给定数据库名称oltt206或DB01我希望从下面的 xml 中提取其各自的username,password和:connection string
wladmin@myremhost:/tmp$ cat /web/bea_apps/uat/Tomcat_Home_v9.0.56/TomcatNode01/conf/server.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8048" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!-- APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
<Resource auth="Container"
driverClassName="oracle.jdbc.OracleDriver"
global="dsspeedCanweb"
name="dsspeedCanweb"
password="O9jYL3yhwMF_Ep8P"
username="VEL_CAN_WEB_USER"
url="jdbc:oracle:thin:@host36db06v.mybank.com:1521:DB01"
type="javax.sql.DataSource"
factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
initialSize="15" maxTotal="150" maxActive="100" maxWaitMillis="10000" minIdle="15"
accessToUnderlyingConnectionAllowed="true"
minEvictableIdleTimeMillis="90000"
logAbandoned="true" removeAbandoned="true" removeAbandonedTimeout="7200"
removeAbandonedOnBorrow="true" removeAbandonedOnMaintenance="true"
jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer;SlowQueryReport(threshold=600000,logFailed=true)"
testWhileIdle="true"
validationQuery="select 1 from dual"
validationInterval="30000"
testOnBorrow="true" />
<Resource auth="Container"
driverClassName="oracle.jdbc.OracleDriver"
global="canwebds"
name="canwebds"
password="bbgwfxt2Os_2024"
username="CANADA_WEB_USER"
url="jdbc:oracle:thin:@host36DB06V.mybank.com:1521/oltt206"
type="javax.sql.DataSource"
factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
initialSize="15" maxTotal="150" maxActive="100" maxWaitMillis="10000" minIdle="15"
accessToUnderlyingConnectionAllowed="true"
minEvictableIdleTimeMillis="90000"
logAbandoned="true" removeAbandoned="true" removeAbandonedTimeout="7200"
removeAbandonedOnBorrow="true" removeAbandonedOnMaintenance="true"
jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer;SlowQueryReport(threshold=600000,logFailed=true)"
testOnBorrow="true" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="12408" address="uswl1212mrshm01.host35as28v.mybank.com" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="12409" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
library and the useOpenSSL attribute of the AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL style
configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
certificateFile="conf/localhost-rsa-cert.pem"
certificateChainFile="conf/localhost-rsa-chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="12404" address="uswl1212mrshm01.host35as28v.mybank.com" protocol="AJP/1.3" redirectPort="12409" requiredSecret="QmtmM3hWcEVzUW5VTDNLdQo=" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost" jvmRoute="worker8">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className='org.apache.catalina.valves.ErrorReportValve'
showServerInfo='false' />
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
我在solaris上尝试了以下命令但失败了:
错误输出:
wladmin@remhost:$ sed -n '/<Resource/{:a; N; /DB01/!ba; s/.*password="\([^"]*\)".*/\1/p}' /web/bea_apps/perf/Tomcat_Home_v9.0.56/TomcatNode01/conf/server.xml
Label too long: /<Resource/{:a; N; /DB01/!ba; s/.*password="\([^"]*\)".*/\1/p}
期望的结果:
O9jYL3yhwMF_Ep8P
VEL_CAN_WEB_USER
host36db06v.mybank.com:1521:DB01
我最终会将解决方案交给ansible。
请协助。
答案1
这里是密码的代码。
调整它以获得其余的:
xmllint --xpath 'string(//Resource[@auth="Container" and contains(@url, ":DB01")]/@password)' file.xml
输出
O9jYL3yhwMF_Ep8P
表达式为xpath。
答案2
要回答主题中的问题,请在您的:
/<Resource/{:a; N; /DB01/!ba; s/.*password="\([^"]*\)".*/\1/p}
sed脚本,使用传统的sed实现(源自 70 年代原始实现的实现,例如 Solaris),:a; N; /DB01/!ba; s/.*password="\([^"]*\)".*/\1/p}正在定义(试图定义)一个名为 的分支标签a; N; /DB01/!ba; s/.*password="\([^"]*\)".*/\1/p},即;不将:命令与N命令分开,它是命令的一部分。标签名称。b,命令也是如此t。
它甚至曾经是 POSIX 所要求的,并且只是放宽了(在我的请求) 在2016年版标准。
:因此,在, b,之后的同一行上不能有任何其他命令t。
GNUsed不允许;在标签名称中使用,但仍然允许;在 , 后面使用文件名w,r这s///w仍然是 POSIX 所要求的。例如,w file;d写入名为file;d.所以那些 (and#和}) 后面也不能跟任何东西。
脚本中不兼容/不便携的另一件事是您没有在前面添加}换行符;。
所以你需要:
sed -n '
/<Resource/{
:a; N; /DB01/!ba
s/.*password="\([^"]*\)".*/\1/p
}'
或者,如果您需要一行:
sed -n -e '/<Resource/{:a' -e 'N;/DB01/!ba' -e 's/.*password="\([^"]*\)".*/\1/p;}'
答案3
使用xq(部分安德烈·基斯柳克的yq分布;一组构建在 JSON 解析器之上的解析器jq)并传递一个字符串,该字符串将用于匹配相关Resource部分中的正确 URL:
query_string=DB01
xq -r --arg query "$query_string" '
.Server.GlobalNamingResources.Resource |
map(select(."@auth" == "Container" and (."@url" // empty | endswith($query)))."@password")[]' file.xml
正如您所看到的,该表达式的核心(根据和属性选择jq相关条目)的读法与以下解决方案类似:Resourceauthurl吉尔斯的回答。这里的区别在于,该jq工具(xq包装)允许使用--arg.这意味着我们可以参数化命令,而无需将 shell 数据注入表达式中。
我还选择使用 测试 URL endswith(),因此用户提供的字符串必须与结尾的网址。
运行上述命令将返回字符串O9jYL3yhwMF_Ep8P。
使用Mike Farah 的yq解析器为了解析 XML,我们可以做类似的事情:
query=$query_string yq '
.Server.GlobalNamingResources.Resource |
map(select(."+@auth" == "Container" and ."+@url" == "*" + env(query))."+@password") | .[]' file.xml
这里的区别在于,我们yq通过环境变量传递用户提供的值query,并在表达式中进行模式匹配(这意味着我们希望给定的字符串不是图案)。另请注意,Mikeyq使用的 XML 属性格式略有不同(带有前缀+)。