From 86515d118a6eb99306dbfe30dc40335c19dbb498 Mon Sep 17 00:00:00 2001
From: Juan Carlos Luciani <jluciani@novell.com>
Date: Wed, 18 Oct 2006 23:26:16 +0000
Subject: [PATCH] Created the ATS daemon and made necessary RPM install changes
 to allow for its deployment.

---
 CASA-auth-token/java/configure.in             |   6 +
 .../package/linux/CASA_auth_token_svc.changes |   9 +
 .../package/linux/CASA_auth_token_svc.spec.in | 169 ++-
 CASA-auth-token/java/server/Jaas/Makefile.am  |   3 +-
 CASA-auth-token/java/server/Jaas/README       |  22 +-
 .../java/server/Jaas/linux/Makefile.am        |  38 +
 .../Jaas/linux/client_keystore_setup.sh       |  51 +
 .../java/server/Jaas/linux/crypto.properties  |   6 +
 .../java/server/Jaas/make_and_run_test.sh     |  17 -
 CASA-auth-token/java/server/Jaas/make_test.sh |   2 +-
 CASA-auth-token/java/server/Jaas/run_test.sh  |   4 +-
 CASA-auth-token/java/server/Svc/Makefile.am   |   8 +-
 CASA-auth-token/java/server/Svc/README        |  14 +-
 .../java/server/Svc/crypto.properties         |   6 -
 .../java/server/Svc/linux/CasaAuthtokenSvcD   | 174 ++++
 .../java/server/Svc/linux/Makefile.am         |  40 +
 .../java/server/Svc/linux/crypto.properties   |   6 +
 CASA-auth-token/java/server/Svc/linux/envvars |  14 +
 .../server/Svc/linux/server_keystore_setup.sh |  65 ++
 .../com/novell/casa/authtoksvc/SvcConfig.java |  28 +-
 .../novell/casa/authtoksvc/WSSecurity.java    |   4 +-
 CASA-auth-token/java/server/Svc/svc.settings  |   2 +-
 .../java/server/Svc/tomcat5/Makefile.am       |  37 +
 .../Svc/tomcat5/conf/Catalina/Makefile.am     |  37 +
 .../conf/Catalina/localhost/Makefile.am       |  39 +
 .../tomcat5/conf/Catalina/localhost/admin.xml |  30 +
 .../conf/Catalina/localhost/balancer.xml      |  14 +
 .../conf/Catalina/localhost/manager.xml       |  17 +
 .../java/server/Svc/tomcat5/conf/Makefile.am  |  43 +
 .../server/Svc/tomcat5/conf/catalina.policy   | 162 +++
 .../Svc/tomcat5/conf/catalina.properties      |  57 ++
 .../server/Svc/tomcat5/conf/jk2.properties    |  26 +
 .../Svc/tomcat5/conf/server-minimal.xml       |  35 +
 .../java/server/Svc/tomcat5/conf/server.xml   | 383 +++++++
 .../server/Svc/tomcat5/conf/tomcat-users.xml  |   3 +
 .../java/server/Svc/tomcat5/conf/web.xml      | 964 ++++++++++++++++++
 36 files changed, 2446 insertions(+), 89 deletions(-)
 create mode 100644 CASA-auth-token/java/server/Jaas/linux/Makefile.am
 create mode 100755 CASA-auth-token/java/server/Jaas/linux/client_keystore_setup.sh
 create mode 100644 CASA-auth-token/java/server/Jaas/linux/crypto.properties
 delete mode 100755 CASA-auth-token/java/server/Jaas/make_and_run_test.sh
 delete mode 100644 CASA-auth-token/java/server/Svc/crypto.properties
 create mode 100644 CASA-auth-token/java/server/Svc/linux/CasaAuthtokenSvcD
 create mode 100644 CASA-auth-token/java/server/Svc/linux/Makefile.am
 create mode 100644 CASA-auth-token/java/server/Svc/linux/crypto.properties
 create mode 100644 CASA-auth-token/java/server/Svc/linux/envvars
 create mode 100755 CASA-auth-token/java/server/Svc/linux/server_keystore_setup.sh
 create mode 100644 CASA-auth-token/java/server/Svc/tomcat5/Makefile.am
 create mode 100644 CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/Makefile.am
 create mode 100644 CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/Makefile.am
 create mode 100644 CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/admin.xml
 create mode 100644 CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/balancer.xml
 create mode 100644 CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/manager.xml
 create mode 100644 CASA-auth-token/java/server/Svc/tomcat5/conf/Makefile.am
 create mode 100644 CASA-auth-token/java/server/Svc/tomcat5/conf/catalina.policy
 create mode 100644 CASA-auth-token/java/server/Svc/tomcat5/conf/catalina.properties
 create mode 100644 CASA-auth-token/java/server/Svc/tomcat5/conf/jk2.properties
 create mode 100644 CASA-auth-token/java/server/Svc/tomcat5/conf/server-minimal.xml
 create mode 100644 CASA-auth-token/java/server/Svc/tomcat5/conf/server.xml
 create mode 100644 CASA-auth-token/java/server/Svc/tomcat5/conf/tomcat-users.xml
 create mode 100644 CASA-auth-token/java/server/Svc/tomcat5/conf/web.xml

diff --git a/CASA-auth-token/java/configure.in b/CASA-auth-token/java/configure.in
index 0974e23a..53a1c85e 100644
--- a/CASA-auth-token/java/configure.in
+++ b/CASA-auth-token/java/configure.in
@@ -273,6 +273,11 @@ server/Svc/src/com/Makefile
 server/Svc/src/com/novell/Makefile
 server/Svc/src/com/novell/casa/Makefile
 server/Svc/src/com/novell/casa/authtoksvc/Makefile
+server/Svc/tomcat5/Makefile
+server/Svc/tomcat5/conf/Makefile
+server/Svc/tomcat5/conf/Catalina/Makefile
+server/Svc/tomcat5/conf/Catalina/localhost/Makefile
+server/Svc/linux/Makefile
 server/Jaas/Makefile
 server/Jaas/src/Makefile
 server/Jaas/src/com/Makefile
@@ -280,5 +285,6 @@ server/Jaas/src/com/novell/Makefile
 server/Jaas/src/com/novell/casa/Makefile
 server/Jaas/src/com/novell/casa/jaas/Makefile
 server/Jaas/src/com/novell/casa/jaas/sample/Makefile
+server/Jaas/linux/Makefile
 ])
 
diff --git a/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes b/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes
index 9814e631..ad9bf548 100644
--- a/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes
+++ b/CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Wed Oct 18 17:22:01 MDT 2006 - jluciani@novell.com
+
+- Updated the RPM install of the ATS to install it as a service
+  and create the necessary signing keys.
+
+- Made changes to other components to integrate with the new
+  RPM install changes. 
+
 -------------------------------------------------------------------
 Tue Oct 10 08:45:22 MDT 2006 - jluciani@novell.com
 
diff --git a/CASA-auth-token/java/package/linux/CASA_auth_token_svc.spec.in b/CASA-auth-token/java/package/linux/CASA_auth_token_svc.spec.in
index 7c3d31b3..ab624920 100644
--- a/CASA-auth-token/java/package/linux/CASA_auth_token_svc.spec.in
+++ b/CASA-auth-token/java/package/linux/CASA_auth_token_svc.spec.in
@@ -17,7 +17,7 @@
 
 Name:          @PACKAGE@ 
 URL:           http://www.novell.com/products
-BuildRequires: libstdc++ gcc-c++ glib2-devel libstdc++-devel pkgconfig java-1_5_0-ibm java-1_5_0-ibm-devel java-1_5_0-ibm-alsa update-alternatives mono-devel servletapi5 identity-abstraction
+BuildRequires: libstdc++ gcc-c++ glib2-devel libstdc++-devel pkgconfig java-1_5_0-ibm java-1_5_0-ibm-devel java-1_5_0-ibm-alsa update-alternatives mono-devel servletapi5 identity-abstraction sysvinit insserv
 %define prefix /usr
 License:       LGPL
 Group:         Applications/System
@@ -28,8 +28,10 @@ Release:       0
 Summary:       Novell Common Authentication Services Adapter Authentication Token Infrastructure "Java" (CASA_auth_token)
 Source:        %{name}-%{version}.tar.bz2
 BuildRoot:     %{_tmppath}/%{name}-%{version}-build
-Requires:      java-1_5_0-ibm servletapi5 tomcat5
+Requires:      java-1_5_0-ibm servletapi5 tomcat5 sysvinit insserv
 PreReq:        %fillup_prereq %insserv_prereq
+PreReq:        /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd
+PreReq:        /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent
 BuildArchitectures: noarch
 
 %description
@@ -97,24 +99,64 @@ install -d %{buildroot}%{prefix}/share
 install -d %{buildroot}%{prefix}/share/java
 install -d %{buildroot}%{prefix}/share/java/CASA
 install -d %{buildroot}%{prefix}/share/java/CASA/authtoken
+install -d %{buildroot}%{prefix}/share/java/CASA/authtoken/bin
+install -d %{buildroot}/srv
+install -d %{buildroot}/srv/www
+install -d %{buildroot}/srv/www/casaats
+install -d -m 700 %{buildroot}/srv/www/casaats
+install -d -m 700 %{buildroot}/srv/www/casaats/conf
+install -d -m 700 %{buildroot}/srv/www/casaats/conf/Catalina
+install -d -m 700 %{buildroot}/srv/www/casaats/conf/Catalina/localhost
+install -d -m 700 %{buildroot}/srv/www/casaats/shared
+install -d -m 700 %{buildroot}/srv/www/casaats/shared/classes
+install -d -m 700 %{buildroot}/srv/www/casaats/shared/libs
+install -d -m 700 %{buildroot}/srv/www/casaats/webapps
+install -d -m 700 %{buildroot}/srv/www/casaats/logs
+install -d -m 700 %{buildroot}/srv/www/casaats/work
+install -d -m 700 %{buildroot}/srv/www/casaats/temp
 install -d %{buildroot}%{prefix}/share/java/CASA/authtoken/external
 install -d %{buildroot}/etc
+install -d %{buildroot}/etc/init.d
 install -d -m 755 %{buildroot}/var/lib/CASA
 install -d -m 755 %{buildroot}/var/lib/CASA/authtoken
-install -d -m 755 %{buildroot}/var/lib/CASA/authtoken/svc
+install -d -m 700 %{buildroot}/var/lib/CASA/authtoken/svc
 install -d -m 755 %{buildroot}/etc/CASA
-install -d -m 755 %{buildroot}/etc/CASA/authtoken.d
-install -d -m 755 %{buildroot}/etc/CASA/authtoken.d
-install -d -m 755 %{buildroot}/etc/CASA/authtoken.d/svc.d
-install -d -m 755 %{buildroot}/etc/CASA/authtoken.d/java-keys
+install -d -m 755 %{buildroot}/etc/CASA/authtoken
+install -d -m 755 %{buildroot}/etc/CASA/authtoken
+install -d -m 700 %{buildroot}/etc/CASA/authtoken/svc
+install -d -m 700 %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms
+install -d -m 700 %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate
+install -d -m 700 %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/PwdAuthenticate
+install -d -m 700 %{buildroot}/etc/CASA/authtoken/svc/enabled_services
+install -d -m 700 %{buildroot}/etc/CASA/authtoken/svc/enabled_services/localhost
+install -d -m 755 %{buildroot}/etc/CASA/authtoken/keys
+install -d -m 700 %{buildroot}/etc/CASA/authtoken/keys/server
+install -d -m 755 %{buildroot}/etc/CASA/authtoken/keys/client
 
 ## CASA_auth_token_svc ##
 # Libs
 install -m 755 %{_lib}/java/CasaAuthTokenSvc.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc-%{bldno}.war
+install -m 700 %{_lib}/java/CasaAuthTokenSvc.war %{buildroot}/srv/www/casaats/webapps/CasaAuthTokenSvc.war
 
-# Lib Symbolic Links
-ln -sf CasaAuthTokenSvc-%{bldno}.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
-ln -sf CasaAuthTokenSvc-%{bldno}.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war.1
+# Settings and configuration files
+install -m 600 server/Svc/svc.settings %{buildroot}/etc/CASA/authtoken/svc/svc.settings
+install -m 600 server/Svc/authtoken.settings %{buildroot}/etc/CASA/authtoken/svc/authtoken.settings
+install -m 600 server/Svc/identoken.settings %{buildroot}/etc/CASA/authtoken/svc/identoken.settings
+install -m 600 server/Svc/src/com/novell/casa/authtoksvc/Krb5_mechanism.settings %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings
+install -m 600 server/Svc/src/com/novell/casa/authtoksvc/Pwd_mechanism.settings %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/PwdAuthenticate/mechanism.settings
+
+# Others
+install -m 700 server/Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
+install -m 755 server/Svc/linux/CasaAuthtokenSvcD %{buildroot}/etc/init.d/casa_atsd
+install -m 700 server/Svc/linux/envvars %{buildroot}/etc/CASA/authtoken/svc/envvars
+
+# Tomcat Base files
+install -m 600 server/Svc/tomcat5/conf/catalina.policy %{buildroot}/srv/www/casaats/conf/catalina.policy
+install -m 600 server/Svc/tomcat5/conf/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
+install -m 600 server/Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
+install -m 600 server/Svc/tomcat5/conf/server.xml %{buildroot}/srv/www/casaats/conf/server.xml
+install -m 600 server/Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
+install -m 600 server/Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
 
 ## CASA_auth_token_jaas_support ##
 # Libs
@@ -135,14 +177,11 @@ install -m 755 server/Svc/external/xalan.jar %{buildroot}%{prefix}/share/java/CA
 install -m 755 server/Svc/external/xercesImpl.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xercesImpl.jar
 install -m 755 server/Svc/external/xml-apis.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xml-apis.jar
 install -m 755 server/Svc/external/xmlsec-1.2.1.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xmlsec-1.2.1.jar
-install -m 644 server/Svc/crypto.properties %{buildroot}/etc/CASA/authtoken.d/crypto.properties
-install -m 644 server/Svc/jaas.conf %{buildroot}/etc/CASA/authtoken.d/svc.d/jaas.conf
+install -m 644 server/Jaas/linux/crypto.properties %{buildroot}/etc/CASA/authtoken/keys/client/crypto.properties
+
+# Others
+install -m 700 server/Jaas/linux/client_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/client_keystore_setup.sh
 
-# Lib Symbolic Links
-ln -sf CasaJaasSupport-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar
-ln -sf CasaJaasSupport-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar.1
-ln -sf CasaAuthToken-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar
-ln -sf CasaAuthToken-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar.1
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -150,31 +189,90 @@ rm -rf $RPM_BUILD_ROOT
 
 ## CASA_auth_token_svc ##
 %pre
-# Nothing to do in this pre script
+
+# Do necessary user and group administration
+group_present=`getent group | grep ^casaauth`
+if [ -z "$group_present" ] ; then
+        /usr/sbin/groupadd -r casaauth
+fi
+
+user_present=`getent passwd | grep ^casaatsd`
+if [ -z "$user_present" ] ; then
+        /usr/sbin/useradd -c "casaatsd System User" -s /bin/false -r -d /var/lib/CASA/authtoken/validate -g casaauth casaatsd 2> /dev/null || :
+fi
+
 
 %post
-/sbin/ldconfig
+# Install casa_atsd init script, set it to start by default.
+%{fillup_and_insserv casa_atsd}
+
+# Setup the keystore for the service
+%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
 
 %preun
-# Nothing to do in this preun script
+%stop_on_removal casa_atsd
 
 %postun
-# Nothing to do in this postun script
+#Undeploy our webapp
+rm -drf %{prefix}/share/java/CASA/authtoken/svc/webapps/CasaAuthTokenSvc
+
+%restart_on_update casa_atsd 
+%insserv_cleanup
+# Do not do anything else if this is an upgrade
+if test "$1" == 1; then
+        exit 0
+fi
+
+# Delete the casaatsd user
+userdel casaatsd
+
 
 %files
 %defattr(-,root,root)
 %dir %{prefix}/share/java/CASA
 %dir %{prefix}/share/java/CASA/authtoken
+%dir %{prefix}/share/java/CASA/authtoken/bin
 %dir /var/lib/CASA
 %dir /var/lib/CASA/authtoken
 %dir /var/lib/CASA/authtoken/svc
 %dir /etc/CASA
-%dir /etc/CASA/authtoken.d
-%dir /etc/CASA/authtoken.d/svc.d
-%dir /etc/CASA/authtoken.d/java-keys
+%dir /etc/CASA/authtoken
+%dir /etc/CASA/authtoken/keys
 %{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc-%{bldno}.war
-%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
-%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war.1
+%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
+/etc/init.d/casa_atsd
+%defattr(-,casaatsd,casaauth)
+%dir /srv/www/casaats
+%dir /srv/www/casaats/conf
+%dir /srv/www/casaats/conf/Catalina
+%dir /srv/www/casaats/conf/Catalina/localhost
+%dir /srv/www/casaats/shared
+%dir /srv/www/casaats/shared/classes
+%dir /srv/www/casaats/shared/libs
+%dir /srv/www/casaats/webapps
+%dir /srv/www/casaats/logs
+%dir /srv/www/casaats/work
+%dir /srv/www/casaats/temp
+%dir /etc/CASA/authtoken/svc
+%dir /etc/CASA/authtoken/svc/auth_mechanisms
+%dir /etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate
+%dir /etc/CASA/authtoken/svc/auth_mechanisms/PwdAuthenticate
+%dir /etc/CASA/authtoken/svc/enabled_services
+%dir /etc/CASA/authtoken/svc/enabled_services/localhost
+%dir /etc/CASA/authtoken/keys/server
+/srv/www/casaats/webapps/CasaAuthTokenSvc.war
+%config /srv/www/casaats/conf/catalina.policy
+%config /srv/www/casaats/conf/catalina.properties
+%config /srv/www/casaats/conf/jk2.properties
+%config /srv/www/casaats/conf/server.xml
+%config /srv/www/casaats/conf/tomcat-users.xml
+%config /srv/www/casaats/conf/web.xml
+%config /etc/CASA/authtoken/svc/envvars
+%config /etc/CASA/authtoken/svc/svc.settings
+%config /etc/CASA/authtoken/svc/authtoken.settings
+%config /etc/CASA/authtoken/svc/identoken.settings
+%config /etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings
+%config /etc/CASA/authtoken/svc/auth_mechanisms/PwdAuthenticate/mechanism.settings
 
 
 ## CASA_auth_token_jaas_support ##
@@ -184,26 +282,28 @@ rm -rf $RPM_BUILD_ROOT
 %post -n CASA_auth_token_jaas_support
 /sbin/ldconfig
 
+# Setup the keystore for the clients
+%{prefix}/share/java/CASA/authtoken/bin/client_keystore_setup.sh
+
 %preun -n CASA_auth_token_jaas_support
 # Nothing to do in this preun script
 
 %postun -n CASA_auth_token_jaas_support
-# Nothing to do in this postun script
+# Nothing to do in this preun script
 
 %files -n CASA_auth_token_jaas_support
 %defattr(-,root,root)
 %dir %{prefix}/share/java/CASA
 %dir %{prefix}/share/java/CASA/authtoken
+%dir %{prefix}/share/java/CASA/authtoken/bin
 %dir %{prefix}/share/java/CASA/authtoken/external
 %dir /etc/CASA
-%dir /etc/CASA/authtoken.d
-%dir /etc/CASA/authtoken.d/java-keys
+%dir /etc/CASA/authtoken
+%dir /etc/CASA/authtoken/keys
+%dir /etc/CASA/authtoken/keys/client
 %{prefix}/share/java/CASA/authtoken/CasaJaasSupport-%{bldno}.jar
-%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar
-%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar.1
 %{prefix}/share/java/CASA/authtoken/CasaAuthToken-%{bldno}.jar
-%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar
-%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar.1
+%{prefix}/share/java/CASA/authtoken/bin/client_keystore_setup.sh
 %{prefix}/share/java/CASA/authtoken/external/axis.jar
 %{prefix}/share/java/CASA/authtoken/external/axis-ant.jar
 %{prefix}/share/java/CASA/authtoken/external/commons-discovery-0.2.jar
@@ -219,8 +319,7 @@ rm -rf $RPM_BUILD_ROOT
 %{prefix}/share/java/CASA/authtoken/external/xercesImpl.jar
 %{prefix}/share/java/CASA/authtoken/external/xml-apis.jar
 %{prefix}/share/java/CASA/authtoken/external/xmlsec-1.2.1.jar
-/etc/CASA/authtoken.d/crypto.properties
-/etc/CASA/authtoken.d/svc.d/jaas.conf
+%config /etc/CASA/authtoken/keys/client/crypto.properties
 
 
 %changelog -n CASA_auth_token_svc
diff --git a/CASA-auth-token/java/server/Jaas/Makefile.am b/CASA-auth-token/java/server/Jaas/Makefile.am
index 30e595b6..aa8f58d0 100644
--- a/CASA-auth-token/java/server/Jaas/Makefile.am
+++ b/CASA-auth-token/java/server/Jaas/Makefile.am
@@ -20,10 +20,9 @@
 #######################################################################
 
 SUBDIRS = src
-DIST_SUBDIRS = src
+DIST_SUBDIRS = src linux
 
 EXTRA_DIST = $(JAVAFILES) \
-             make_and_run_test.sh \
              make_test.sh \
              run_test.sh
 
diff --git a/CASA-auth-token/java/server/Jaas/README b/CASA-auth-token/java/server/Jaas/README
index a35e9033..78127335 100644
--- a/CASA-auth-token/java/server/Jaas/README
+++ b/CASA-auth-token/java/server/Jaas/README
@@ -34,10 +34,21 @@ to validate credentials consisting of CASA Authentication Tokens.
 
 CONFIGURATION
 
-To use CasaLoginModule for your service, set the java.security.auth.login.config
-property to point to the JAAS configuration file for your application. You must
-also set the org.xml.sax.driver property to point to an appropriate SAX Parser.
-The Xerces SAX Parser is a good option (org.apache.xerces.parsers.SAXParser).
+To configure the CasaLoginModule for your service follow the following
+steps:
+
+  - Set the java.security.auth.login.config property to point to the JAAS
+    configuration file for your application.
+  - Set the org.xml.sax.driver property to point to an appropriate SAX Parser.
+    The Xerces SAX Parser is a good option (org.apache.xerces.parsers.SAXParser).
+  - Include the "/etc/CASA/authtoken/keys/client" path in the applications
+    CLASSPATH. This is the location of the crypto.properties file used by the
+    module to access the keystore with the ATS's signing certificate.
+  - Add the "/usr/share/java/CASA/authtoken/CasaJaasSupport.jar" and the
+    "/usr/share/java/CASA/authtoken/CasaAuthToken.jar" paths to the applications
+    CLASSPATH.
+  - Add the jar files in the /usr/share/java/CASA/authtoken/external folder
+    to the applications CLASSPATH.
 
 The JAAS configuration file should include the following line:
 
@@ -84,9 +95,6 @@ SampleApp {
 	com.novell.casa.jaas.CasaLoginModule Required debug=true;
 };
 
-You must also include the CasaJaasSupport.jar and CasaAuthToken.jar files in the
-CLASSPATH of the application.
-
 SECURITY CONSIDERATIONS
 
 CASA Authenticatication Tokens when compromised can be used to either impersonate
diff --git a/CASA-auth-token/java/server/Jaas/linux/Makefile.am b/CASA-auth-token/java/server/Jaas/linux/Makefile.am
new file mode 100644
index 00000000..aa089734
--- /dev/null
+++ b/CASA-auth-token/java/server/Jaas/linux/Makefile.am
@@ -0,0 +1,38 @@
+#######################################################################
+#
+#  Copyright (C) 2006 Novell, Inc.
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public
+#  License as published by the Free Software Foundation; either
+#  version 2 of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public
+#  License along with this program; if not, write to the Free
+#  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+#  Author: Juan Carlos Luciani <jluciani@novell.com>
+#
+#######################################################################
+
+SUBDIRS =
+
+DIST_SUBDIRS =
+
+CFILES =
+
+EXTRA_DIST = client_keystore_setup.sh \
+		crypto.properties
+
+.PHONY: package package-clean package-install package-uninstall
+package package-clean package-install package-uninstall:
+	$(MAKE) -C $(TARGET_OS) $@
+
+maintainer-clean-local:
+	rm -f Makefile.in
+
diff --git a/CASA-auth-token/java/server/Jaas/linux/client_keystore_setup.sh b/CASA-auth-token/java/server/Jaas/linux/client_keystore_setup.sh
new file mode 100755
index 00000000..a509d605
--- /dev/null
+++ b/CASA-auth-token/java/server/Jaas/linux/client_keystore_setup.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+########################################################################
+# 
+#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
+# 
+#   This library is free software; you can redistribute it and/or
+#   modify it under the terms of the GNU Lesser General Public
+#   License as published by the Free Software Foundation; version 2.1
+#   of the License.
+# 
+#   This library is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#   Library Lesser General Public License for more details.
+# 
+#   You should have received a copy of the GNU Lesser General Public
+#   License along with this library; if not, Novell, Inc.
+#  
+#   To contact Novell about this file by physical or electronic mail, 
+#   you may find current contact information at www.novell.com.
+#  
+#   Author: Juan Carlos Luciani <jluciani@novell.com>
+#   
+########################################################################
+
+#############################################################
+#                                                           #
+# CASA Authentication Token Keystore Setup Script for       #
+# auththentication token validating clients.                #
+#                                                           #
+# This script sets up the certificate associated with the   #
+# keys used by the ATS to sign authentication tokens in the #
+# keystore utilized by token validating clients.            #
+#                                                           #
+#############################################################
+
+# Do not do anything if the client keystore has already been created
+if [ -f /etc/CASA/authtoken/keys/client/jks-store ]; then
+	echo "The client keystore is already setup"
+else
+	if [ -f /etc/CASA/authtoken/keys/casaatsdSigningCert ]; then
+		echo "Setting up the clients's keystore"
+		# Import the certificate to the client's keystore
+		/usr/lib/jvm/java-1.5.0-ibm/bin/keytool -import -noprompt -keystore /etc/CASA/authtoken/keys/client/jks-store -alias signingCert -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
+
+		# List the content's of the client's keystore
+		#/usr/lib/jvm/java-1.5.0-ibm/bin/keytool -list -rfc -keystore client/jks-store -alias signingCert -storepass secret
+	else
+		echo "File /etc/CASA/authtoken/keys/casaatsdSigningCert not found" 
+	fi
+fi
diff --git a/CASA-auth-token/java/server/Jaas/linux/crypto.properties b/CASA-auth-token/java/server/Jaas/linux/crypto.properties
new file mode 100644
index 00000000..a491feb3
--- /dev/null
+++ b/CASA-auth-token/java/server/Jaas/linux/crypto.properties
@@ -0,0 +1,6 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=secret
+org.apache.ws.security.crypto.merlin.keystore.alias=signingCert
+org.apache.ws.security.crypto.merlin.alias.password=secret
+org.apache.ws.security.crypto.merlin.file=/etc/CASA/authtoken/keys/client/jks-store
diff --git a/CASA-auth-token/java/server/Jaas/make_and_run_test.sh b/CASA-auth-token/java/server/Jaas/make_and_run_test.sh
deleted file mode 100755
index 67a740d5..00000000
--- a/CASA-auth-token/java/server/Jaas/make_and_run_test.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-if [ ! -d build-test ]; then
-    mkdir build-test
-    mkdir build-test/classes
-else
-    if [ ! -d build-test/classes ]; then
-        mkdir build-test/classes
-    fi
-fi
-echo "*** Compiling the test application ***"
-javac -g -sourcepath src -classpath ../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar -d build-test/classes src/com/novell/casa/jaas/sample/SampleApp.java src/com/novell/casa/jaas/sample/SampleAppCallbackHandler.java
-echo "*** Done compiling ***"
-echo ""
-echo "*** Starting the test application ***"
-java -classpath build-test/classes:../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar:/usr/share/java/xerces-j2.jar -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Djava.security.auth.login.config=src/com/novell/casa/jaas/sample/SampleApp.conf com.novell.casa.jaas.sample.SampleApp
-#jdb -sourcepath src:../AuthTokenSvc/src -classpath build-test/classes:../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar:/usr/share/java/xerces-j2.jar -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Djava.security.auth.login.config=src/com/novell/casa/jaas/sample/SampleApp.conf com.novell.casa.jaas.sample.SampleApp
-
diff --git a/CASA-auth-token/java/server/Jaas/make_test.sh b/CASA-auth-token/java/server/Jaas/make_test.sh
index c46b15b1..f301a5b6 100755
--- a/CASA-auth-token/java/server/Jaas/make_test.sh
+++ b/CASA-auth-token/java/server/Jaas/make_test.sh
@@ -8,6 +8,6 @@ else
     fi
 fi
 echo "*** Compiling the test application ***"
-javac -g -sourcepath src -classpath ../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar -d build-test/classes src/com/novell/casa/jaas/sample/SampleApp.java src/com/novell/casa/jaas/sample/SampleAppCallbackHandler.java
+/usr/lib/jvm/java-1.5.0-ibm/bin/javac -g -sourcepath src -classpath /usr/share/java/CASA/authtoken/CasaJaasSupport.jar:/usr/share/java/CASA/authtoken/CasaAuthToken.jar -d build-test/classes src/com/novell/casa/jaas/sample/SampleApp.java src/com/novell/casa/jaas/sample/SampleAppCallbackHandler.java
 echo "*** Done compiling ***"
 
diff --git a/CASA-auth-token/java/server/Jaas/run_test.sh b/CASA-auth-token/java/server/Jaas/run_test.sh
index ab55dea7..48ae2d14 100755
--- a/CASA-auth-token/java/server/Jaas/run_test.sh
+++ b/CASA-auth-token/java/server/Jaas/run_test.sh
@@ -1,4 +1,4 @@
 echo "*** Starting the test application ***"
-java -classpath build-test/classes:../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar:/usr/share/java/xerces-j2.jar -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Djava.security.auth.login.config=src/com/novell/casa/jaas/sample/SampleApp.conf -Xrunjdwp:transport=dt_socket,address=5005,server=y,suspend=n com.novell.casa.jaas.sample.SampleApp
-#jdb -sourcepath src:../AuthTokenSvc/src -classpath build-test/classes:../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar:/usr/share/java/xerces-j2.jar -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Djava.security.auth.login.config=src/com/novell/casa/jaas/sample/SampleApp.conf com.novell.casa.jaas.sample.SampleApp
+export JAVA_HOME=/usr/lib/jvm/java-1.5.0-ibm
+/usr/lib/jvm/java-1.5.0-ibm/bin/java -classpath build-test/classes:/usr/share/java/CASA/authtoken/CasaJaasSupport.jar:/usr/share/java/CASA/authtoken/CasaAuthToken.jar:/usr/share/java/CASA/authtoken/external/axis-ant.jar:/usr/share/java/CASA/authtoken/external/axis.jar:/usr/share/java/CASA/authtoken/external/commons-discovery-0.2.jar:/usr/share/java/CASA/authtoken/external/commons-logging-1.0.4.jar:/usr/share/java/CASA/authtoken/external/commons-logging-api.jar:/usr/share/java/CASA/authtoken/external/jaxrpc.jar:/usr/share/java/CASA/authtoken/external/log4j-1.2.8.jar:/usr/share/java/CASA/authtoken/external/saaj.jar:/usr/share/java/CASA/authtoken/external/wsdl4j-1.5.1.jar:/usr/share/java/CASA/authtoken/external/wss4j-1.5.0.jar:/usr/share/java/CASA/authtoken/external/xalan.jar:/usr/share/java/CASA/authtoken/external/xercesImpl.jar:/usr/share/java/CASA/authtoken/external/xml-apis.jar:/usr/share/java/CASA/authtoken/external/xmlsec-1.2.1.jar:/usr/share/java/xerces-j2.jar:/etc/CASA/authtoken/keys/client -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Djava.security.auth.login.config=src/com/novell/casa/jaas/sample/SampleApp.conf -Xrunjdwp:transport=dt_socket,address=5005,server=y,suspend=n com.novell.casa.jaas.sample.SampleApp
 
diff --git a/CASA-auth-token/java/server/Svc/Makefile.am b/CASA-auth-token/java/server/Svc/Makefile.am
index 86d6161b..a2a110b4 100644
--- a/CASA-auth-token/java/server/Svc/Makefile.am
+++ b/CASA-auth-token/java/server/Svc/Makefile.am
@@ -20,16 +20,14 @@
 #######################################################################
 
 SUBDIRS = src
-DIST_SUBDIRS = src external
+DIST_SUBDIRS = src external tomcat5 linux
 
 EXTRA_DIST = authtoken.settings \
 		identoken.settings \
 		README \
 		svc.settings \
 		TODO \
-		web.xml \
-		crypto.properties \
-		jaas.conf
+		web.xml
 
 ROOT = ../..
 
@@ -102,7 +100,7 @@ $(BUILDDIR)/$(WEBAPP): $(BUILDDIR) $(CLASSES)
 	cp svc.settings $(BUILDDIR)/webapp/WEB-INF/conf/svc.settings
 	cp authtoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/authtoken.settings
 	cp identoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/identoken.settings
-	cp crypto.properties $(BUILDDIR)/webapp/WEB-INF/classes/crypto.properties
+	cp linux/crypto.properties $(BUILDDIR)/webapp/WEB-INF/classes/crypto.properties
 	cp src/com/novell/casa/authtoksvc/Krb5_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/Krb5Authenticate/mechanism.settings
 	cp src/com/novell/casa/authtoksvc/Pwd_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/PwdAuthenticate/mechanism.settings
 	cp $(IDENT_ABSTRACTION_DIR)/*.jar $(BUILDDIR)/webapp/WEB-INF/lib/
diff --git a/CASA-auth-token/java/server/Svc/README b/CASA-auth-token/java/server/Svc/README
index 262b8a80..80edf14e 100644
--- a/CASA-auth-token/java/server/Svc/README
+++ b/CASA-auth-token/java/server/Svc/README
@@ -99,7 +99,7 @@ The following is an example svc.settings file:
 	<IAConfigFile>/home/jluciani/jakarta-tomcat-5.0.28/webapps/CasaAuthTokenSvc/WEB-INF/conf/iaRealms.xml</IAConfigFile>
 	<ReconfigureInterval>60</ReconfigureInterval>
 	<startSearchContext>o=novell</startSearchContext>
-	<KeyStoreUser>privKey<KeyStoreUser>
+	<SigningKeyAliasName>signingKey<SigningKeyAliasName>
 	<KeyStorePwd>foobar<KeyStorePwd>
 </settings>
 
@@ -135,18 +135,20 @@ Note the following about the sample svc.settings file:
   to the identity abstraction configuration file where it belongs. Once this is done,
   the setting will no longer be recognized within the svc.settings file. 
 
-- The KeyStoreUses setting specifies the user's alias name in the keystore that identifies
-  the private key that is to be used to sign tokens.
+- The SigningKeyAliasName setting specifies the alias name of the entry in the keystore
+  with the private key utilized to sign tokens. The value of this setting defaults to
+  "signingKey".
 
-- The KeyStorePwd setting specifies the password of the user specified by KeyStoreUser to get
-  the private signing key from the keystore.
+- The SigningKeyPassword setting specifies the password utilized to protect the private key
+  used for signing tokens that is stored in the keystore. The value of this setting defaults to
+  "secret".
 
 ATSs digitally sign tokens, for this purpose it is necessary that keys be generated and installed
 in a keystore whose location and properties are configured in the crypto.properties file present in
 the "classes" folder under the WEB-INF folder of the AuthTokenSvc application
 ($CATALINA_HOME/webapps/CasaAuthTokenSvc/WEB-INF/classes). Please note that you must edit the
 crypto.properties file with the appropriate information once the AuthTokenSvc is deployed to
-a Tomcat server.
+a Tomcat server to deal with your configuration requirements.
  
 CONFIGURING SERVICES TO CONSUME CASA AUTHENTICATION TOKENS
 
diff --git a/CASA-auth-token/java/server/Svc/crypto.properties b/CASA-auth-token/java/server/Svc/crypto.properties
deleted file mode 100644
index a927242a..00000000
--- a/CASA-auth-token/java/server/Svc/crypto.properties
+++ /dev/null
@@ -1,6 +0,0 @@
-org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
-org.apache.ws.security.crypto.merlin.keystore.type=jks
-org.apache.ws.security.crypto.merlin.keystore.password=foobar
-org.apache.ws.security.crypto.merlin.keystore.alias=privkey
-org.apache.ws.security.crypto.merlin.alias.password=foobar
-org.apache.ws.security.crypto.merlin.file=/etc/CASA/authtoken.d/java-keys/privkeystore
diff --git a/CASA-auth-token/java/server/Svc/linux/CasaAuthtokenSvcD b/CASA-auth-token/java/server/Svc/linux/CasaAuthtokenSvcD
new file mode 100644
index 00000000..de4e539c
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/linux/CasaAuthtokenSvcD
@@ -0,0 +1,174 @@
+#!/bin/sh
+#
+# Startup script for the Casa Authtoken Service Daemon (casa_atsd)
+#
+# /etc/init.d/casa_atsd
+#
+# description: casa_atsd is the CASA Authentication Token Service
+# (ATS). CASA Client utilize this service to obtain CASA authentication
+# tokens to authenticate to other services. The ATS executes as a
+# tomcat webapp. casa_atsd is the tomcat process which contains
+# the ATS.
+#
+# Note that some of the content from this file was copied from
+# /etc/init.d/tomcat5 whose author was Petr Mladek.
+# /etc/init.d/tomcat5 has the following copyrights:
+#
+# Copyright (c) 1995-2001 SuSE GmbH Nuernberg, Germany.
+# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.
+#
+# processname: casa_atsd
+# pidfile: None
+# config utility: None
+
+
+### BEGIN INIT INFO
+# Provides: casa_atsd
+# Required-Start: $local_fs $remote_fs
+# X-UnitedLinux-Should-Start: $named $syslog $time
+# Required-Stop: $local_fs $remote_fs $network
+# X-UnitedLinux-Should-Stop: $named $syslog $time
+# Default-Start: 1 2 3 5
+# Default-Stop:
+# Short-Description: Casa Authtoken Service Daemon
+# Description: Start Casa Authtoken Service Daemon
+### END INIT INFO
+
+. /etc/rc.status
+
+# Shell functions sourced from /etc/rc.status:
+#      rc_check         check and set local and overall rc status
+#      rc_status        check and set local and overall rc status
+#      rc_status -v     ditto but be verbose in local rc status
+#      rc_status -v -r  ditto and clear the local rc status
+#      rc_failed        set local and overall rc status to failed
+#      rc_reset         clear local rc status (overall remains)
+#      rc_exit          exit appropriate to overall rc status
+
+# First reset status of this service
+rc_reset
+
+DAEMON_USER=casaatsd
+DAEMON_GROUP=casaauth
+
+atsIsRunning()
+{
+  ats_ps_log=`mktemp /var/tmp/ats-ps.log.XXXXXX`
+  ps aux --cols 1024 >"$ats_ps_log"
+  ats_is_running="false"
+  if grep " -Dcatalina.base=$CATALINA_BASE.*-Dcatalina.home=$CATALINA_HOME.*org.apache.catalina.startup.Bootstrap" "$ats_ps_log" >/dev/null 2>/dev/null ; then
+    ats_is_running="true"
+  fi
+  rm -f "$ats_ps_log"
+  test "$ats_is_running" = "true"
+}
+
+StartDAEMON()
+{
+  # Start the daemon
+  echo -n "Starting casa_atsd"
+  ## Start daemon with startproc(8). If this fails
+  ## the echo return value is set appropriate.
+    
+  # NOTE: startproc return 0, even if service is 
+  # already running to match LSB spec.
+  if atsIsRunning ; then
+    rc_failed 0
+  else
+    # try to fix permissions
+    chown --dereference $DAEMON_USER:$DAEMON_GROUP "$CATALINA_BASE"
+    for dir in "$CATALINA_BASE/conf" \
+               "$CATALINA_BASE/logs" \
+               "$CATALINA_BASE/temp" \
+               "$CATALINA_BASE/webapps" \
+               "$CATALINA_BASE/work" ; do
+      # the command true is used because of for example conf directory may be mounted read-only
+      test -d "$dir" && chown -R --dereference $DAEMON_USER:$DAEMON_GROUP "$dir" 2>/dev/null || true
+    done
+    su $DAEMON_USER -s /bin/bash -c "$CATALINA_HOME/bin/startup.sh" >"$CATALINA_BASE/logs//start.log" 2>&1
+    sleep 1
+    if atsIsRunning ; then
+      rc_failed 0
+    else
+      rc_failed 7
+    fi    
+  fi
+  rc_status -v
+}
+
+
+StopDAEMON()
+{
+  # Stop the daemon
+  echo -n "Shutting casa_atsd"
+  ## Stop daemon with killproc(8) and if this fails
+  ## set echo the echo return value.
+  if atsIsRunning ; then
+    su $DAEMON_USER -s /bin/bash -c "$CATALINA_HOME/bin/shutdown.sh" >"$CATALINA_BASE/logs/stop.log" 2>&1
+    # wait 60 sec for stop at maximum
+    wait_sec=60
+    while [ "$wait_sec" != "0" ] ; do
+      sleep 1
+      if ! atsIsRunning ; then
+        # the server is stoped, end the loop
+        wait_sec=0
+        break
+      fi
+      wait_sec=$((wait_sec -1))
+    done
+    # check the final status
+    if atsIsRunning ; then
+      rc_failed 1
+    else
+      rc_failed 0
+    fi
+  else
+    rc_failed 0
+  fi  
+  # Remember status and be verbose
+  rc_status -v
+}
+
+
+# Source the environments file for our daemon
+. /etc/CASA/authtoken/svc/envvars
+  
+
+case "$1" in
+start)
+  StartDAEMON
+  ;;
+stop)
+  StopDAEMON
+  ;;
+restart|reload|force-reload)
+  StopDAEMON
+  sleep 1
+  StartDAEMON
+  ;;
+status)
+  echo -n "Checking for casa_atsd"
+  ## Check status with checkproc(8), if process is running
+  ## checkproc will return with exit status 0.
+
+  # Status has a slightly different for the status command:
+  # 0 - service running
+  # 1 - service dead, but /var/run/  pid  file exists
+  # 2 - service dead, but /var/lock/ lock file exists
+  # 3 - service not running
+
+  # NOTE: checkproc returns LSB compliant status values.
+  if atsIsRunning ; then
+    rc_failed 0
+  else
+    rc_failed 3
+  fi
+  rc_status -v
+  ;;
+*)
+  echo -n "Usage: $0 {start|stop|restart|reload|force-reload}"
+  exit 1
+  ;;
+esac
+rc_exit
+
diff --git a/CASA-auth-token/java/server/Svc/linux/Makefile.am b/CASA-auth-token/java/server/Svc/linux/Makefile.am
new file mode 100644
index 00000000..a34e9461
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/linux/Makefile.am
@@ -0,0 +1,40 @@
+#######################################################################
+#
+#  Copyright (C) 2006 Novell, Inc.
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public
+#  License as published by the Free Software Foundation; either
+#  version 2 of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public
+#  License along with this program; if not, write to the Free
+#  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+#  Author: Juan Carlos Luciani <jluciani@novell.com>
+#
+#######################################################################
+
+SUBDIRS =
+
+DIST_SUBDIRS =
+
+CFILES =
+
+EXTRA_DIST = CasaAuthtokenSvcD \
+		envvars \
+		server_keystore_setup.sh \
+		crypto.properties
+
+.PHONY: package package-clean package-install package-uninstall
+package package-clean package-install package-uninstall:
+	$(MAKE) -C $(TARGET_OS) $@
+
+maintainer-clean-local:
+	rm -f Makefile.in
+
diff --git a/CASA-auth-token/java/server/Svc/linux/crypto.properties b/CASA-auth-token/java/server/Svc/linux/crypto.properties
new file mode 100644
index 00000000..2f2e46ce
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/linux/crypto.properties
@@ -0,0 +1,6 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=secret
+org.apache.ws.security.crypto.merlin.keystore.alias=signingKey
+org.apache.ws.security.crypto.merlin.alias.password=secret
+org.apache.ws.security.crypto.merlin.file=/etc/CASA/authtoken/keys/server/jks-store
diff --git a/CASA-auth-token/java/server/Svc/linux/envvars b/CASA-auth-token/java/server/Svc/linux/envvars
new file mode 100644
index 00000000..9991ed24
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/linux/envvars
@@ -0,0 +1,14 @@
+############################################################
+#                                                          #
+# Environment variable file for casa_atsd.                 #
+#                                                          #
+# Note: This file is sourced by the casa_atsd rc script    #
+# when starting the service.                               #
+#                                                          #
+############################################################
+CATALINA_BASE="/srv/www/casaats"
+CATALINA_HOME="/usr/share/tomcat5"
+JAVA_HOME="/usr/lib/jvm/java-1.5.0-ibm"
+JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc"
+export CATALINA_BASE CATALINA_HOME JAVA_HOME JAVA_OPTS
+
diff --git a/CASA-auth-token/java/server/Svc/linux/server_keystore_setup.sh b/CASA-auth-token/java/server/Svc/linux/server_keystore_setup.sh
new file mode 100755
index 00000000..739f84af
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/linux/server_keystore_setup.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+########################################################################
+# 
+#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
+# 
+#   This library is free software; you can redistribute it and/or
+#   modify it under the terms of the GNU Lesser General Public
+#   License as published by the Free Software Foundation; version 2.1
+#   of the License.
+# 
+#   This library is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#   Library Lesser General Public License for more details.
+# 
+#   You should have received a copy of the GNU Lesser General Public
+#   License along with this library; if not, Novell, Inc.
+#  
+#   To contact Novell about this file by physical or electronic mail, 
+#   you may find current contact information at www.novell.com.
+#  
+#   Author: Juan Carlos Luciani <jluciani@novell.com>
+#   
+########################################################################
+
+#############################################################
+#                                                           #
+# CASA ATS Keystore Setup Script.                           #
+#                                                           #
+# This script sets up a keystore for the ATS with a key     #
+# pair which the ATS will use for signing authentication    #
+# and session tokens.                                       #
+#                                                           #
+# Ths script creates a self signed certificate that it then #
+# exports. At this time it is sufficient to utilize self    #
+# signed certificates because they are meant to be consumed #
+# by entities of the local box.                             # 
+#                                                           # 
+#############################################################
+
+# Do not do anything if the server keystore has already been created
+if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then
+	echo "The server keystore is already setup"
+        # Make sure that the keystore file is owned by our service
+        chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
+else
+	echo "Setting up the server's keystore"
+	# Create the server keystore with the key that will be used for signing tokens
+	host=`hostname -f`
+	/usr/lib/jvm/java-1.5.0-ibm/bin/keytool -genkey -alias signingKey -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=casaatsd@$host" -validity 3600 -keypass secret -storepass secret
+
+	# Export self-signed certificate for the signing key
+	/usr/lib/jvm/java-1.5.0-ibm/bin/keytool -export -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
+
+	# List the contents of the server's keystore
+	#usr/lib/jvm/java-1.5.0-ibm/bin/keytool -list -rfc -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret
+
+	# Print the exported cert
+	#usr/lib/jvm/java-1.5.0-ibm/bin/keytool -printcert -file /etc/CASA/authtoken/keys/casaatsdSigningCert
+
+	# Make sure that the keystore is only accessible by the service
+	chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
+	chmod 600 /etc/CASA/authtoken/keys/server/jks-store
+fi
+
diff --git a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/SvcConfig.java b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/SvcConfig.java
index e5845f1a..4a1b44af 100644
--- a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/SvcConfig.java
+++ b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/SvcConfig.java
@@ -53,13 +53,15 @@ public class SvcConfig
    public final static String ConfigFolderPath = "ConfigFolderPath";
    public final static String AppRootPath = "AppRootPath";
    public final static String ReconfigureInterval = "ReconfigureInterval";
-   public final static String KeyStoreUser = "KeyStoreUser";
-   public final static String KeyStorePwd = "KeyStorePwd";
+   public final static String SigningKeyAliasName = "SigningKeyAliasName";
+   public final static String SigningKeyPassword = "SigningKeyPassword";
 
    // Default configuration values
-   public final static  String DefaultSessionTokenLifetimeValue = "43200";    // Seconds
-   public final static  String DefaultLifetimeShorterValue = "5";             // Seconds
-   public final static  String DefaultReconfigureIntervalValue = "60";        // Seconds
+   public final static String DefaultSessionTokenLifetimeValue = "43200";    // Seconds
+   public final static String DefaultLifetimeShorterValue = "5";             // Seconds
+   public final static String DefaultReconfigureIntervalValue = "60";        // Seconds
+   public final static String DefaultSigningKeyAliasNameValue = "signingKey";
+   public final static String DefaultSigningKeyPasswordValue = "secret";
 
    private static final String m_svcSettingsFileName = "svc.settings";
    private Map m_svcSettingsMap;
@@ -281,6 +283,22 @@ public class SvcConfig
             // Add the key to the map so that it can be found quicker next time
             m_svcSettingsMap.put(ReconfigureInterval, DefaultReconfigureIntervalValue);
          }
+         else if (settingName.equals(SigningKeyAliasName) == true)
+         {
+            value = DefaultSigningKeyAliasNameValue;
+            System.err.println("SvcConfig.getSetting()- Assigning default value " + value);
+
+            // Add the key to the map so that it can be found quicker next time
+            m_svcSettingsMap.put(SigningKeyAliasName, DefaultSigningKeyAliasNameValue);
+         }
+         else if (settingName.equals(SigningKeyPassword) == true)
+         {
+            value = DefaultSigningKeyPasswordValue;
+            System.err.println("SvcConfig.getSetting()- Assigning default value " + value);
+
+            // Add the key to the map so that it can be found quicker next time
+            m_svcSettingsMap.put(SigningKeyPassword, DefaultSigningKeyPasswordValue);
+         }
          else if (settingName.equals(IdentityAbstractionConfigFile) == true)
          {
             System.err.println("SvcConfig.getSetting()- Mandatory setting " + IdentityAbstractionConfigFile + " not set");
diff --git a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/WSSecurity.java b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/WSSecurity.java
index 4e24ab58..e00133d0 100644
--- a/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/WSSecurity.java
+++ b/CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/WSSecurity.java
@@ -244,8 +244,8 @@ public class WSSecurity
                                             boolean includeCert) throws Exception
    {
       WSSecSignature signer = new WSSecSignature();
-      signer.setUserInfo(svcConfig.getSetting(SvcConfig.KeyStoreUser),
-                         svcConfig.getSetting(SvcConfig.KeyStorePwd));
+      signer.setUserInfo(svcConfig.getSetting(SvcConfig.SigningKeyAliasName),
+                         svcConfig.getSetting(SvcConfig.SigningKeyPassword));
       if (includeCert)
       {
          signer.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER); // Include X509 Cert in message
diff --git a/CASA-auth-token/java/server/Svc/svc.settings b/CASA-auth-token/java/server/Svc/svc.settings
index f028fef5..b6f34326 100644
--- a/CASA-auth-token/java/server/Svc/svc.settings
+++ b/CASA-auth-token/java/server/Svc/svc.settings
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
 <settings>
-	<IAConfigFile>Replace with path to the Identity Abstraction Realms Configuration File.</IAConfigFile>
+	<IAConfigFile>/etc/CASA/authtoken/svc/iaRealms.xml</IAConfigFile>
 	<SessionTokenLifetime>43200</SessionTokenLifetime>
 </settings>
diff --git a/CASA-auth-token/java/server/Svc/tomcat5/Makefile.am b/CASA-auth-token/java/server/Svc/tomcat5/Makefile.am
new file mode 100644
index 00000000..ce690393
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/tomcat5/Makefile.am
@@ -0,0 +1,37 @@
+#######################################################################
+#
+#  Copyright (C) 2006 Novell, Inc.
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public
+#  License as published by the Free Software Foundation; either
+#  version 2 of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public
+#  License along with this program; if not, write to the Free
+#  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+#  Author: Juan Carlos Luciani <jluciani@novell.com>
+#
+#######################################################################
+
+SUBDIRS =
+
+DIST_SUBDIRS = conf
+
+CFILES =
+
+EXTRA_DIST =
+
+.PHONY: package package-clean package-install package-uninstall
+package package-clean package-install package-uninstall:
+	$(MAKE) -C $(TARGET_OS) $@
+
+maintainer-clean-local:
+	rm -f Makefile.in
+
diff --git a/CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/Makefile.am b/CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/Makefile.am
new file mode 100644
index 00000000..5c99e1ce
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/Makefile.am
@@ -0,0 +1,37 @@
+#######################################################################
+#
+#  Copyright (C) 2006 Novell, Inc.
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public
+#  License as published by the Free Software Foundation; either
+#  version 2 of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public
+#  License along with this program; if not, write to the Free
+#  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+#  Author: Juan Carlos Luciani <jluciani@novell.com>
+#
+#######################################################################
+
+SUBDIRS =
+
+DIST_SUBDIRS = localhost
+
+CFILES =
+
+EXTRA_DIST =
+
+.PHONY: package package-clean package-install package-uninstall
+package package-clean package-install package-uninstall:
+	$(MAKE) -C $(TARGET_OS) $@
+
+maintainer-clean-local:
+	rm -f Makefile.in
+
diff --git a/CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/Makefile.am b/CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/Makefile.am
new file mode 100644
index 00000000..9130190a
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/Makefile.am
@@ -0,0 +1,39 @@
+#######################################################################
+#
+#  Copyright (C) 2006 Novell, Inc.
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public
+#  License as published by the Free Software Foundation; either
+#  version 2 of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public
+#  License along with this program; if not, write to the Free
+#  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+#  Author: Juan Carlos Luciani <jluciani@novell.com>
+#
+#######################################################################
+
+SUBDIRS =
+
+DIST_SUBDIRS =
+
+CFILES =
+
+EXTRA_DIST = admin.xml \
+		balancer.xml \
+		manager.xml
+
+.PHONY: package package-clean package-install package-uninstall
+package package-clean package-install package-uninstall:
+	$(MAKE) -C $(TARGET_OS) $@
+
+maintainer-clean-local:
+	rm -f Makefile.in
+
diff --git a/CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/admin.xml b/CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/admin.xml
new file mode 100644
index 00000000..1b1ac779
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/admin.xml
@@ -0,0 +1,30 @@
+<!--
+
+    Context configuration file for the Tomcat Administration Web App
+
+    $Id: admin.xml,v 1.3 2004/02/20 17:09:19 remm Exp $
+
+-->
+
+
+<Context path="/admin" docBase="${catalina.home}/server/webapps/admin"
+        debug="0" privileged="true">
+
+  <!-- Uncomment this Valve to limit access to the Admin app to localhost
+   for obvious security reasons. Allow may be a comma-separated list of
+   hosts (or even regular expressions).
+  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+    allow="127.0.0.1"/>
+  -->
+
+  <Logger className="org.apache.catalina.logger.FileLogger"
+             prefix="localhost_admin_log." suffix=".txt"
+          timestamp="true"/>
+
+  <!-- Allow linking since JPackage do not install jar as copies -->
+
+  <Resources className="org.apache.naming.resources.FileDirContext"
+             allowLinking="true"/>
+
+
+</Context>
diff --git a/CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/balancer.xml b/CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/balancer.xml
new file mode 100644
index 00000000..cd046464
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/balancer.xml
@@ -0,0 +1,14 @@
+<!--
+
+    Context configuration file for the Tomcat Balancer Web App
+    This is only needed to keep the distribution small and avoid duplicating
+    commons libraries
+
+    $Id: balancer.xml,v 1.1 2003/11/20 21:43:32 remm Exp $
+
+-->
+
+
+<Context path="/balancer" docBase="balancer" debug="0" privileged="true">
+
+</Context>
diff --git a/CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/manager.xml b/CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/manager.xml
new file mode 100644
index 00000000..78620c58
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/manager.xml
@@ -0,0 +1,17 @@
+<!--
+
+    Context configuration file for the Tomcat Manager Web App
+
+    $Id: manager.xml,v 1.2 2004/02/20 17:09:29 remm Exp $
+
+-->
+
+
+<Context path="/manager" docBase="${catalina.home}/server/webapps/manager"
+        debug="0" privileged="true">
+
+  <!-- Link to the user database we will get roles from -->
+  <ResourceLink name="users" global="UserDatabase"
+                type="org.apache.catalina.UserDatabase"/>
+
+</Context>
diff --git a/CASA-auth-token/java/server/Svc/tomcat5/conf/Makefile.am b/CASA-auth-token/java/server/Svc/tomcat5/conf/Makefile.am
new file mode 100644
index 00000000..be7b21cd
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/tomcat5/conf/Makefile.am
@@ -0,0 +1,43 @@
+#######################################################################
+#
+#  Copyright (C) 2006 Novell, Inc.
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public
+#  License as published by the Free Software Foundation; either
+#  version 2 of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public
+#  License along with this program; if not, write to the Free
+#  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+#  Author: Juan Carlos Luciani <jluciani@novell.com>
+#
+#######################################################################
+
+SUBDIRS =
+
+DIST_SUBDIRS = Catalina
+
+CFILES =
+
+EXTRA_DIST = catalina.policy \
+		catalina.properties \
+		jk2.properties \
+		server.xml \
+		server-minimal.xml \
+		tomcat-users.xml \
+		web.xml
+
+.PHONY: package package-clean package-install package-uninstall
+package package-clean package-install package-uninstall:
+	$(MAKE) -C $(TARGET_OS) $@
+
+maintainer-clean-local:
+	rm -f Makefile.in
+
diff --git a/CASA-auth-token/java/server/Svc/tomcat5/conf/catalina.policy b/CASA-auth-token/java/server/Svc/tomcat5/conf/catalina.policy
new file mode 100644
index 00000000..345fe7a4
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/tomcat5/conf/catalina.policy
@@ -0,0 +1,162 @@
+// ============================================================================
+// catalina.corepolicy - Security Policy Permissions for Tomcat 5
+//
+// This file contains a default set of security policies to be enforced (by the
+// JVM) when Catalina is executed with the "-security" option.  In addition
+// to the permissions granted here, the following additional permissions are
+// granted to the codebase specific to each web application:
+//
+// * Read access to the document root directory
+//
+// $Id: catalina.policy,v 1.11 2004/03/02 12:36:22 remm Exp $
+// ============================================================================
+
+
+// ========== SYSTEM CODE PERMISSIONS =========================================
+
+
+// These permissions apply to javac
+grant codeBase "file:${java.home}/lib/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions
+grant codeBase "file:${java.home}/jre/lib/ext/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/../lib/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions when
+// ${java.home} points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/lib/ext/-" {
+        permission java.security.AllPermission;
+};
+
+
+// ========== CATALINA CODE PERMISSIONS =======================================
+
+
+// These permissions apply to the launcher code
+grant codeBase "file:${catalina.home}/bin/commons-launcher.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the daemon code
+grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the commons-logging API
+grant codeBase "file:${catalina.home}/bin/commons-logging-api.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the server startup code
+grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the JMX server
+grant codeBase "file:${catalina.home}/bin/jmx.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the servlet API classes
+// and those that are shared across all class loaders
+// located in the "common" directory
+grant codeBase "file:${catalina.home}/common/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the container's core code, plus any additional
+// libraries installed in the "server" directory
+grant codeBase "file:${catalina.home}/server/-" {
+        permission java.security.AllPermission;
+};
+
+// ========== WEB APPLICATION PERMISSIONS =====================================
+
+
+// These permissions are granted by default to all web applications
+// In addition, a web application will be given a read FilePermission
+// and JndiPermission for all files and directories in its document root.
+grant { 
+    // Required for JNDI lookup of named JDBC DataSource's and
+    // javamail named MimePart DataSource used to send mail
+    permission java.util.PropertyPermission "java.home", "read";
+    permission java.util.PropertyPermission "java.naming.*", "read";
+    permission java.util.PropertyPermission "javax.sql.*", "read";
+
+    // OS Specific properties to allow read access
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.util.PropertyPermission "os.version", "read";
+    permission java.util.PropertyPermission "os.arch", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "path.separator", "read";
+    permission java.util.PropertyPermission "line.separator", "read";
+
+    // JVM properties to allow read access
+    permission java.util.PropertyPermission "java.version", "read";
+    permission java.util.PropertyPermission "java.vendor", "read";
+    permission java.util.PropertyPermission "java.vendor.url", "read";
+    permission java.util.PropertyPermission "java.class.version", "read";
+	permission java.util.PropertyPermission "java.specification.version", "read";
+	permission java.util.PropertyPermission "java.specification.vendor", "read";
+	permission java.util.PropertyPermission "java.specification.name", "read";
+
+	permission java.util.PropertyPermission "java.vm.specification.version", "read";
+	permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
+	permission java.util.PropertyPermission "java.vm.specification.name", "read";
+	permission java.util.PropertyPermission "java.vm.version", "read";
+	permission java.util.PropertyPermission "java.vm.vendor", "read";
+	permission java.util.PropertyPermission "java.vm.name", "read";
+
+    // Required for OpenJMX
+    permission java.lang.RuntimePermission "getAttribute";
+
+	// Allow read of JAXP compliant XML parser debug
+	permission java.util.PropertyPermission "jaxp.debug", "read";
+
+    // Precompiled JSPs need access to this package.
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
+    
+};
+
+
+// You can assign additional permissions to particular web applications by
+// adding additional "grant" entries here, based on the code base for that
+// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
+//
+// Different permissions can be granted to JSP pages, classes loaded from
+// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
+// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
+//
+// For instance, assume that the standard "examples" application
+// included a JDBC driver that needed to establish a network connection to the
+// corresponding database and used the scrape taglib to get the weather from
+// the NOAA web server.  You might create a "grant" entries like this:
+//
+// The permissions granted to the context root directory apply to JSP pages.
+// grant codeBase "file:${catalina.home}/webapps/examples/-" {
+//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
+//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
+// };
+//
+// The permissions granted to the context WEB-INF/classes directory
+// grant codeBase "file:${catalina.home}/webapps/examples/WEB-INF/classes/-" {
+// };
+//
+// The permission granted to your JDBC driver
+// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
+//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
+// };
+// The permission granted to the scrape taglib
+// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
+//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
+// };
+
diff --git a/CASA-auth-token/java/server/Svc/tomcat5/conf/catalina.properties b/CASA-auth-token/java/server/Svc/tomcat5/conf/catalina.properties
new file mode 100644
index 00000000..6f6b41a3
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/tomcat5/conf/catalina.properties
@@ -0,0 +1,57 @@
+#
+# List of comma-separated packages that start with or equal this string
+# will cause a security exception to be thrown when
+# passed to checkPackageAccess unless the
+# corresponding RuntimePermission ("accessClassInPackage."+package) has
+# been granted.
+package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.,sun.beans.
+#
+# List of comma-separated packages that start with or equal this string
+# will cause a security exception to be thrown when
+# passed to checkPackageDefinition unless the
+# corresponding RuntimePermission ("defineClassInPackage."+package) has
+# been granted.
+#
+# by default, no packages are restricted for definition, and none of
+# the class loaders supplied with the JDK call checkPackageDefinition.
+#
+package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
+
+#
+#
+# List of comma-separated paths defining the contents of the "common" 
+# classloader. Prefixes should be used to define what is the repository type.
+# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
+# If left as blank,the JVM system loader will be used as Catalina's "common" 
+# loader.
+# Examples:
+#     "foo": Add this folder as a class repository
+#     "foo/*.jar": Add all the JARs of the specified folder as class 
+#                  repositories
+#     "foo/bar.jar": Add bar.jar as a class repository
+common.loader=${catalina.home}/common/classes,${catalina.home}/common/endorsed/*.jar,${catalina.home}/common/lib/*.jar
+
+#
+# List of comma-separated paths defining the contents of the "server" 
+# classloader. Prefixes should be used to define what is the repository type.
+# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
+# If left as blank, the "common" loader will be used as Catalina's "server" 
+# loader.
+# Examples:
+#     "foo": Add this folder as a class repository
+#     "foo/*.jar": Add all the JARs of the specified folder as class 
+#                  repositories
+#     "foo/bar.jar": Add bar.jar as a class repository
+server.loader=${catalina.home}/server/classes,${catalina.home}/server/lib/*.jar
+
+#
+# List of comma-separated paths defining the contents of the "shared" 
+# classloader. Prefixes should be used to define what is the repository type.
+# Path may be relative to the CATALINA_BASE path or absolute. If left as blank,
+# the "common" loader will be used as Catalina's "shared" loader.
+# Examples:
+#     "foo": Add this folder as a class repository
+#     "foo/*.jar": Add all the JARs of the specified folder as class 
+#                  repositories
+#     "foo/bar.jar": Add bar.jar as a class repository 
+shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar
diff --git a/CASA-auth-token/java/server/Svc/tomcat5/conf/jk2.properties b/CASA-auth-token/java/server/Svc/tomcat5/conf/jk2.properties
new file mode 100644
index 00000000..093bae80
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/tomcat5/conf/jk2.properties
@@ -0,0 +1,26 @@
+## THIS FILE MAY BE OVERRIDEN AT RUNTIME. MAKE SURE TOMCAT IS STOPED
+## WHEN YOU EDIT THE FILE.
+
+## COMMENTS WILL BE _LOST_
+
+## DOCUMENTATION OF THE FORMAT IN JkMain javadoc.
+
+# Set the desired handler list
+# handler.list=apr,request,channelJni
+#
+# Override the default port for the socketChannel
+# channelSocket.port=8019
+# Default: 
+# channelUnix.file=${jkHome}/work/jk2.socket
+# Just to check if the the config  is working
+# shm.file=${jkHome}/work/jk2.shm
+
+# In order to enable jni use any channelJni directive
+# channelJni.disabled = 0
+# And one of the following directives:
+
+# apr.jniModeSo=/opt/apache2/modules/mod_jk2.so
+
+# If set to inprocess the mod_jk2 will Register natives itself
+# This will enable the starting of the Tomcat from mod_jk2
+# apr.jniModeSo=inprocess
diff --git a/CASA-auth-token/java/server/Svc/tomcat5/conf/server-minimal.xml b/CASA-auth-token/java/server/Svc/tomcat5/conf/server-minimal.xml
new file mode 100644
index 00000000..5d1cd3b9
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/tomcat5/conf/server-minimal.xml
@@ -0,0 +1,35 @@
+<Server port="8005" shutdown="SHUTDOWN">
+  <GlobalNamingResources>
+    <!-- Used by Manager webapp -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+      description="User database that can be updated and saved">
+    </Resource>
+    <ResourceParams name="UserDatabase">
+      <parameter> 
+        <name>factory</name>
+        <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
+      </parameter>
+      <parameter>
+        <name>pathname</name>
+        <value>conf/tomcat-users.xml</value>
+      </parameter>
+    </ResourceParams>
+  </GlobalNamingResources>
+
+  <Service name="Catalina">
+    <Connector port="8080" />
+
+    <!-- This is here for compatibility only, not required -->
+    <Connector port="8009" protocol="AJP/1.3" />
+
+    <Engine name="Catalina" defaultHost="localhost">
+      <Logger className="org.apache.catalina.logger.FileLogger" />
+
+      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+             resourceName="UserDatabase" />
+
+      <Host name="localhost" appBase="webapps" />
+    </Engine>
+  </Service>
+</Server>
diff --git a/CASA-auth-token/java/server/Svc/tomcat5/conf/server.xml b/CASA-auth-token/java/server/Svc/tomcat5/conf/server.xml
new file mode 100644
index 00000000..1fe20c7a
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/tomcat5/conf/server.xml
@@ -0,0 +1,383 @@
+<!-- Example Server Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+     parent-child relationships with each other -->
+
+<!-- A "Server" is a singleton element that represents the entire JVM,
+     which may contain one or more "Service" instances.  The Server
+     listens for a shutdown command on the indicated port.
+
+     Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+
+
+  <!-- Comment these entries out to disable JMX MBeans support -->
+  <!-- You may also configure custom components (e.g. Valves/Realms) by 
+       including your own mbean-descriptor file(s), and setting the 
+       "descriptors" attribute to point to a ';' seperated list of paths
+       (in the ClassLoader sense) of files to add to the default list.
+       e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
+  -->
+  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+            debug="0"/>
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
+            debug="0"/>
+
+  <!-- Global JNDI resources -->
+  <GlobalNamingResources>
+
+    <!-- Test entry for demonstration purposes -->
+    <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+       description="User database that can be updated and saved">
+    </Resource>
+    <ResourceParams name="UserDatabase">
+      <parameter>
+        <name>factory</name>
+        <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
+      </parameter>
+      <parameter>
+        <name>pathname</name>
+        <value>conf/tomcat-users.xml</value>
+      </parameter>
+    </ResourceParams>
+
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" (and therefore the web applications visible
+       within that Container).  Normally, that Container is an "Engine",
+       but this is not required.
+
+       Note:  A "Service" is not itself a "Container", so you may not
+       define subcomponents such as "Valves" or "Loggers" at this level.
+   -->
+
+  <!-- Define the Tomcat Stand-Alone Service -->
+  <Service name="Catalina">
+
+    <!-- A "Connector" represents an endpoint by which requests are received
+         and responses are returned.  Each Connector passes requests on to the
+         associated "Container" (normally an Engine) for processing.
+
+         By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+         You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+         following the instructions below and uncommenting the second Connector
+         entry.  SSL support requires the following steps (see the SSL Config
+         HOWTO in the Tomcat 5 documentation bundle for more detailed
+         instructions):
+         * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
+           later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
+         * Execute:
+             %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+             $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
+           with a password value of "changeit" for both the certificate and
+           the keystore itself.
+
+         By default, DNS lookups are enabled when a web application calls
+         request.getRemoteHost().  This can have an adverse impact on
+         performance, so you can disable it by setting the
+         "enableLookups" attribute to "false".  When DNS lookups are disabled,
+         request.getRemoteHost() will return the String version of the
+         IP address of the remote client.
+    -->
+
+    <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+    <Connector port="8080"
+               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+               enableLookups="false" redirectPort="8443" acceptCount="100"
+               debug="0" connectionTimeout="20000" 
+               disableUploadTimeout="true" />
+    <!-- Note : To disable connection timeouts, set connectionTimeout value
+     to 0 -->
+	
+	<!-- Note : To use gzip compression you could set the following properties :
+	
+			   compression="on" 
+			   compressionMinSize="2048" 
+			   noCompressionUserAgents="gozilla, traviata" 
+			   compressableMimeType="text/html,text/xml"
+	-->
+
+    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+    <!--
+    <Connector port="8443" 
+               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+               enableLookups="false" disableUploadTimeout="true"
+               acceptCount="100" debug="0" scheme="https" secure="true"
+               clientAuth="false" sslProtocol="TLS" />
+    -->
+
+    <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+    <Connector port="8009" 
+               enableLookups="false" redirectPort="8443" debug="0"
+               protocol="AJP/1.3" />
+
+    <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
+    <!-- See proxy documentation for more information about using this. -->
+    <!--
+    <Connector port="8082" 
+               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+               enableLookups="false"
+               acceptCount="100" debug="0" connectionTimeout="20000"
+               proxyPort="80" disableUploadTimeout="true" />
+    -->
+
+    <!-- An Engine represents the entry point (within Catalina) that processes
+         every request.  The Engine implementation for Tomcat stand alone
+         analyzes the HTTP headers included with the request, and passes them
+         on to the appropriate Host (virtual host). -->
+
+    <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
+    <Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">         
+    --> 
+         
+    <!-- Define the top level container in our container hierarchy -->
+    <Engine name="Catalina" defaultHost="localhost" debug="0">
+
+      <!-- The request dumper valve dumps useful debugging information about
+           the request headers and cookies that were received, and the response
+           headers and cookies that were sent, for all requests received by
+           this instance of Tomcat.  If you care only about requests to a
+           particular virtual host, or a particular application, nest this
+           element inside the corresponding <Host> or <Context> entry instead.
+
+           For a similar mechanism that is portable to all Servlet 2.4
+           containers, check out the "RequestDumperFilter" Filter in the
+           example application (the source for this filter may be found in
+           "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+           Request dumping is disabled by default.  Uncomment the following
+           element to enable it. -->
+      <!--
+      <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+      -->
+
+      <!-- Global logger unless overridden at lower levels -->
+      <Logger className="org.apache.catalina.logger.FileLogger"
+              prefix="catalina_log" suffix=".txt"
+              timestamp="false"/>
+
+      <!-- Because this Realm is here, an instance will be shared globally -->
+
+      <!-- This Realm uses the UserDatabase configured in the global JNDI
+           resources under the key "UserDatabase".  Any edits
+           that are performed against this UserDatabase are immediately
+           available for use by the Realm.  -->
+      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+                 debug="0" resourceName="UserDatabase"/>
+
+      <!-- Comment out the old realm but leave here for now in case we
+           need to go back quickly -->
+      <!--
+      <Realm className="org.apache.catalina.realm.MemoryRealm" />
+      -->
+
+      <!-- Replace the above Realm with one of the following to get a Realm
+           stored in a database and accessed via JDBC -->
+
+      <!--
+      <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
+             driverName="org.gjt.mm.mysql.Driver"
+          connectionURL="jdbc:mysql://localhost/authority"
+         connectionName="test" connectionPassword="test"
+              userTable="users" userNameCol="user_name" userCredCol="user_pass"
+          userRoleTable="user_roles" roleNameCol="role_name" />
+      -->
+
+      <!--
+      <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
+             driverName="oracle.jdbc.driver.OracleDriver"
+          connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
+         connectionName="scott" connectionPassword="tiger"
+              userTable="users" userNameCol="user_name" userCredCol="user_pass"
+          userRoleTable="user_roles" roleNameCol="role_name" />
+      -->
+
+      <!--
+      <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
+             driverName="sun.jdbc.odbc.JdbcOdbcDriver"
+          connectionURL="jdbc:odbc:CATALINA"
+              userTable="users" userNameCol="user_name" userCredCol="user_pass"
+          userRoleTable="user_roles" roleNameCol="role_name" />
+      -->
+
+      <!-- Define the default virtual host
+           Note: XML Schema validation will not work with Xerces 2.2.
+       -->
+      <Host name="localhost" debug="0" appBase="webapps"
+       unpackWARs="true" autoDeploy="true"
+       xmlValidation="false" xmlNamespaceAware="false">
+
+        <!-- Defines a cluster for this node,
+             By defining this element, means that every manager will be changed.
+             So when running a cluster, only make sure that you have webapps in there
+             that need to be clustered and remove the other ones.
+             A cluster has the following parameters:
+
+             className = the fully qualified name of the cluster class
+
+             name = a descriptive name for your cluster, can be anything
+
+             debug = the debug level, higher means more output
+
+             mcastAddr = the multicast address, has to be the same for all the nodes
+
+             mcastPort = the multicast port, has to be the same for all the nodes
+             
+             mcastBindAddr = bind the multicast socket to a specific address
+             
+             mcastTTL = the multicast TTL if you want to limit your broadcast
+             
+             mcastSoTimeout = the multicast readtimeout 
+
+             mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
+
+             mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
+
+             tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes 
+
+             tcpListenAddress = the listen address (bind address) for TCP cluster request on this host, 
+                                in case of multiple ethernet cards.
+                                auto means that address becomes
+                                InetAddress.getLocalHost().getHostAddress()
+
+             tcpListenPort = the tcp listen port
+
+             tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
+                                  has a wakup bug in java.nio. Set to 0 for no timeout
+
+             printToScreen = true means that managers will also print to std.out
+
+             expireSessionsOnShutdown = true means that 
+
+             useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
+                            false means to replicate the session after each request.
+                            false means that replication would work for the following piece of code:
+                            <%
+                            HashMap map = (HashMap)session.getAttribute("map");
+                            map.put("key","value");
+                            %>
+             replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
+                               * Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
+                               * Synchronous means that the thread that executes the request, is also the
+                               thread the replicates the data to the other nodes, and will not return until all
+                               nodes have received the information.
+                               * Asynchronous means that there is a specific 'sender' thread for each cluster node,
+                               so the request thread will queue the replication request into a "smart" queue,
+                               and then return to the client.
+                               The "smart" queue is a queue where when a session is added to the queue, and the same session
+                               already exists in the queue from a previous request, that session will be replaced
+                               in the queue instead of replicating two requests. This almost never happens, unless there is a 
+                               large network delay.
+        -->             
+        <!--
+            When configuring for clustering, you also add in a valve to catch all the requests
+            coming in, at the end of the request, the session may or may not be replicated.
+            A session is replicated if and only if all the conditions are met:
+            1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
+            2. a session exists (has been created)
+            3. the request is not trapped by the "filter" attribute
+
+            The filter attribute is to filter out requests that could not modify the session,
+            hence we don't replicate the session after the end of this request.
+            The filter is negative, ie, anything you put in the filter, you mean to filter out,
+            ie, no replication will be done on requests that match one of the filters.
+            The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
+
+            filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
+            ending with .gif and .js are intercepted.
+            
+            The deployer element can be used to deploy apps cluster wide.
+            Currently the deployment only deploys/undeploys to working members in the cluster
+            so no WARs are copied upons startup of a broken node.
+            The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
+            When a new war file is added the war gets deployed to the local instance,
+            and then deployed to the other instances in the cluster.
+            When a war file is deleted from the watchDir the war is undeployed locally 
+            and cluster wide
+        -->
+        
+        <!--
+        <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
+                 managerClassName="org.apache.catalina.cluster.session.DeltaManager"
+                 expireSessionsOnShutdown="false"
+                 useDirtyFlag="true">
+
+            <Membership 
+                className="org.apache.catalina.cluster.mcast.McastService"
+                mcastAddr="228.0.0.4"
+                mcastPort="45564"
+                mcastFrequency="500"
+                mcastDropTime="3000"/>
+
+            <Receiver 
+                className="org.apache.catalina.cluster.tcp.ReplicationListener"
+                tcpListenAddress="auto"
+                tcpListenPort="4001"
+                tcpSelectorTimeout="100"
+                tcpThreadCount="6"/>
+
+            <Sender
+                className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
+                replicationMode="pooled"/>
+
+            <Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
+                   filter=".*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;"/>
+                   
+            <Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
+                      tempDir="/tmp/war-temp/"
+                      deployDir="/tmp/war-deploy/"
+                      watchDir="/tmp/war-listen/"
+                      watchEnabled="false"/>
+        </Cluster>
+        -->        
+
+
+
+        <!-- Normally, users must authenticate themselves to each web app
+             individually.  Uncomment the following entry if you would like
+             a user to be authenticated the first time they encounter a
+             resource protected by a security constraint, and then have that
+             user identity maintained across *all* web applications contained
+             in this virtual host. -->
+        <!--
+        <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+                   debug="0"/>
+        -->
+
+        <!-- Access log processes all requests for this virtual host.  By
+             default, log files are created in the "logs" directory relative to
+             $CATALINA_HOME.  If you wish, you can specify a different
+             directory with the "directory" attribute.  Specify either a relative
+             (to $CATALINA_HOME) or absolute path to the desired directory.
+        -->
+        <!--
+        <Valve className="org.apache.catalina.valves.AccessLogValve"
+                 directory="logs"  prefix="localhost_access_log." suffix=".txt"
+                 pattern="common" resolveHosts="false"/>
+        -->
+
+        <!-- Logger shared by all Contexts related to this virtual host.  By
+             default (when using FileLogger), log files are created in the "logs"
+             directory relative to $CATALINA_HOME.  If you wish, you can specify
+             a different directory with the "directory" attribute.  Specify either a
+             relative (to $CATALINA_HOME) or absolute path to the desired
+             directory.-->
+        <Logger className="org.apache.catalina.logger.FileLogger"
+                 directory="logs"  prefix="localhost_log" suffix=".txt"
+            timestamp="false"/>
+
+      </Host>
+
+    </Engine>
+
+  </Service>
+
+</Server>
diff --git a/CASA-auth-token/java/server/Svc/tomcat5/conf/tomcat-users.xml b/CASA-auth-token/java/server/Svc/tomcat5/conf/tomcat-users.xml
new file mode 100644
index 00000000..6c9f2173
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/tomcat5/conf/tomcat-users.xml
@@ -0,0 +1,3 @@
+<?xml version='1.0' encoding='utf-8'?>
+<tomcat-users>
+</tomcat-users>
diff --git a/CASA-auth-token/java/server/Svc/tomcat5/conf/web.xml b/CASA-auth-token/java/server/Svc/tomcat5/conf/web.xml
new file mode 100644
index 00000000..c41fb027
--- /dev/null
+++ b/CASA-auth-token/java/server/Svc/tomcat5/conf/web.xml
@@ -0,0 +1,964 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+    version="2.4">
+
+  <!-- ======================== Introduction ============================== -->
+  <!-- This document defines default values for *all* web applications      -->
+  <!-- loaded into this instance of Tomcat.  As each application is         -->
+  <!-- deployed, this file is processed, followed by the                    -->
+  <!-- "/WEB-INF/web.xml" deployment descriptor from your own               -->
+  <!-- applications.                                                        -->
+  <!--                                                                      -->
+  <!-- WARNING:  Do not configure application-specific resources here!      -->
+  <!-- They should go in the "/WEB-INF/web.xml" file in your application.   -->
+
+
+  <!-- ================== Built In Servlet Definitions ==================== -->
+
+
+  <!-- The default servlet for all web applications, that serves static     -->
+  <!-- resources.  It processes all requests that are not mapped to other   -->
+  <!-- servlets with servlet mappings (defined either here or in your own   -->
+  <!-- web.xml file.  This servlet supports the following initialization    -->
+  <!-- parameters (default values are in square brackets):                  -->
+  <!--                                                                      -->
+  <!--   debug               Debugging detail level for messages logged     -->
+  <!--                       by this servlet.  [0]                          -->
+  <!--                                                                      -->
+  <!--   input               Input buffer size (in bytes) when reading      -->
+  <!--                       resources to be served.  [2048]                -->
+  <!--                                                                      -->
+  <!--   listings            Should directory listings be produced if there -->
+  <!--                       is no welcome file in this directory?  [true]  -->
+  <!--                                                                      -->
+  <!--   output              Output buffer size (in bytes) when writing     -->
+  <!--                       resources to be served.  [2048]                -->
+  <!--                                                                      -->
+  <!--   readonly            Is this context "read only", so HTTP           -->
+  <!--                       commands like PUT and DELETE are               -->
+  <!--                       rejected?  [true]                              -->
+  <!--                                                                      -->
+  <!--   readmeFile          File name to display with the directory        -->
+  <!--                       contents. [null]                               -->
+  <!--                                                                      -->
+  <!--  For directory listing customization. Checks localXsltFile, then     -->
+  <!--  globalXsltFile, then defaults to original behavior.                 -->
+  <!--                                                                      -->
+  <!--   localXsltFile       Make directory listings an XML doc and         -->
+  <!--                       pass the result to this style sheet residing   -->
+  <!--                       in that directory. This overrides              -->
+  <!--                        globalXsltFile[null]                          -->
+  <!--                                                                      -->
+  <!--   globalXsltFile      Site wide configuration version of             -->
+  <!--                       localXsltFile This argument is expected        -->
+  <!--                       to be a physical file. [null]                  -->
+  <!--                                                                      -->
+  <!--                                                                      -->
+
+    <servlet>
+        <servlet-name>default</servlet-name>
+        <servlet-class>
+          org.apache.catalina.servlets.DefaultServlet
+        </servlet-class>
+        <init-param>
+            <param-name>debug</param-name>
+            <param-value>0</param-value>
+        </init-param>
+        <init-param>
+            <param-name>listings</param-name>
+            <param-value>true</param-value>
+        </init-param>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+
+
+  <!-- The "invoker" servlet, which executes anonymous servlet classes      -->
+  <!-- that have not been defined in a web.xml file.  Traditionally, this   -->
+  <!-- servlet is mapped to the URL pattern "/servlet/*", but you can map   -->
+  <!-- it to other patterns as well.  The extra path info portion of such a -->
+  <!-- request must be the fully qualified class name of a Java class that  -->
+  <!-- implements Servlet (or extends HttpServlet), or the servlet name     -->
+  <!-- of an existing servlet definition.     This servlet supports the     -->
+  <!-- following initialization parameters (default values are in square    -->
+  <!-- brackets):                                                           -->
+  <!--                                                                      -->
+  <!--   debug               Debugging detail level for messages logged     -->
+  <!--                       by this servlet.  [0]                          -->
+
+<!--
+    <servlet>
+        <servlet-name>invoker</servlet-name>
+        <servlet-class>
+          org.apache.catalina.servlets.InvokerServlet
+        </servlet-class>
+        <init-param>
+            <param-name>debug</param-name>
+            <param-value>0</param-value>
+        </init-param>
+        <load-on-startup>2</load-on-startup>
+    </servlet>
+-->
+
+
+  <!-- The JSP page compiler and execution servlet, which is the mechanism  -->
+  <!-- used by Tomcat to support JSP pages.  Traditionally, this servlet    -->
+  <!-- is mapped to the URL pattern "*.jsp".  This servlet supports the     -->
+  <!-- following initialization parameters (default values are in square    -->
+  <!-- brackets):                                                           -->
+  <!--                                                                      -->
+  <!--   checkInterval       If development is false and reloading is true, -->
+  <!--                       background compiles are enabled. checkInterval -->
+  <!--                       is the time in seconds between checks to see   -->
+  <!--                       if a JSP page needs to be recompiled. [300]    -->
+  <!--                                                                      -->
+  <!--   compiler            Which compiler Ant should use to compile JSP   -->
+  <!--                       pages.  See the Ant documentation for more     -->
+  <!--                       information. [javac]                           -->
+  <!--                                                                      -->
+  <!--   classdebuginfo      Should the class file be compiled with         -->
+  <!--                       debugging information?  [true]                 -->
+  <!--                                                                      -->
+  <!--   classpath           What class path should I use while compiling   -->
+  <!--                       generated servlets?  [Created dynamically      -->
+  <!--                       based on the current web application]          -->
+  <!--                                                                      -->
+  <!--   development         Is Jasper used in development mode (will check -->
+  <!--                       for JSP modification on every access)?  [true] -->
+  <!--                                                                      -->
+  <!--   enablePooling       Determines whether tag handler pooling is      -->
+  <!--                       enabled  [true]                                -->
+  <!--                                                                      -->
+  <!--   fork                Tell Ant to fork compiles of JSP pages so that -->
+  <!--                       a separate JVM is used for JSP page compiles   -->
+  <!--                       from the one Tomcat is running in. [true]      -->
+  <!--                                                                      -->
+  <!--   ieClassId           The class-id value to be sent to Internet      -->
+  <!--                       Explorer when using <jsp:plugin> tags.         -->
+  <!--                       [clsid:8AD9C840-044E-11D1-B3E9-00805F499D93]   -->
+  <!--                                                                      -->
+  <!--   javaEncoding        Java file encoding to use for generating java  -->
+  <!--                       source files. [UTF8]                           -->
+  <!--                                                                      -->
+  <!--   keepgenerated       Should we keep the generated Java source code  -->
+  <!--                       for each page instead of deleting it? [true]   -->
+  <!--                                                                      -->
+  <!--   mappedfile          Should we generate static content with one     -->
+  <!--                       print statement per input line, to ease        -->
+  <!--                       debugging?  [true]                            -->
+  <!--                                                                      -->
+  <!--   trimSpaces          Should white spaces in template text between   -->
+  <!--                       actions or directives be trimmed?  [false]     -->
+  <!--                                                                      -->
+  <!--   reloading           Should Jasper check for modified JSPs?  [true] -->
+  <!--                                                                      -->
+  <!--   suppressSmap        Should the generation of SMAP info for JSR45   -->
+  <!--                       debugging be suppressed?  [false]              -->
+  <!--                                                                      -->
+  <!--   dumpSmap            Should the SMAP info for JSR45 debugging be    -->
+  <!--                       dumped to a file? [false]                      -->
+  <!--                       False if suppressSmap is true                  -->
+  <!--                                                                      -->
+  <!--   genStrAsCharArray   Should text strings be generated as char       -->
+  <!--                       arrays, to improve performance in some cases?  -->
+  <!--                       [false]                                        -->
+  <!--                                                                      -->
+  <!--   errorOnUseBeanInvalidClassAttribute                                -->
+  <!--                       Should Jasper issue an error when the value of -->
+  <!--                       the class attribute in an useBean action is    -->
+  <!--                       not a valid bean class?  [true]                -->
+  <!--                                                                      -->
+  <!--   scratchdir          What scratch directory should we use when      -->
+  <!--                       compiling JSP pages?  [default work directory  -->
+  <!--                       for the current web application]               -->
+  <!--                                                                      -->
+  <!--   xpoweredBy          Determines whether X-Powered-By response       -->
+  <!--                       header is added by generated servlet  [false]  -->
+  <!--                                                                      -->
+  <!-- If you wish to use Jikes to compile JSP pages:                       -->
+  <!--   Set the init parameter "compiler" to "jikes".  Define              -->
+  <!--   the property "-Dbuild.compiler.emacs=true" when starting Tomcat    -->
+  <!--   by adding the above to your CATALINA_OPTS environment variable.    -->
+  <!--   If you get an error reporting that jikes can't use UTF8 encoding,  -->
+  <!--   try setting the init parameter "javaEncoding" to "ISO-8859-1".     -->
+
+    <servlet>
+        <servlet-name>jsp</servlet-name>
+        <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
+        <init-param>
+            <param-name>fork</param-name>
+            <param-value>false</param-value>
+        </init-param>
+        <init-param>
+            <param-name>xpoweredBy</param-name>
+            <param-value>false</param-value>
+        </init-param>
+        <load-on-startup>3</load-on-startup>
+    </servlet>
+
+
+  <!-- Server Side Includes processing servlet, which processes SSI         -->
+  <!-- directives in HTML pages consistent with similar support in web      -->
+  <!-- servers like Apache.  Traditionally, this servlet is mapped to the   -->
+  <!-- URL pattern "*.shtml".  This servlet supports the following          -->
+  <!-- initialization parameters (default values are in square brackets):   -->
+  <!--                                                                      -->
+  <!--   buffered            Should output from this servlet be buffered?   -->
+  <!--                       (0=false, 1=true)  [0]                         -->
+  <!--                                                                      -->
+  <!--   debug               Debugging detail level for messages logged     -->
+  <!--                       by this servlet.  [0]                          -->
+  <!--                                                                      -->
+  <!--   expires             The number of seconds before a page with SSI   -->
+  <!--                       directives will expire.  [No default]          -->
+  <!--                                                                      -->
+  <!--   isVirtualWebappRelative                                            -->
+  <!--                       Should "virtual" paths be interpreted as       -->
+  <!--                       relative to the context root, instead of       -->
+  <!--                       the server root?  (0=false, 1=true) [0]        -->
+  <!--                                                                      -->
+  <!--                                                                      -->
+  <!-- IMPORTANT: To use the SSI servlet, you also need to rename the       -->
+  <!--            $CATALINA_HOME/server/lib/servlets-ssi.renametojar file   -->
+  <!--            to $CATALINA_HOME/server/lib/servlets-ssi.jar             -->
+
+<!--
+    <servlet>
+        <servlet-name>ssi</servlet-name>
+        <servlet-class>
+          org.apache.catalina.ssi.SSIServlet
+        </servlet-class>
+        <init-param>
+          <param-name>buffered</param-name>
+          <param-value>1</param-value>
+        </init-param>
+        <init-param>
+          <param-name>debug</param-name>
+          <param-value>0</param-value>
+        </init-param>
+        <init-param>
+          <param-name>expires</param-name>
+          <param-value>666</param-value>
+        </init-param>
+        <init-param>
+          <param-name>isVirtualWebappRelative</param-name>
+          <param-value>0</param-value>
+        </init-param>
+        <load-on-startup>4</load-on-startup>
+    </servlet>
+-->
+
+
+  <!-- Common Gateway Includes (CGI) processing servlet, which supports     -->
+  <!-- execution of external applications that conform to the CGI spec      -->
+  <!-- requirements.  Typically, this servlet is mapped to the URL pattern  -->
+  <!-- "/cgi-bin/*", which means that any CGI applications that are         -->
+  <!-- executed must be present within the web application.  This servlet   -->
+  <!-- supports the following initialization parameters (default values     -->
+  <!-- are in square brackets):                                             -->
+  <!--                                                                      -->
+  <!--   cgiPathPrefix       The CGI search path will start at              -->
+  <!--                       webAppRootDir + File.separator + this prefix.  -->
+  <!--                       [WEB-INF/cgi]                                  -->
+  <!--                                                                      -->
+  <!--   debug               Debugging detail level for messages logged     -->
+  <!--                       by this servlet.  [0]                          -->
+  <!--                                                                      -->
+  <!--   executable          Name of the exectuable used to run the script. -->
+  <!--                       [perl]                                         -->
+  <!--                                                                      -->
+  <!-- IMPORTANT: To use the CGI servlet, you also need to rename the       -->
+  <!--            $CATALINA_HOME/server/lib/servlets-cgi.renametojar file   -->
+  <!--            to $CATALINA_HOME/server/lib/servlets-cgi.jar             -->
+
+<!--
+    <servlet>
+        <servlet-name>cgi</servlet-name>
+        <servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class>
+        <init-param>
+          <param-name>debug</param-name>
+          <param-value>6</param-value>
+        </init-param>
+        <init-param>
+          <param-name>cgiPathPrefix</param-name>
+          <param-value>WEB-INF/cgi</param-value>
+        </init-param>
+         <load-on-startup>5</load-on-startup>
+    </servlet>
+-->
+
+
+  <!-- ================ Built In Servlet Mappings ========================= -->
+
+
+  <!-- The servlet mappings for the built in servlets defined above.  Note  -->
+  <!-- that, by default, the CGI and SSI servlets are *not* mapped.  You    -->
+  <!-- must uncomment these mappings (or add them to your application's own -->
+  <!-- web.xml deployment descriptor) to enable these services              -->
+
+    <!-- The mapping for the default servlet -->
+    <servlet-mapping>
+        <servlet-name>default</servlet-name>
+        <url-pattern>/</url-pattern>
+    </servlet-mapping>
+
+    <!-- The mapping for the invoker servlet -->
+<!--
+    <servlet-mapping>
+        <servlet-name>invoker</servlet-name>
+        <url-pattern>/servlet/*</url-pattern>
+    </servlet-mapping>
+-->
+
+    <!-- The mapping for the JSP servlet -->
+    <servlet-mapping>
+        <servlet-name>jsp</servlet-name>
+        <url-pattern>*.jsp</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>jsp</servlet-name>
+        <url-pattern>*.jspx</url-pattern>
+    </servlet-mapping>
+
+    <!-- The mapping for the SSI servlet -->
+<!--
+    <servlet-mapping>
+        <servlet-name>ssi</servlet-name>
+        <url-pattern>*.shtml</url-pattern>
+    </servlet-mapping>
+-->
+
+    <!-- The mapping for the CGI Gateway servlet -->
+
+<!--
+    <servlet-mapping>
+        <servlet-name>cgi</servlet-name>
+        <url-pattern>/cgi-bin/*</url-pattern>
+    </servlet-mapping>
+-->
+
+
+  <!-- ==================== Default Session Configuration ================= -->
+  <!-- You can set the default session timeout (in minutes) for all newly   -->
+  <!-- created sessions by modifying the value below.                       -->
+
+    <session-config>
+        <session-timeout>30</session-timeout>
+    </session-config>
+
+
+  <!-- ===================== Default MIME Type Mappings =================== -->
+  <!-- When serving static resources, Tomcat will automatically generate    -->
+  <!-- a "Content-Type" header based on the resource's filename extension,  -->
+  <!-- based on these mappings.  Additional mappings can be added here (to  -->
+  <!-- apply to all web applications), or in your own application's web.xml -->
+  <!-- deployment descriptor.                                               -->
+
+    <mime-mapping>
+        <extension>abs</extension>
+        <mime-type>audio/x-mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ai</extension>
+        <mime-type>application/postscript</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>aif</extension>
+        <mime-type>audio/x-aiff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>aifc</extension>
+        <mime-type>audio/x-aiff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>aiff</extension>
+        <mime-type>audio/x-aiff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>aim</extension>
+        <mime-type>application/x-aim</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>art</extension>
+        <mime-type>image/x-jg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>asf</extension>
+        <mime-type>video/x-ms-asf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>asx</extension>
+        <mime-type>video/x-ms-asf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>au</extension>
+        <mime-type>audio/basic</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>avi</extension>
+        <mime-type>video/x-msvideo</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>avx</extension>
+        <mime-type>video/x-rad-screenplay</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>bcpio</extension>
+        <mime-type>application/x-bcpio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>bin</extension>
+        <mime-type>application/octet-stream</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>bmp</extension>
+        <mime-type>image/bmp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>body</extension>
+        <mime-type>text/html</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cdf</extension>
+        <mime-type>application/x-cdf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cer</extension>
+        <mime-type>application/x-x509-ca-cert</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>class</extension>
+        <mime-type>application/java</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cpio</extension>
+        <mime-type>application/x-cpio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>csh</extension>
+        <mime-type>application/x-csh</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>css</extension>
+        <mime-type>text/css</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dib</extension>
+        <mime-type>image/bmp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>doc</extension>
+        <mime-type>application/msword</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dtd</extension>
+        <mime-type>application/xml-dtd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dv</extension>
+        <mime-type>video/x-dv</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dvi</extension>
+        <mime-type>application/x-dvi</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>eps</extension>
+        <mime-type>application/postscript</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>etx</extension>
+        <mime-type>text/x-setext</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>exe</extension>
+        <mime-type>application/octet-stream</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gif</extension>
+        <mime-type>image/gif</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gtar</extension>
+        <mime-type>application/x-gtar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gz</extension>
+        <mime-type>application/x-gzip</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>hdf</extension>
+        <mime-type>application/x-hdf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>hqx</extension>
+        <mime-type>application/mac-binhex40</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>htc</extension>
+        <mime-type>text/x-component</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>htm</extension>
+        <mime-type>text/html</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>html</extension>
+        <mime-type>text/html</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>hqx</extension>
+        <mime-type>application/mac-binhex40</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ief</extension>
+        <mime-type>image/ief</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jad</extension>
+        <mime-type>text/vnd.sun.j2me.app-descriptor</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jar</extension>
+        <mime-type>application/java-archive</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>java</extension>
+        <mime-type>text/plain</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jnlp</extension>
+        <mime-type>application/x-java-jnlp-file</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jpe</extension>
+        <mime-type>image/jpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jpeg</extension>
+        <mime-type>image/jpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jpg</extension>
+        <mime-type>image/jpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>js</extension>
+        <mime-type>text/javascript</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jsf</extension>
+        <mime-type>text/plain</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jspf</extension>
+        <mime-type>text/plain</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>kar</extension>
+        <mime-type>audio/x-midi</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>latex</extension>
+        <mime-type>application/x-latex</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>m3u</extension>
+        <mime-type>audio/x-mpegurl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mac</extension>
+        <mime-type>image/x-macpaint</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>man</extension>
+        <mime-type>application/x-troff-man</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mathml</extension>
+        <mime-type>application/mathml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>me</extension>
+        <mime-type>application/x-troff-me</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mid</extension>
+        <mime-type>audio/x-midi</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>midi</extension>
+        <mime-type>audio/x-midi</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mif</extension>
+        <mime-type>application/x-mif</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mov</extension>
+        <mime-type>video/quicktime</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>movie</extension>
+        <mime-type>video/x-sgi-movie</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mp1</extension>
+        <mime-type>audio/x-mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mp2</extension>
+        <mime-type>audio/x-mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mp3</extension>
+        <mime-type>audio/x-mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpa</extension>
+        <mime-type>audio/x-mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpe</extension>
+        <mime-type>video/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpeg</extension>
+        <mime-type>video/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpega</extension>
+        <mime-type>audio/x-mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpg</extension>
+        <mime-type>video/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpv2</extension>
+        <mime-type>video/mpeg2</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ms</extension>
+        <mime-type>application/x-wais-source</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>nc</extension>
+        <mime-type>application/x-netcdf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>oda</extension>
+        <mime-type>application/oda</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ogg</extension>
+        <mime-type>application/ogg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pbm</extension>
+        <mime-type>image/x-portable-bitmap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pct</extension>
+        <mime-type>image/pict</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pdf</extension>
+        <mime-type>application/pdf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pgm</extension>
+        <mime-type>image/x-portable-graymap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pic</extension>
+        <mime-type>image/pict</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pict</extension>
+        <mime-type>image/pict</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pls</extension>
+        <mime-type>audio/x-scpls</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>png</extension>
+        <mime-type>image/png</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pnm</extension>
+        <mime-type>image/x-portable-anymap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pnt</extension>
+        <mime-type>image/x-macpaint</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ppm</extension>
+        <mime-type>image/x-portable-pixmap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ppt</extension>
+        <mime-type>application/powerpoint</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ps</extension>
+        <mime-type>application/postscript</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>psd</extension>
+        <mime-type>image/x-photoshop</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qt</extension>
+        <mime-type>video/quicktime</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qti</extension>
+        <mime-type>image/x-quicktime</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qtif</extension>
+        <mime-type>image/x-quicktime</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ras</extension>
+        <mime-type>image/x-cmu-raster</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rdf</extension>
+        <mime-type>application/rdf+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rgb</extension>
+        <mime-type>image/x-rgb</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rm</extension>
+        <mime-type>application/vnd.rn-realmedia</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>roff</extension>
+        <mime-type>application/x-troff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rtf</extension>
+        <mime-type>application/rtf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rtx</extension>
+        <mime-type>text/richtext</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sh</extension>
+        <mime-type>application/x-sh</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>shar</extension>
+        <mime-type>application/x-shar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>smf</extension>
+        <mime-type>audio/x-midi</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sit</extension>
+        <mime-type>application/x-stuffit</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>snd</extension>
+        <mime-type>audio/basic</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>src</extension>
+        <mime-type>application/x-wais-source</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sv4cpio</extension>
+        <mime-type>application/x-sv4cpio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sv4crc</extension>
+        <mime-type>application/x-sv4crc</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>svg</extension>
+        <mime-type>image/svg+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>swf</extension>
+        <mime-type>application/x-shockwave-flash</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>t</extension>
+        <mime-type>application/x-troff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tar</extension>
+        <mime-type>application/x-tar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tcl</extension>
+        <mime-type>application/x-tcl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tex</extension>
+        <mime-type>application/x-tex</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>texi</extension>
+        <mime-type>application/x-texinfo</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>texinfo</extension>
+        <mime-type>application/x-texinfo</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tif</extension>
+        <mime-type>image/tiff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tiff</extension>
+        <mime-type>image/tiff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tr</extension>
+        <mime-type>application/x-troff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tsv</extension>
+        <mime-type>text/tab-separated-values</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>txt</extension>
+        <mime-type>text/plain</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ulw</extension>
+        <mime-type>audio/basic</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ustar</extension>
+        <mime-type>application/x-ustar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vxml</extension>
+        <mime-type>application/voicexml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xbm</extension>
+        <mime-type>image/x-xbitmap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xht</extension>
+        <mime-type>application/xhtml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xhtml</extension>
+        <mime-type>application/xhtml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xml</extension>
+        <mime-type>application/xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xpm</extension>
+        <mime-type>image/x-xpixmap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xsl</extension>
+        <mime-type>application/xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xslt</extension>
+        <mime-type>application/xslt+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xul</extension>
+        <mime-type>application/vnd.mozilla.xul+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xwd</extension>
+        <mime-type>image/x-xwindowdump</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wav</extension>
+        <mime-type>audio/x-wav</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>svg</extension>
+        <mime-type>image/svg+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>svgz</extension>
+        <mime-type>image/svg+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vsd</extension>
+        <mime-type>application/x-visio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- Wireless Bitmap -->
+        <extension>wbmp</extension>
+        <mime-type>image/vnd.wap.wbmp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- WML Source -->
+        <extension>wml</extension>
+        <mime-type>text/vnd.wap.wml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- Compiled WML -->
+        <extension>wmlc</extension>
+        <mime-type>application/vnd.wap.wmlc</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- WML Script Source -->
+        <extension>wmls</extension>
+        <mime-type>text/vnd.wap.wmlscript</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- Compiled WML Script -->
+        <extension>wmlscriptc</extension>
+        <mime-type>application/vnd.wap.wmlscriptc</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wrl</extension>
+        <mime-type>x-world/x-vrml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>Z</extension>
+        <mime-type>application/x-compress</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>z</extension>
+        <mime-type>application/x-compress</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>zip</extension>
+        <mime-type>application/zip</mime-type>
+    </mime-mapping>
+
+
+  <!-- ==================== Default Welcome File List ===================== -->
+  <!-- When a request URI refers to a directory, the default servlet looks  -->
+  <!-- for a "welcome file" within that directory and, if present,          -->
+  <!-- to the corresponding resource URI for display.  If no welcome file   -->
+  <!-- is present, the default servlet either serves a directory listing,   -->
+  <!-- or returns a 404 status, depending on how it is configured.          -->
+  <!--                                                                      -->
+  <!-- If you define welcome files in your own application's web.xml        -->
+  <!-- deployment descriptor, that list *replaces* the list configured      -->
+  <!-- here, so be sure that you include any of the default values that     -->
+  <!-- you wish to include.                                                 -->
+
+    <welcome-file-list>
+        <welcome-file>index.html</welcome-file>
+        <welcome-file>index.htm</welcome-file>
+        <welcome-file>index.jsp</welcome-file>
+    </welcome-file-list>
+
+</web-app>