who can access the resources in the repository. Setting security allows
you to expose or restrict different resources (subsets of your data and resources) to different users
or departments. To enforce this, security has been added to Spectrum™ Technology Platform that
allows you to specify which users get to see what resources.
The Spectrum™ Technology Platform repository security is managed using an internal ACL (Access
Control List). This allows you to specify which users are granted access to resources, as well as
what operations are allowed on given resources. The operations for repository user management
are performed using the User Management SOAP interface.
Service URL Formats
The URL endpoint for the User Management SOAP service has the following general form:
http://&lt;server>:&lt;port>/soap/UserManagementService
The URL for the User Management WSDL has the following general form:
http://&lt;server>:&lt;port>/soap/UserManagementService?wsdl
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
106
Appendix - Managing Security with the User Management Service
The URL for the User Management service Demo page has the following general form:
http://&lt;server>:&lt;port>/Spatial/UserManagementService/DemoPage.html
Creating and Managing Users For Spectrum™ Technology Platform
Creating and managing users is a two step process:
1. Create the user using the Spectrum™ Technology Platform Management Console. This allows
the user to authenticate with the Spectrum™ Technology Platform services.
2. Give the user permissions using the User Management Service SOAP interface. This allows the
user to access resources in the repository.
Note: You do not have to add the admin or guest users to Spectrum™ Technology Platform. These
users have already been created.
Rules Using the User Management Service SOAP Interface
The following rules apply when setting permissions for users using the User Management SOAP
Interface:
1. You must first have created users in the Spectrum™ Technology Platform Management Console
(giving them access to the services).
2. There is a default 'everyone' user group that is applied to resources when you do not specify set
permissions. This user group has READ permissions. So all users have READ permissions on
a resource unless modified using the User Management SOAP Interface.
3. It is preferred that you set permissions on a repository node (folder) rather than a specific resource.
This makes repository management easier to maintain.
4. You need to provide a user read, add, and modify permissions to allow them the ability to add
or modify any resources in the repository, or add or modify any resources using the Named
Resource Service.
5. You do not have to add the admin or guest users. These users have already been created.
The following permissions are required for performing the following actions, either directly using
WebDAV or WebFolder, or using the Resource Management service:
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
107
Appendix - Managing Security with the User Management Service
Action
Read
Access a subfolder
X
Add a subfolder
X
Remove a subfolder
X
Add files to a folder
X
Remove files from a folder
X
Update files in a folder
X
Add
Remove
Modify
All
X
X
X
X
X
Modify permissions of a folder
X
X
X
Security Notes
If service-level security is turned off at the platform level, it causes the execution of service requests
to use the admin user. For the Location Intelligence Module this means that any named resource
that is added to the repository is “owned” by the admin user; therefore, running the
GetPermissionsRequest shows that non-admin users have only "Read" permissions.
Disabling both service-level and role-based security completely opens up the Location Intelligence
Module's services and named resources. Running the GetPermissionsRequest will also show that
non-admin users now have "All" permissions.
Setting User Permissions
This section introduces the User Management SOAP Interface for managing users and permissions
for resources in the repository. This interface allows you to get, set, add, or remove permissions for
a user.
Use the demo page for the User Management Service as a quick tool for managing user permissions.
Simply modify the sample requests to meet your needs. The User Management Service demo page
is located at http://<server>:<port>/Spatial/UserManagementService/DemoPage.html
The User Management Service provides the following operations:
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
108
Appendix - Managing Security with the User Management Service
GetPermissionsRequest
Returns the permissions for a particular user for a specified repository node or resource.
Parameters
The following parameters are used:
Parameter
Example
Description
action
GetPermissionsRequest Specifies the method name to get the permissions for a user.
UserName
user1
Specifies the user to return permissions.
ResourcePath /Samples/NamedTables/WorldTable Specifies the specific repository node (directory) or resource to
return the permissions. The resources specified in resourcePath
are listed from the top level of the repository
http://<server>:<port>/RepositoryService/repository/default/.
Example
The following example returns the permissions on the WorldTable resource for the user user1.
<?xml version="1.0"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:v1="http://www.mapinfo.com/midev/service/usermanagement/v1">
<soapenv:Header/>
<soapenv:Body>
<v1:GetPermissionsRequest>
<v1:UserName>user1</v1:UserName>
<v1:ResourcePath>/Samples/NamedTables/WorldTable</v1:ResourcePath>
</v1:GetPermissionsRequest>
</soapenv:Body>
</soapenv:Envelope>
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
109
Appendix - Managing Security with the User Management Service
SetPermissionsRequest
Defines the permissions for a particular user for a specified repository node or resource. When you
set permissions, the basic read permissions are always kept for the user, however any additional
permissions that were previously set or added are removed. For example if you set the modify
permission for a user who currently had the all permission, that user will now have only read and
modify permissions, and no longer have the all permission.
Parameters
The following parameters are used:
Parameter
Example
Description
action
SetPermissionsRequest Specifies the method name to set permissions for a user.
UserName
user1
Specifies the user to set permissions.
ResourcePath /Samples/NamedTables/ Specifies the specific repository node (directory) or resource to
set the permissions. The resources specified in resourcePath are
listed from the top level of the repository
http://<server>:<port>/RepositoryService/repository/default/.
Permissions add
Recursive
false
Spectrum™ Technology Platform 11.0
Specifies the permissions. There are five valid permission types:
read, all, add, modify, and remove.
Specifies if this operation should be performed recursively on all
child nodes of the given node in the repository. The default for
recursive permission setting is false. If setting permissions on
individual resources in the repository, the Recursive option will
have no effect.
Spectrum Spatial Administration Guide
110
Appendix - Managing Security with the User Management Service
Example
The following example sets the permissions for user1 on the NamedTables node (and all child
nodes) to add and modify. After performing this operation the user1 will have read, add, and modify
permissions on the NamedTables node and all of the child nodes.
<?xml version="1.0"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:v1="http://www.mapinfo.com/midev/service/usermanagement/v1">
<soapenv:Header/>
<soapenv:Body>
<v1:SetPermissionsRequest>
<v1:UserName>user1</v1:UserName>
<v1:ResourcePath>/Samples/NamedTables/</v1:ResourcePath>
<v1:Permissions>
<v1:Permission>add</v1:Permission>
<v1:Permission>modify</v1:Permission>
</v1:Permissions>
<v1:Recursive>true</v1:Recursive>
</v1:SetPermissionsRequest>
</soapenv:Body>
</soapenv:Envelope>
AddPermissionsRequest
Adds new permissions to the users' set of permissions for a specified repository node or resource.
When you add permissions, the existing permissions are always kept for the user, and the new
permissions are appended. For example if you add a modify permission for a user that currently
has read and remove permissions, that user will now have read, remove, and modify permissions.
Parameters
The following parameters are used:
Parameter
Example
action
AddPermissionsRequest Specifies the method name to add permissions for a user.
UserName
user1
Spectrum™ Technology Platform 11.0
Description
Specifies the user to add permissions.
Spectrum Spatial Administration Guide
111
Appendix - Managing Security with the User Management Service
Parameter
Example
Description
ResourcePath /Samples/NamedTables/ Specifies the specific repository node (directory) or resource to
add the permissions. The resources specified in resourcePath
are listed from the top level of the repository
http://<server>:<port>/RepositoryService/repository/default/.
Permissions add
Recursive
false
Specifies the permissions. There are five valid permission types:
read, all, add, modify, and remove.
Specifies if this operation should be performed recursively on all
child nodes of the given node in the repository. The default for
recursive permission setting is false. If setting permissions on
individual resources in the repository, the Recursive option will
have no effect.
Example
The following example adds the modify permission for user1 on the NamedTables node in the
repository.
<?xml version="1.0"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:v1="http://www.mapinfo.com/midev/service/usermanagement/v1">
<soapenv:Header/>
<soapenv:Body>
<v1:AddPermissionsRequest>
<v1:UserName>user1</v1:UserName>
<v1:ResourcePath>/Samples/NamedTables/</v1:ResourcePath>
<v1:Permissions>
<v1:Permission>modify</v1:Permission>
</v1:Permissions>
<v1:Recursive>false</v1:Recursive>
</v1:AddPermissionsRequest>
</soapenv:Body>
</soapenv:Envelope>
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
112
Appendix - Managing Security with the User Management Service
RemovePermissionsRequest
Removes permissions from the users' set of permissions for a specified repository node or resource.
When you remove permissions, the specified permissions are removed from the existing set of
permissions. This is the easiest way to restrict a user from accessing a particular resource. By
removing the read permission for a user for a particular repository node or resource, they cannot
be accessed by that user.
Parameters
The following parameters are used:
Parameter
Example
Description
action
RemovePermissionsRequest Specifies the method name to remove permissions for a user.
UserName
user1
Specifies the user to remove permissions.
ResourcePath /Samples/NamedTables/WorldTable Specifies the specific repository node (directory) or resource to
remove the permissions. The resources specified in resourcePath
are listed from the top level of the repository
http://<server>:<port>/RepositoryService/repository/default/.
Permissions read
Specifies the permissions. By removing the read permission, a
user would no longer have access to a resource. There are five
valid permission types: read, all, add, modify, and
remove.
Recursive
false
Spectrum™ Technology Platform 11.0
Specifies if this operation should be performed recursively on all
child nodes of the given node in the repository. The default for
recursive permission setting is false. If setting permissions on
individual resources in the repository, the Recursive option will
have no effect.
Spectrum Spatial Administration Guide
113
Appendix - Managing Security with the User Management Service
Example
The following example removes the read permission for user1 on the WorldTable resource.
<?xml version="1.0"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:v1="http://www.mapinfo.com/midev/service/usermanagement/v1">
<soapenv:Header/>
<soapenv:Body>
<v1:RemovePermissionsRequest>
<v1:UserName>user1</v1:UserName>
<v1:ResourcePath>/Samples/NamedTables/WorldTable</v1:ResourcePath>
<v1:Permissions>
<v1:Permission>read</v1:Permission>
</v1:Permissions>
<v1:Recursive>false</v1:Recursive>
</v1:RemovePermissionsRequest>
</soapenv:Body>
</soapenv:Envelope>
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
114
Notices
Copyright
© 2016 Pitney Bowes Software Inc. All rights reserved. MapInfo and Group 1 Software are trademarks
of Pitney Bowes Software Inc. All other marks and trademarks are property of their respective
holders.
USPS® Notices
Pitney Bowes Inc. holds a non-exclusive license to publish and sell ZIP + 4® databases on optical
and magnetic media. The following trademarks are owned by the United States Postal Service:
Link
CASS, CASS Certified, DPV, eLOT, FASTforward, First-Class Mail, Intelligent Mail, LACS ,
Link
Link
NCOA , PAVE, PLANET Code, Postal Service, POSTNET, Post Office, RDI, Suite
, United
States Postal Service, Standard Mail, United States Post Office, USPS, ZIP Code, and ZIP + 4.
This list is not exhaustive of the trademarks belonging to the Postal Service.
Link®
Pitney Bowes Inc. is a non-exclusive licensee of USPS® for NCOA
processing.
Prices for Pitney Bowes Software's products, options, and services are not established, controlled,
or approved by USPS® or United States Government. When utilizing RDI™ data to determine
parcel-shipping costs, the business decision on which parcel delivery company to use is not made
by the USPS® or United States Government.
Data Provider and Related Notices
Data Products contained on this media and used within Pitney Bowes Software applications are
protected by various trademarks and by one or more of the following copyrights:
©
Copyright United States Postal Service. All rights reserved.
©
2014 TomTom. All rights reserved. TomTom and the TomTom logo are registered trademarks of
TomTom N.V.
©
2016 HERE
Fuente: INEGI (Instituto Nacional de Estadística y Geografía)
Based upon electronic data © National Land Survey Sweden.
©
Copyright United States Census Bureau
©
Copyright Nova Marketing Group, Inc.
Portions of this program are © Copyright 1993-2007 by Nova Marketing Group Inc. All Rights
Reserved
©
Copyright Second Decimal, LLC
©
Copyright Canada Post Corporation
This CD-ROM contains data from a compilation in which Canada Post Corporation is the copyright
owner.
©
2007 Claritas, Inc.
The Geocode Address World data set contains data licensed from the GeoNames Project
(www.geonames.org) provided under the Creative Commons Attribution License ("Attribution
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
116
Copyright
License") located at http://creativecommons.org/licenses/by/3.0/legalcode. Your use of the
GeoNames data (described in the Spectrum™ Technology Platform User Manual) is governed by
the terms of the Attribution License, and any conflict between your agreement with Pitney Bowes
Software, Inc. and the Attribution License will be resolved in favor of the Attribution License solely
as it relates to your use of the GeoNames data.
ICU Notices
Copyright © 1995-2011 International Business Machines Corporation and others.
All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
associated documentation files (the "Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish, distribute, and/or sell copies of the
Software, and to permit persons to whom the Software is furnished to do so, provided that the above
copyright notice(s) and this permission notice appear in all copies of the Software and that both the
above copyright notice(s) and this permission notice appear in supporting documentation.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE
BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES,
OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE.
Except as contained in this notice, the name of a copyright holder shall not be used in advertising
or otherwise to promote the sale, use or other dealings in this Software without prior written
authorization of the copyright holder.
Spectrum™ Technology Platform 11.0
Spectrum Spatial Administration Guide
117
3001 Summer Street
Stamford CT 06926-0700
USA
www.pitneybowes.com
©2016 Pitney Bowes
All Rights Reserved
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising