Available environment: A stand-alone server environment that is not federated with a portal.Enprise Environment Access Security Services see two other articles
https://blog.csdn.net/qq_40376439/article/details/104227280
https://blog.csdn.net/qq_40376439/article/details/104217511
Scenario for use: When we publish an arcgis server service that is public or posted on an external network, it makes it accessible to everyone. If we only want to be open to some people and use it for a limited time, we don't want others to access our service.This requires setting permissions on the service to validate requests for the service so that it cannot be accessed by everyone, setting the service private, creating users and assigning roles to users, and generating token s, which is equivalent to validating first, validating successfully, and then responding to service requests.
The previous article described accessing server security services in ArcGIS api for javascript 3.x through a dynamic stitching of''url?token=''.
This article describes how to use IdentityManager to register token s in ArcGIS api for javascript 3.x and 4.x to access secured server services.
Next article describes dynamic token access to server security services through proxy
Specific steps:
1. First, let's create a new user and role for the server
2. Set permissions for services. The permissions of arcgis server are to give roles access to resources. We can set permissions for servers or for folders where services are located.If permissions are set on folders, services in folders automatically inherit permissions; if security permissions are set on services in folders, permissions inherited from folders are overwritten.
Go to the server manager page, select the service you want to hide (or the folder in which the service is located) and set its permissions to private, giving the newly created role access.
2) There are also two ways to access the security services of a stand-alone server by registering token with IdentityManager in ArcGIS api for javascript, which will be described in turn in this article:
Method 1:
1. Use the account you just created to generate a token.
token can be accessed from https://gisserver.domain.com:6443/arcgis/tokens
Or an address in the format https://gisserver.domain.com:6443/arcgis/admin/generateToken, as described in detail in Generating Token
https://developers.arcgis.com/rest/services-reference/generate-token.htm
The parameters for generating token s are not explained in the previous article.
Send a post request through ajax to get token:
$.ajax({ type: "POST", url: "http://192.168.16.105:6080/arcgis/tokens/generateToken", data: { username: "test1", password:"54342", client: "requestip", expiration: '60', f: "json" }, dataType: "json", success:function(res){ console.log(res.token); } });
Be careful:
Server10.3.1 and later, which only allows ArcGIS tokens to be acquired through http post requests, does not use HTTP get to acquire tokens by default, server10.3.1 will start to error if token is acquired by this get request such as http://xxx/arcgis/tokens/generateToken? Password=***&f=html&username=***&client=***&referer=&ip=***, you canLog in to the server background and set up to enable http get-based requests, see https://enterprise.arcgis.com/zh-cn/server/latest/administer/windows/enable-token-acquisition-through-an-http-get-request.htm However, it is not recommended to enable get requests, because get requests may leave user names and passwords in the browser's history, making post safer.In server10.2.2 and earlier versions, token acquisition based on http get requests was enabled by default.
2. In ArcGIS api for javascript, the management of authentication information is maintained in the IdentityManager interface, namely "esri/identity/IdentityManager".
api 4.x https://developers.arcgis.com/javascript/latest/api-reference/esri-identity-IdentityManager.html,
api 3.x https://developers.arcgis.com/javascript/3/jsapi/identitymanager-amd.html
Use the IdentityManager.registerToken(properties) method to register access tokens. https://developers.arcgis.com/javascript/latest/api-reference/esri-identity-IdentityManager.html#registerToken
IdentityManager.registerToken({ server: "https://192.168.16.105:6443/arcgis/rest/services", token: response.token });
Full sample code:
arcgis api for javascript 4 series: (Code for arcgis api for javascript 3 series and 4 series are basically the same and are not listed here)
<!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <title>test</title> <style> html, body, #viewDiv { padding: 0; margin: 0; height: 100%; width: 100%; } </style> <link rel="stylesheet" href="https://js.arcgis.com/4.14/esri/css/main.css"/> <script src="https://js.arcgis.com/4.14/init.js"></script> <script src="http://code.jquery.com/jquery-1.11.1.min.js"></script> <script> require([ "esri/Map", "esri/views/MapView", "esri/layers/MapImageLayer", "esri/identity/IdentityManager", "dojo/domReady!" ], function( Map, MapView, MapImageLayer, IdentityManager ) { var map = new Map({ basemap: "osm" }); var view = new MapView({ container: "viewDiv", map: map, zoom: 13, center: [116.38, 39.9] }); //Generate token start var username = "test1"; var password = "54342"; var tokenvalue = $.ajax({ type: "POST", url: "https://192.168.16.105:6443/arcgis/tokens/generateToken", data: { username: username, password: password, client: "requestip", expiration: '60', f: "json" }, dataType: "json" }); if (tokenvalue) { tokenvalue .success(function (response){ if (response.token) { //Successfully generated token IdentityManager.registerToken({ server: "https://192.168.16.105:6443/arcgis/rest/services", token: response.token }); console.log(response.token); var layerUrl = "https://192.168.16.105:6443/arcgis/rest/services/test/testpoint/MapServer"; var layer = new MapImageLayer({ url: layerUrl }); map.add(layer); } }).error(function(err) { console.log("operation failed err:" + err); }); } }); </script> </head> <body> <div id="viewDiv"></div> </body> </html>
Method 2:
Alternatively, token s can be generated directly using the IdentityManager.generateToken(serverInfo, userInfo, options) method, where the ServerInfo class is required, as described in the ServerInfo class https://developers.arcgis.com/javascript/latest/api-reference/esri-identity-ServerInfo.html , and then register the access token using the IdentityManager.registerToken(properties) method.The complete code below is provided for your reference directly (this time, the arcgis api for javascript 3 series of sample code is given, the 4 series of code and the 3 series of code are basically the same and are not listed here).
<!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <title>test</title> <style> html, body, #map { padding: 0; margin: 0; height: 100%; width: 100%; } </style> <link rel="stylesheet" href="https://js.arcgis.com/3.31/esri/css/esri.css"> <script src="jquery-1.11.1.min.js"></script> <script src="https://js.arcgis.com/3.31/"></script> <script> require(["esri/config", "esri/map", "esri/layers/ArcGISDynamicMapServiceLayer", "esri/ServerInfo","esri/IdentityManager", "dojo/domReady!" ], function(esriConfig, Map, ArcGISDynamicMapServiceLayer,ServerInfo,IdentityManager ) { esriConfig.defaults.io.corsEnabledServers.push("https://192.168.16.105:6443"); var map = new Map("map"); //Generate token start var serverInfo = new ServerInfo(); serverInfo.server = "https://192.168.16.105:6443/arcgis/rest/services/"; serverInfo.tokenServiceUrl = "https://192.168.16.105:6443/arcgis/tokens/generateToken"; var userInfo = {username:"test1",password:"WL3696569"}; IdentityManager.generateToken(serverInfo,userInfo).then(function(data){ var tokenValue = data.token; IdentityManager.registerToken({ server:"https://192.168.16.105:6443/arcgis/rest/services/", token:tokenValue }); var layerUrl = "https://192.168.16.105:6443/arcgis/rest/services/test/testpoint/MapServer"; var layer = new ArcGISDynamicMapServiceLayer(layerUrl); map.addLayer(layer); },function(error){ console.error(error); }); }); </script> </head> <body> <div id="map"></div> </body> </html>
At this point, the login box no longer pops up when we call the security service in the server.
