geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Created the ATS daemon and made necessary RPM install changes to allow

Browse Source 
for its deployment.
This commit is contained in:
Juan Carlos Luciani 2006-10-18 23:26:16 +00:00
parent 5436a84b0a
commit 86515d118a
36 changed files with 2446 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CASA-auth-token/java/configure.in
View File

@ -273,6 +273,11 @@ server/Svc/src/com/Makefile
server/Svc/src/com/novell/Makefile server/Svc/src/com/novell/Makefile
server/Svc/src/com/novell/casa/Makefile server/Svc/src/com/novell/casa/Makefile
server/Svc/src/com/novell/casa/authtoksvc/Makefile server/Svc/src/com/novell/casa/authtoksvc/Makefile
server/Svc/tomcat5/Makefile
server/Svc/tomcat5/conf/Makefile
server/Svc/tomcat5/conf/Catalina/Makefile
server/Svc/tomcat5/conf/Catalina/localhost/Makefile
server/Svc/linux/Makefile
server/Jaas/Makefile server/Jaas/Makefile
server/Jaas/src/Makefile server/Jaas/src/Makefile
server/Jaas/src/com/Makefile server/Jaas/src/com/Makefile
@ -280,5 +285,6 @@ server/Jaas/src/com/novell/Makefile
server/Jaas/src/com/novell/casa/Makefile server/Jaas/src/com/novell/casa/Makefile
server/Jaas/src/com/novell/casa/jaas/Makefile server/Jaas/src/com/novell/casa/jaas/Makefile
server/Jaas/src/com/novell/casa/jaas/sample/Makefile server/Jaas/src/com/novell/casa/jaas/sample/Makefile
server/Jaas/linux/Makefile
]) ])

9
CASA-auth-token/java/package/linux/CASA_auth_token_svc.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Wed Oct 18 17:22:01 MDT 2006 - jluciani@novell.com
- Updated the RPM install of the ATS to install it as a service
and create the necessary signing keys.
- Made changes to other components to integrate with the new
RPM install changes.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Oct 10 08:45:22 MDT 2006 - jluciani@novell.com Tue Oct 10 08:45:22 MDT 2006 - jluciani@novell.com

169
CASA-auth-token/java/package/linux/CASA_auth_token_svc.spec.in
View File

@ -17,7 +17,7 @@
Name: @PACKAGE@ Name: @PACKAGE@
URL: http://www.novell.com/products URL: http://www.novell.com/products
BuildRequires: libstdc++ gcc-c++ glib2-devel libstdc++-devel pkgconfig java-1_5_0-ibm java-1_5_0-ibm-devel java-1_5_0-ibm-alsa update-alternatives mono-devel servletapi5 identity-abstraction BuildRequires: libstdc++ gcc-c++ glib2-devel libstdc++-devel pkgconfig java-1_5_0-ibm java-1_5_0-ibm-devel java-1_5_0-ibm-alsa update-alternatives mono-devel servletapi5 identity-abstraction sysvinit insserv
%define prefix /usr %define prefix /usr
License: LGPL License: LGPL
Group: Applications/System Group: Applications/System
@ -28,8 +28,10 @@ Release: 0
Summary: Novell Common Authentication Services Adapter Authentication Token Infrastructure "Java" (CASA_auth_token) Summary: Novell Common Authentication Services Adapter Authentication Token Infrastructure "Java" (CASA_auth_token)
Source: %{name}-%{version}.tar.bz2 Source: %{name}-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: java-1_5_0-ibm servletapi5 tomcat5 Requires: java-1_5_0-ibm servletapi5 tomcat5 sysvinit insserv
PreReq: %fillup_prereq %insserv_prereq PreReq: %fillup_prereq %insserv_prereq
PreReq: /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd
PreReq: /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent
BuildArchitectures: noarch BuildArchitectures: noarch
%description %description
@ -97,24 +99,64 @@ install -d %{buildroot}%{prefix}/share
install -d %{buildroot}%{prefix}/share/java install -d %{buildroot}%{prefix}/share/java
install -d %{buildroot}%{prefix}/share/java/CASA install -d %{buildroot}%{prefix}/share/java/CASA
install -d %{buildroot}%{prefix}/share/java/CASA/authtoken install -d %{buildroot}%{prefix}/share/java/CASA/authtoken
install -d %{buildroot}%{prefix}/share/java/CASA/authtoken/bin
install -d %{buildroot}/srv
install -d %{buildroot}/srv/www
install -d %{buildroot}/srv/www/casaats
install -d -m 700 %{buildroot}/srv/www/casaats
install -d -m 700 %{buildroot}/srv/www/casaats/conf
install -d -m 700 %{buildroot}/srv/www/casaats/conf/Catalina
install -d -m 700 %{buildroot}/srv/www/casaats/conf/Catalina/localhost
install -d -m 700 %{buildroot}/srv/www/casaats/shared
install -d -m 700 %{buildroot}/srv/www/casaats/shared/classes
install -d -m 700 %{buildroot}/srv/www/casaats/shared/libs
install -d -m 700 %{buildroot}/srv/www/casaats/webapps
install -d -m 700 %{buildroot}/srv/www/casaats/logs
install -d -m 700 %{buildroot}/srv/www/casaats/work
install -d -m 700 %{buildroot}/srv/www/casaats/temp
install -d %{buildroot}%{prefix}/share/java/CASA/authtoken/external install -d %{buildroot}%{prefix}/share/java/CASA/authtoken/external
install -d %{buildroot}/etc install -d %{buildroot}/etc
install -d %{buildroot}/etc/init.d
install -d -m 755 %{buildroot}/var/lib/CASA install -d -m 755 %{buildroot}/var/lib/CASA
install -d -m 755 %{buildroot}/var/lib/CASA/authtoken install -d -m 755 %{buildroot}/var/lib/CASA/authtoken
install -d -m 755 %{buildroot}/var/lib/CASA/authtoken/svc install -d -m 700 %{buildroot}/var/lib/CASA/authtoken/svc
install -d -m 755 %{buildroot}/etc/CASA install -d -m 755 %{buildroot}/etc/CASA
install -d -m 755 %{buildroot}/etc/CASA/authtoken.d install -d -m 755 %{buildroot}/etc/CASA/authtoken
install -d -m 755 %{buildroot}/etc/CASA/authtoken.d install -d -m 755 %{buildroot}/etc/CASA/authtoken
install -d -m 755 %{buildroot}/etc/CASA/authtoken.d/svc.d install -d -m 700 %{buildroot}/etc/CASA/authtoken/svc
install -d -m 755 %{buildroot}/etc/CASA/authtoken.d/java-keys install -d -m 700 %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms
install -d -m 700 %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate
install -d -m 700 %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/PwdAuthenticate
install -d -m 700 %{buildroot}/etc/CASA/authtoken/svc/enabled_services
install -d -m 700 %{buildroot}/etc/CASA/authtoken/svc/enabled_services/localhost
install -d -m 755 %{buildroot}/etc/CASA/authtoken/keys
install -d -m 700 %{buildroot}/etc/CASA/authtoken/keys/server
install -d -m 755 %{buildroot}/etc/CASA/authtoken/keys/client
## CASA_auth_token_svc ## ## CASA_auth_token_svc ##
# Libs # Libs
install -m 755 %{_lib}/java/CasaAuthTokenSvc.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc-%{bldno}.war install -m 755 %{_lib}/java/CasaAuthTokenSvc.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc-%{bldno}.war
install -m 700 %{_lib}/java/CasaAuthTokenSvc.war %{buildroot}/srv/www/casaats/webapps/CasaAuthTokenSvc.war
# Lib Symbolic Links # Settings and configuration files
ln -sf CasaAuthTokenSvc-%{bldno}.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war install -m 600 server/Svc/svc.settings %{buildroot}/etc/CASA/authtoken/svc/svc.settings
ln -sf CasaAuthTokenSvc-%{bldno}.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war.1 install -m 600 server/Svc/authtoken.settings %{buildroot}/etc/CASA/authtoken/svc/authtoken.settings
install -m 600 server/Svc/identoken.settings %{buildroot}/etc/CASA/authtoken/svc/identoken.settings
install -m 600 server/Svc/src/com/novell/casa/authtoksvc/Krb5_mechanism.settings %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings
install -m 600 server/Svc/src/com/novell/casa/authtoksvc/Pwd_mechanism.settings %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/PwdAuthenticate/mechanism.settings
# Others
install -m 700 server/Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
install -m 755 server/Svc/linux/CasaAuthtokenSvcD %{buildroot}/etc/init.d/casa_atsd
install -m 700 server/Svc/linux/envvars %{buildroot}/etc/CASA/authtoken/svc/envvars
# Tomcat Base files
install -m 600 server/Svc/tomcat5/conf/catalina.policy %{buildroot}/srv/www/casaats/conf/catalina.policy
install -m 600 server/Svc/tomcat5/conf/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
install -m 600 server/Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
install -m 600 server/Svc/tomcat5/conf/server.xml %{buildroot}/srv/www/casaats/conf/server.xml
install -m 600 server/Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
install -m 600 server/Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
## CASA_auth_token_jaas_support ## ## CASA_auth_token_jaas_support ##
# Libs # Libs
@ -135,14 +177,11 @@ install -m 755 server/Svc/external/xalan.jar %{buildroot}%{prefix}/share/java/CA
install -m 755 server/Svc/external/xercesImpl.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xercesImpl.jar install -m 755 server/Svc/external/xercesImpl.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xercesImpl.jar
install -m 755 server/Svc/external/xml-apis.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xml-apis.jar install -m 755 server/Svc/external/xml-apis.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xml-apis.jar
install -m 755 server/Svc/external/xmlsec-1.2.1.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xmlsec-1.2.1.jar install -m 755 server/Svc/external/xmlsec-1.2.1.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/external/xmlsec-1.2.1.jar
install -m 644 server/Svc/crypto.properties %{buildroot}/etc/CASA/authtoken.d/crypto.properties install -m 644 server/Jaas/linux/crypto.properties %{buildroot}/etc/CASA/authtoken/keys/client/crypto.properties
install -m 644 server/Svc/jaas.conf %{buildroot}/etc/CASA/authtoken.d/svc.d/jaas.conf
# Others
install -m 700 server/Jaas/linux/client_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/client_keystore_setup.sh
# Lib Symbolic Links
ln -sf CasaJaasSupport-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar
ln -sf CasaJaasSupport-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar.1
ln -sf CasaAuthToken-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar
ln -sf CasaAuthToken-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar.1
%clean %clean
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
@ -150,31 +189,90 @@ rm -rf $RPM_BUILD_ROOT
## CASA_auth_token_svc ## ## CASA_auth_token_svc ##
%pre %pre
# Nothing to do in this pre script
# Do necessary user and group administration
group_present=`getent group | grep ^casaauth`
if [ -z "$group_present" ] ; then
/usr/sbin/groupadd -r casaauth
fi
user_present=`getent passwd | grep ^casaatsd`
if [ -z "$user_present" ] ; then
/usr/sbin/useradd -c "casaatsd System User" -s /bin/false -r -d /var/lib/CASA/authtoken/validate -g casaauth casaatsd 2> /dev/null || :
fi
%post %post
/sbin/ldconfig # Install casa_atsd init script, set it to start by default.
%{fillup_and_insserv casa_atsd}
# Setup the keystore for the service
%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
%preun %preun
# Nothing to do in this preun script %stop_on_removal casa_atsd
%postun %postun
# Nothing to do in this postun script #Undeploy our webapp
rm -drf %{prefix}/share/java/CASA/authtoken/svc/webapps/CasaAuthTokenSvc
%restart_on_update casa_atsd
%insserv_cleanup
# Do not do anything else if this is an upgrade
if test "$1" == 1; then
exit 0
fi
# Delete the casaatsd user
userdel casaatsd
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%dir %{prefix}/share/java/CASA %dir %{prefix}/share/java/CASA
%dir %{prefix}/share/java/CASA/authtoken %dir %{prefix}/share/java/CASA/authtoken
%dir %{prefix}/share/java/CASA/authtoken/bin
%dir /var/lib/CASA %dir /var/lib/CASA
%dir /var/lib/CASA/authtoken %dir /var/lib/CASA/authtoken
%dir /var/lib/CASA/authtoken/svc %dir /var/lib/CASA/authtoken/svc
%dir /etc/CASA %dir /etc/CASA
%dir /etc/CASA/authtoken.d %dir /etc/CASA/authtoken
%dir /etc/CASA/authtoken.d/svc.d %dir /etc/CASA/authtoken/keys
%dir /etc/CASA/authtoken.d/java-keys
%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc-%{bldno}.war %{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc-%{bldno}.war
%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war %{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war.1 /etc/init.d/casa_atsd
%defattr(-,casaatsd,casaauth)
%dir /srv/www/casaats
%dir /srv/www/casaats/conf
%dir /srv/www/casaats/conf/Catalina
%dir /srv/www/casaats/conf/Catalina/localhost
%dir /srv/www/casaats/shared
%dir /srv/www/casaats/shared/classes
%dir /srv/www/casaats/shared/libs
%dir /srv/www/casaats/webapps
%dir /srv/www/casaats/logs
%dir /srv/www/casaats/work
%dir /srv/www/casaats/temp
%dir /etc/CASA/authtoken/svc
%dir /etc/CASA/authtoken/svc/auth_mechanisms
%dir /etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate
%dir /etc/CASA/authtoken/svc/auth_mechanisms/PwdAuthenticate
%dir /etc/CASA/authtoken/svc/enabled_services
%dir /etc/CASA/authtoken/svc/enabled_services/localhost
%dir /etc/CASA/authtoken/keys/server
/srv/www/casaats/webapps/CasaAuthTokenSvc.war
%config /srv/www/casaats/conf/catalina.policy
%config /srv/www/casaats/conf/catalina.properties
%config /srv/www/casaats/conf/jk2.properties
%config /srv/www/casaats/conf/server.xml
%config /srv/www/casaats/conf/tomcat-users.xml
%config /srv/www/casaats/conf/web.xml
%config /etc/CASA/authtoken/svc/envvars
%config /etc/CASA/authtoken/svc/svc.settings
%config /etc/CASA/authtoken/svc/authtoken.settings
%config /etc/CASA/authtoken/svc/identoken.settings
%config /etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings
%config /etc/CASA/authtoken/svc/auth_mechanisms/PwdAuthenticate/mechanism.settings
## CASA_auth_token_jaas_support ## ## CASA_auth_token_jaas_support ##
@ -184,26 +282,28 @@ rm -rf $RPM_BUILD_ROOT
%post -n CASA_auth_token_jaas_support %post -n CASA_auth_token_jaas_support
/sbin/ldconfig /sbin/ldconfig
# Setup the keystore for the clients
%{prefix}/share/java/CASA/authtoken/bin/client_keystore_setup.sh
%preun -n CASA_auth_token_jaas_support %preun -n CASA_auth_token_jaas_support
# Nothing to do in this preun script # Nothing to do in this preun script
%postun -n CASA_auth_token_jaas_support %postun -n CASA_auth_token_jaas_support
# Nothing to do in this postun script # Nothing to do in this preun script
%files -n CASA_auth_token_jaas_support %files -n CASA_auth_token_jaas_support
%defattr(-,root,root) %defattr(-,root,root)
%dir %{prefix}/share/java/CASA %dir %{prefix}/share/java/CASA
%dir %{prefix}/share/java/CASA/authtoken %dir %{prefix}/share/java/CASA/authtoken
%dir %{prefix}/share/java/CASA/authtoken/bin
%dir %{prefix}/share/java/CASA/authtoken/external %dir %{prefix}/share/java/CASA/authtoken/external
%dir /etc/CASA %dir /etc/CASA
%dir /etc/CASA/authtoken.d %dir /etc/CASA/authtoken
%dir /etc/CASA/authtoken.d/java-keys %dir /etc/CASA/authtoken/keys
%dir /etc/CASA/authtoken/keys/client
%{prefix}/share/java/CASA/authtoken/CasaJaasSupport-%{bldno}.jar %{prefix}/share/java/CASA/authtoken/CasaJaasSupport-%{bldno}.jar
%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar
%{prefix}/share/java/CASA/authtoken/CasaJaasSupport.jar.1
%{prefix}/share/java/CASA/authtoken/CasaAuthToken-%{bldno}.jar %{prefix}/share/java/CASA/authtoken/CasaAuthToken-%{bldno}.jar
%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar %{prefix}/share/java/CASA/authtoken/bin/client_keystore_setup.sh
%{prefix}/share/java/CASA/authtoken/CasaAuthToken.jar.1
%{prefix}/share/java/CASA/authtoken/external/axis.jar %{prefix}/share/java/CASA/authtoken/external/axis.jar
%{prefix}/share/java/CASA/authtoken/external/axis-ant.jar %{prefix}/share/java/CASA/authtoken/external/axis-ant.jar
%{prefix}/share/java/CASA/authtoken/external/commons-discovery-0.2.jar %{prefix}/share/java/CASA/authtoken/external/commons-discovery-0.2.jar
@ -219,8 +319,7 @@ rm -rf $RPM_BUILD_ROOT
%{prefix}/share/java/CASA/authtoken/external/xercesImpl.jar %{prefix}/share/java/CASA/authtoken/external/xercesImpl.jar
%{prefix}/share/java/CASA/authtoken/external/xml-apis.jar %{prefix}/share/java/CASA/authtoken/external/xml-apis.jar
%{prefix}/share/java/CASA/authtoken/external/xmlsec-1.2.1.jar %{prefix}/share/java/CASA/authtoken/external/xmlsec-1.2.1.jar
/etc/CASA/authtoken.d/crypto.properties %config /etc/CASA/authtoken/keys/client/crypto.properties
/etc/CASA/authtoken.d/svc.d/jaas.conf
%changelog -n CASA_auth_token_svc %changelog -n CASA_auth_token_svc

3
CASA-auth-token/java/server/Jaas/Makefile.am
View File

@ -20,10 +20,9 @@
####################################################################### #######################################################################
SUBDIRS = src SUBDIRS = src
DIST_SUBDIRS = src DIST_SUBDIRS = src linux
EXTRA_DIST = $(JAVAFILES) \ EXTRA_DIST = $(JAVAFILES) \
make_and_run_test.sh \
make_test.sh \ make_test.sh \
run_test.sh run_test.sh

22
CASA-auth-token/java/server/Jaas/README
View File

@ -34,10 +34,21 @@ to validate credentials consisting of CASA Authentication Tokens.
CONFIGURATION CONFIGURATION
To use CasaLoginModule for your service, set the java.security.auth.login.config To configure the CasaLoginModule for your service follow the following
property to point to the JAAS configuration file for your application. You must steps:
also set the org.xml.sax.driver property to point to an appropriate SAX Parser.
The Xerces SAX Parser is a good option (org.apache.xerces.parsers.SAXParser). - Set the java.security.auth.login.config property to point to the JAAS
configuration file for your application.
- Set the org.xml.sax.driver property to point to an appropriate SAX Parser.
The Xerces SAX Parser is a good option (org.apache.xerces.parsers.SAXParser).
- Include the "/etc/CASA/authtoken/keys/client" path in the applications
CLASSPATH. This is the location of the crypto.properties file used by the
module to access the keystore with the ATS's signing certificate.
- Add the "/usr/share/java/CASA/authtoken/CasaJaasSupport.jar" and the
"/usr/share/java/CASA/authtoken/CasaAuthToken.jar" paths to the applications
CLASSPATH.
- Add the jar files in the /usr/share/java/CASA/authtoken/external folder
to the applications CLASSPATH.
The JAAS configuration file should include the following line: The JAAS configuration file should include the following line:
@ -84,9 +95,6 @@ SampleApp {
com.novell.casa.jaas.CasaLoginModule Required debug=true; com.novell.casa.jaas.CasaLoginModule Required debug=true;
}; };
You must also include the CasaJaasSupport.jar and CasaAuthToken.jar files in the
CLASSPATH of the application.
SECURITY CONSIDERATIONS SECURITY CONSIDERATIONS
CASA Authenticatication Tokens when compromised can be used to either impersonate CASA Authenticatication Tokens when compromised can be used to either impersonate

38
CASA-auth-token/java/server/Jaas/linux/Makefile.am Normal file
View File

@ -0,0 +1,38 @@
#######################################################################
#
# Copyright (C) 2006 Novell, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
#######################################################################
SUBDIRS =
DIST_SUBDIRS =
CFILES =
EXTRA_DIST = client_keystore_setup.sh \
crypto.properties
.PHONY: package package-clean package-install package-uninstall
package package-clean package-install package-uninstall:
$(MAKE) -C $(TARGET_OS) $@
maintainer-clean-local:
rm -f Makefile.in

51
CASA-auth-token/java/server/Jaas/linux/client_keystore_setup.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/sh
########################################################################
#
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; version 2.1
# of the License.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Library Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, Novell, Inc.
#
# To contact Novell about this file by physical or electronic mail,
# you may find current contact information at www.novell.com.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
########################################################################
#############################################################
# #
# CASA Authentication Token Keystore Setup Script for #
# auththentication token validating clients. #
# #
# This script sets up the certificate associated with the #
# keys used by the ATS to sign authentication tokens in the #
# keystore utilized by token validating clients. #
# #
#############################################################
# Do not do anything if the client keystore has already been created
if [ -f /etc/CASA/authtoken/keys/client/jks-store ]; then
echo "The client keystore is already setup"
else
if [ -f /etc/CASA/authtoken/keys/casaatsdSigningCert ]; then
echo "Setting up the clients's keystore"
# Import the certificate to the client's keystore
/usr/lib/jvm/java-1.5.0-ibm/bin/keytool -import -noprompt -keystore /etc/CASA/authtoken/keys/client/jks-store -alias signingCert -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
# List the content's of the client's keystore
#/usr/lib/jvm/java-1.5.0-ibm/bin/keytool -list -rfc -keystore client/jks-store -alias signingCert -storepass secret
else
echo "File /etc/CASA/authtoken/keys/casaatsdSigningCert not found"
fi
fi

6
CASA-auth-token/java/server/Jaas/linux/crypto.properties Normal file
View File

@ -0,0 +1,6 @@
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=secret
org.apache.ws.security.crypto.merlin.keystore.alias=signingCert
org.apache.ws.security.crypto.merlin.alias.password=secret
org.apache.ws.security.crypto.merlin.file=/etc/CASA/authtoken/keys/client/jks-store

17
CASA-auth-token/java/server/Jaas/make_and_run_test.sh
View File

@ -1,17 +0,0 @@
#!/bin/bash
if [ ! -d build-test ]; then
mkdir build-test
mkdir build-test/classes
else
if [ ! -d build-test/classes ]; then
mkdir build-test/classes
fi
fi
echo "*** Compiling the test application ***"
javac -g -sourcepath src -classpath ../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar -d build-test/classes src/com/novell/casa/jaas/sample/SampleApp.java src/com/novell/casa/jaas/sample/SampleAppCallbackHandler.java
echo "*** Done compiling ***"
echo ""
echo "*** Starting the test application ***"
java -classpath build-test/classes:../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar:/usr/share/java/xerces-j2.jar -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Djava.security.auth.login.config=src/com/novell/casa/jaas/sample/SampleApp.conf com.novell.casa.jaas.sample.SampleApp
#jdb -sourcepath src:../AuthTokenSvc/src -classpath build-test/classes:../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar:/usr/share/java/xerces-j2.jar -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Djava.security.auth.login.config=src/com/novell/casa/jaas/sample/SampleApp.conf com.novell.casa.jaas.sample.SampleApp

2
CASA-auth-token/java/server/Jaas/make_test.sh
View File

@ -8,6 +8,6 @@ else
fi fi
fi fi
echo "*** Compiling the test application ***" echo "*** Compiling the test application ***"
javac -g -sourcepath src -classpath ../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar -d build-test/classes src/com/novell/casa/jaas/sample/SampleApp.java src/com/novell/casa/jaas/sample/SampleAppCallbackHandler.java /usr/lib/jvm/java-1.5.0-ibm/bin/javac -g -sourcepath src -classpath /usr/share/java/CASA/authtoken/CasaJaasSupport.jar:/usr/share/java/CASA/authtoken/CasaAuthToken.jar -d build-test/classes src/com/novell/casa/jaas/sample/SampleApp.java src/com/novell/casa/jaas/sample/SampleAppCallbackHandler.java
echo "*** Done compiling ***" echo "*** Done compiling ***"

4
CASA-auth-token/java/server/Jaas/run_test.sh
View File

@ -1,4 +1,4 @@
echo "*** Starting the test application ***" echo "*** Starting the test application ***"
java -classpath build-test/classes:../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar:/usr/share/java/xerces-j2.jar -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Djava.security.auth.login.config=src/com/novell/casa/jaas/sample/SampleApp.conf -Xrunjdwp:transport=dt_socket,address=5005,server=y,suspend=n com.novell.casa.jaas.sample.SampleApp export JAVA_HOME=/usr/lib/jvm/java-1.5.0-ibm
#jdb -sourcepath src:../AuthTokenSvc/src -classpath build-test/classes:../../lib/java/CasaJaasSupport.jar:../../lib/java/CasaAuthToken.jar:/usr/share/java/xerces-j2.jar -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Djava.security.auth.login.config=src/com/novell/casa/jaas/sample/SampleApp.conf com.novell.casa.jaas.sample.SampleApp /usr/lib/jvm/java-1.5.0-ibm/bin/java -classpath build-test/classes:/usr/share/java/CASA/authtoken/CasaJaasSupport.jar:/usr/share/java/CASA/authtoken/CasaAuthToken.jar:/usr/share/java/CASA/authtoken/external/axis-ant.jar:/usr/share/java/CASA/authtoken/external/axis.jar:/usr/share/java/CASA/authtoken/external/commons-discovery-0.2.jar:/usr/share/java/CASA/authtoken/external/commons-logging-1.0.4.jar:/usr/share/java/CASA/authtoken/external/commons-logging-api.jar:/usr/share/java/CASA/authtoken/external/jaxrpc.jar:/usr/share/java/CASA/authtoken/external/log4j-1.2.8.jar:/usr/share/java/CASA/authtoken/external/saaj.jar:/usr/share/java/CASA/authtoken/external/wsdl4j-1.5.1.jar:/usr/share/java/CASA/authtoken/external/wss4j-1.5.0.jar:/usr/share/java/CASA/authtoken/external/xalan.jar:/usr/share/java/CASA/authtoken/external/xercesImpl.jar:/usr/share/java/CASA/authtoken/external/xml-apis.jar:/usr/share/java/CASA/authtoken/external/xmlsec-1.2.1.jar:/usr/share/java/xerces-j2.jar:/etc/CASA/authtoken/keys/client -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Djava.security.auth.login.config=src/com/novell/casa/jaas/sample/SampleApp.conf -Xrunjdwp:transport=dt_socket,address=5005,server=y,suspend=n com.novell.casa.jaas.sample.SampleApp

8
CASA-auth-token/java/server/Svc/Makefile.am
View File

@ -20,16 +20,14 @@
####################################################################### #######################################################################
SUBDIRS = src SUBDIRS = src
DIST_SUBDIRS = src external DIST_SUBDIRS = src external tomcat5 linux
EXTRA_DIST = authtoken.settings \ EXTRA_DIST = authtoken.settings \
identoken.settings \ identoken.settings \
README \ README \
svc.settings \ svc.settings \
TODO \ TODO \
web.xml \ web.xml
crypto.properties \
jaas.conf
ROOT = ../.. ROOT = ../..
@ -102,7 +100,7 @@ $(BUILDDIR)/$(WEBAPP): $(BUILDDIR) $(CLASSES)
cp svc.settings $(BUILDDIR)/webapp/WEB-INF/conf/svc.settings cp svc.settings $(BUILDDIR)/webapp/WEB-INF/conf/svc.settings
cp authtoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/authtoken.settings cp authtoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/authtoken.settings
cp identoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/identoken.settings cp identoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/identoken.settings
cp crypto.properties $(BUILDDIR)/webapp/WEB-INF/classes/crypto.properties cp linux/crypto.properties $(BUILDDIR)/webapp/WEB-INF/classes/crypto.properties
cp src/com/novell/casa/authtoksvc/Krb5_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/Krb5Authenticate/mechanism.settings cp src/com/novell/casa/authtoksvc/Krb5_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/Krb5Authenticate/mechanism.settings
cp src/com/novell/casa/authtoksvc/Pwd_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/PwdAuthenticate/mechanism.settings cp src/com/novell/casa/authtoksvc/Pwd_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/PwdAuthenticate/mechanism.settings
cp $(IDENT_ABSTRACTION_DIR)/*.jar $(BUILDDIR)/webapp/WEB-INF/lib/ cp $(IDENT_ABSTRACTION_DIR)/*.jar $(BUILDDIR)/webapp/WEB-INF/lib/

14
CASA-auth-token/java/server/Svc/README
View File

@ -99,7 +99,7 @@ The following is an example svc.settings file:
<IAConfigFile>/home/jluciani/jakarta-tomcat-5.0.28/webapps/CasaAuthTokenSvc/WEB-INF/conf/iaRealms.xml</IAConfigFile> <IAConfigFile>/home/jluciani/jakarta-tomcat-5.0.28/webapps/CasaAuthTokenSvc/WEB-INF/conf/iaRealms.xml</IAConfigFile>
<ReconfigureInterval>60</ReconfigureInterval> <ReconfigureInterval>60</ReconfigureInterval>
<startSearchContext>o=novell</startSearchContext> <startSearchContext>o=novell</startSearchContext>
<KeyStoreUser>privKey<KeyStoreUser> <SigningKeyAliasName>signingKey<SigningKeyAliasName>
<KeyStorePwd>foobar<KeyStorePwd> <KeyStorePwd>foobar<KeyStorePwd>
</settings> </settings>
@ -135,18 +135,20 @@ Note the following about the sample svc.settings file:
to the identity abstraction configuration file where it belongs. Once this is done, to the identity abstraction configuration file where it belongs. Once this is done,
the setting will no longer be recognized within the svc.settings file. the setting will no longer be recognized within the svc.settings file.
- The KeyStoreUses setting specifies the user's alias name in the keystore that identifies - The SigningKeyAliasName setting specifies the alias name of the entry in the keystore
the private key that is to be used to sign tokens. with the private key utilized to sign tokens. The value of this setting defaults to
"signingKey".
- The KeyStorePwd setting specifies the password of the user specified by KeyStoreUser to get - The SigningKeyPassword setting specifies the password utilized to protect the private key
the private signing key from the keystore. used for signing tokens that is stored in the keystore. The value of this setting defaults to
"secret".
ATSs digitally sign tokens, for this purpose it is necessary that keys be generated and installed ATSs digitally sign tokens, for this purpose it is necessary that keys be generated and installed
in a keystore whose location and properties are configured in the crypto.properties file present in in a keystore whose location and properties are configured in the crypto.properties file present in
the "classes" folder under the WEB-INF folder of the AuthTokenSvc application the "classes" folder under the WEB-INF folder of the AuthTokenSvc application
($CATALINA_HOME/webapps/CasaAuthTokenSvc/WEB-INF/classes). Please note that you must edit the ($CATALINA_HOME/webapps/CasaAuthTokenSvc/WEB-INF/classes). Please note that you must edit the
crypto.properties file with the appropriate information once the AuthTokenSvc is deployed to crypto.properties file with the appropriate information once the AuthTokenSvc is deployed to
a Tomcat server. a Tomcat server to deal with your configuration requirements.
CONFIGURING SERVICES TO CONSUME CASA AUTHENTICATION TOKENS CONFIGURING SERVICES TO CONSUME CASA AUTHENTICATION TOKENS

6
CASA-auth-token/java/server/Svc/crypto.properties
View File

@ -1,6 +0,0 @@
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=foobar
org.apache.ws.security.crypto.merlin.keystore.alias=privkey
org.apache.ws.security.crypto.merlin.alias.password=foobar
org.apache.ws.security.crypto.merlin.file=/etc/CASA/authtoken.d/java-keys/privkeystore

174
CASA-auth-token/java/server/Svc/linux/CasaAuthtokenSvcD Normal file
View File

@ -0,0 +1,174 @@
#!/bin/sh
#
# Startup script for the Casa Authtoken Service Daemon (casa_atsd)
#
# /etc/init.d/casa_atsd
#
# description: casa_atsd is the CASA Authentication Token Service
# (ATS). CASA Client utilize this service to obtain CASA authentication
# tokens to authenticate to other services. The ATS executes as a
# tomcat webapp. casa_atsd is the tomcat process which contains
# the ATS.
#
# Note that some of the content from this file was copied from
# /etc/init.d/tomcat5 whose author was Petr Mladek.
# /etc/init.d/tomcat5 has the following copyrights:
#
# Copyright (c) 1995-2001 SuSE GmbH Nuernberg, Germany.
# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.
#
# processname: casa_atsd
# pidfile: None
# config utility: None
### BEGIN INIT INFO
# Provides: casa_atsd
# Required-Start: $local_fs $remote_fs
# X-UnitedLinux-Should-Start: $named $syslog $time
# Required-Stop: $local_fs $remote_fs $network
# X-UnitedLinux-Should-Stop: $named $syslog $time
# Default-Start: 1 2 3 5
# Default-Stop:
# Short-Description: Casa Authtoken Service Daemon
# Description: Start Casa Authtoken Service Daemon
### END INIT INFO
. /etc/rc.status
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v ditto but be verbose in local rc status
# rc_status -v -r ditto and clear the local rc status
# rc_failed set local and overall rc status to failed
# rc_reset clear local rc status (overall remains)
# rc_exit exit appropriate to overall rc status
# First reset status of this service
rc_reset
DAEMON_USER=casaatsd
DAEMON_GROUP=casaauth
atsIsRunning()
{
ats_ps_log=`mktemp /var/tmp/ats-ps.log.XXXXXX`
ps aux --cols 1024 >"$ats_ps_log"
ats_is_running="false"
if grep " -Dcatalina.base=$CATALINA_BASE.*-Dcatalina.home=$CATALINA_HOME.*org.apache.catalina.startup.Bootstrap" "$ats_ps_log" >/dev/null 2>/dev/null ; then
ats_is_running="true"
fi
rm -f "$ats_ps_log"
test "$ats_is_running" = "true"
}
StartDAEMON()
{
# Start the daemon
echo -n "Starting casa_atsd"
## Start daemon with startproc(8). If this fails
## the echo return value is set appropriate.
# NOTE: startproc return 0, even if service is
# already running to match LSB spec.
if atsIsRunning ; then
rc_failed 0
else
# try to fix permissions
chown --dereference $DAEMON_USER:$DAEMON_GROUP "$CATALINA_BASE"
for dir in "$CATALINA_BASE/conf" \
"$CATALINA_BASE/logs" \
"$CATALINA_BASE/temp" \
"$CATALINA_BASE/webapps" \
"$CATALINA_BASE/work" ; do
# the command true is used because of for example conf directory may be mounted read-only
test -d "$dir" && chown -R --dereference $DAEMON_USER:$DAEMON_GROUP "$dir" 2>/dev/null || true
done
su $DAEMON_USER -s /bin/bash -c "$CATALINA_HOME/bin/startup.sh" >"$CATALINA_BASE/logs//start.log" 2>&1
sleep 1
if atsIsRunning ; then
rc_failed 0
else
rc_failed 7
fi
fi
rc_status -v
}
StopDAEMON()
{
# Stop the daemon
echo -n "Shutting casa_atsd"
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
if atsIsRunning ; then
su $DAEMON_USER -s /bin/bash -c "$CATALINA_HOME/bin/shutdown.sh" >"$CATALINA_BASE/logs/stop.log" 2>&1
# wait 60 sec for stop at maximum
wait_sec=60
while [ "$wait_sec" != "0" ] ; do
sleep 1
if ! atsIsRunning ; then
# the server is stoped, end the loop
wait_sec=0
break
fi
wait_sec=$((wait_sec -1))
done
# check the final status
if atsIsRunning ; then
rc_failed 1
else
rc_failed 0
fi
else
rc_failed 0
fi
# Remember status and be verbose
rc_status -v
}
# Source the environments file for our daemon
. /etc/CASA/authtoken/svc/envvars
case "$1" in
start)
StartDAEMON
;;
stop)
StopDAEMON
;;
restart|reload|force-reload)
StopDAEMON
sleep 1
StartDAEMON
;;
status)
echo -n "Checking for casa_atsd"
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running
# NOTE: checkproc returns LSB compliant status values.
if atsIsRunning ; then
rc_failed 0
else
rc_failed 3
fi
rc_status -v
;;
*)
echo -n "Usage: $0 {start|stop|restart|reload|force-reload}"
exit 1
;;
esac
rc_exit

40
CASA-auth-token/java/server/Svc/linux/Makefile.am Normal file
View File

@ -0,0 +1,40 @@
#######################################################################
#
# Copyright (C) 2006 Novell, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
#######################################################################
SUBDIRS =
DIST_SUBDIRS =
CFILES =
EXTRA_DIST = CasaAuthtokenSvcD \
envvars \
server_keystore_setup.sh \
crypto.properties
.PHONY: package package-clean package-install package-uninstall
package package-clean package-install package-uninstall:
$(MAKE) -C $(TARGET_OS) $@
maintainer-clean-local:
rm -f Makefile.in

6
CASA-auth-token/java/server/Svc/linux/crypto.properties Normal file
View File

@ -0,0 +1,6 @@
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=secret
org.apache.ws.security.crypto.merlin.keystore.alias=signingKey
org.apache.ws.security.crypto.merlin.alias.password=secret
org.apache.ws.security.crypto.merlin.file=/etc/CASA/authtoken/keys/server/jks-store

14
CASA-auth-token/java/server/Svc/linux/envvars Normal file
View File

@ -0,0 +1,14 @@
############################################################
# #
# Environment variable file for casa_atsd. #
# #
# Note: This file is sourced by the casa_atsd rc script #
# when starting the service. #
# #
############################################################
CATALINA_BASE="/srv/www/casaats"
CATALINA_HOME="/usr/share/tomcat5"
JAVA_HOME="/usr/lib/jvm/java-1.5.0-ibm"
JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc"
export CATALINA_BASE CATALINA_HOME JAVA_HOME JAVA_OPTS

65
CASA-auth-token/java/server/Svc/linux/server_keystore_setup.sh Executable file
View File

@ -0,0 +1,65 @@
#!/bin/sh
########################################################################
#
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; version 2.1
# of the License.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Library Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, Novell, Inc.
#
# To contact Novell about this file by physical or electronic mail,
# you may find current contact information at www.novell.com.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
########################################################################
#############################################################
# #
# CASA ATS Keystore Setup Script. #
# #
# This script sets up a keystore for the ATS with a key #
# pair which the ATS will use for signing authentication #
# and session tokens. #
# #
# Ths script creates a self signed certificate that it then #
# exports. At this time it is sufficient to utilize self #
# signed certificates because they are meant to be consumed #
# by entities of the local box. #
# #
#############################################################
# Do not do anything if the server keystore has already been created
if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then
echo "The server keystore is already setup"
# Make sure that the keystore file is owned by our service
chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
else
echo "Setting up the server's keystore"
# Create the server keystore with the key that will be used for signing tokens
host=`hostname -f`
/usr/lib/jvm/java-1.5.0-ibm/bin/keytool -genkey -alias signingKey -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=casaatsd@$host" -validity 3600 -keypass secret -storepass secret
# Export self-signed certificate for the signing key
/usr/lib/jvm/java-1.5.0-ibm/bin/keytool -export -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
# List the contents of the server's keystore
#usr/lib/jvm/java-1.5.0-ibm/bin/keytool -list -rfc -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret
# Print the exported cert
#usr/lib/jvm/java-1.5.0-ibm/bin/keytool -printcert -file /etc/CASA/authtoken/keys/casaatsdSigningCert
# Make sure that the keystore is only accessible by the service
chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
chmod 600 /etc/CASA/authtoken/keys/server/jks-store
fi

28
CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/SvcConfig.java
View File

@ -53,13 +53,15 @@ public class SvcConfig
public final static String ConfigFolderPath = "ConfigFolderPath"; public final static String ConfigFolderPath = "ConfigFolderPath";
public final static String AppRootPath = "AppRootPath"; public final static String AppRootPath = "AppRootPath";
public final static String ReconfigureInterval = "ReconfigureInterval"; public final static String ReconfigureInterval = "ReconfigureInterval";
public final static String KeyStoreUser = "KeyStoreUser"; public final static String SigningKeyAliasName = "SigningKeyAliasName";
public final static String KeyStorePwd = "KeyStorePwd"; public final static String SigningKeyPassword = "SigningKeyPassword";
// Default configuration values // Default configuration values
public final static String DefaultSessionTokenLifetimeValue = "43200"; // Seconds public final static String DefaultSessionTokenLifetimeValue = "43200"; // Seconds
public final static String DefaultLifetimeShorterValue = "5"; // Seconds public final static String DefaultLifetimeShorterValue = "5"; // Seconds
public final static String DefaultReconfigureIntervalValue = "60"; // Seconds public final static String DefaultReconfigureIntervalValue = "60"; // Seconds
public final static String DefaultSigningKeyAliasNameValue = "signingKey";
public final static String DefaultSigningKeyPasswordValue = "secret";
private static final String m_svcSettingsFileName = "svc.settings"; private static final String m_svcSettingsFileName = "svc.settings";
private Map m_svcSettingsMap; private Map m_svcSettingsMap;
@ -281,6 +283,22 @@ public class SvcConfig
// Add the key to the map so that it can be found quicker next time // Add the key to the map so that it can be found quicker next time
m_svcSettingsMap.put(ReconfigureInterval, DefaultReconfigureIntervalValue); m_svcSettingsMap.put(ReconfigureInterval, DefaultReconfigureIntervalValue);
} }
else if (settingName.equals(SigningKeyAliasName) == true)
{
value = DefaultSigningKeyAliasNameValue;
System.err.println("SvcConfig.getSetting()- Assigning default value " + value);
// Add the key to the map so that it can be found quicker next time
m_svcSettingsMap.put(SigningKeyAliasName, DefaultSigningKeyAliasNameValue);
}
else if (settingName.equals(SigningKeyPassword) == true)
{
value = DefaultSigningKeyPasswordValue;
System.err.println("SvcConfig.getSetting()- Assigning default value " + value);
// Add the key to the map so that it can be found quicker next time
m_svcSettingsMap.put(SigningKeyPassword, DefaultSigningKeyPasswordValue);
}
else if (settingName.equals(IdentityAbstractionConfigFile) == true) else if (settingName.equals(IdentityAbstractionConfigFile) == true)
{ {
System.err.println("SvcConfig.getSetting()- Mandatory setting " + IdentityAbstractionConfigFile + " not set"); System.err.println("SvcConfig.getSetting()- Mandatory setting " + IdentityAbstractionConfigFile + " not set");

4
CASA-auth-token/java/server/Svc/src/com/novell/casa/authtoksvc/WSSecurity.java
View File

@ -244,8 +244,8 @@ public class WSSecurity
boolean includeCert) throws Exception boolean includeCert) throws Exception
{ {
WSSecSignature signer = new WSSecSignature(); WSSecSignature signer = new WSSecSignature();
signer.setUserInfo(svcConfig.getSetting(SvcConfig.KeyStoreUser), signer.setUserInfo(svcConfig.getSetting(SvcConfig.SigningKeyAliasName),
svcConfig.getSetting(SvcConfig.KeyStorePwd)); svcConfig.getSetting(SvcConfig.SigningKeyPassword));
if (includeCert) if (includeCert)
{ {
signer.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER); // Include X509 Cert in message signer.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER); // Include X509 Cert in message

2
CASA-auth-token/java/server/Svc/svc.settings
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="ISO-8859-1"?> <?xml version="1.0" encoding="ISO-8859-1"?>
<settings> <settings>
<IAConfigFile>Replace with path to the Identity Abstraction Realms Configuration File.</IAConfigFile> <IAConfigFile>/etc/CASA/authtoken/svc/iaRealms.xml</IAConfigFile>
<SessionTokenLifetime>43200</SessionTokenLifetime> <SessionTokenLifetime>43200</SessionTokenLifetime>
</settings> </settings>

37
CASA-auth-token/java/server/Svc/tomcat5/Makefile.am Normal file
View File

@ -0,0 +1,37 @@
#######################################################################
#
# Copyright (C) 2006 Novell, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
#######################################################################
SUBDIRS =
DIST_SUBDIRS = conf
CFILES =
EXTRA_DIST =
.PHONY: package package-clean package-install package-uninstall
package package-clean package-install package-uninstall:
$(MAKE) -C $(TARGET_OS) $@
maintainer-clean-local:
rm -f Makefile.in

37
CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/Makefile.am Normal file
View File

@ -0,0 +1,37 @@
#######################################################################
#
# Copyright (C) 2006 Novell, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
#######################################################################
SUBDIRS =
DIST_SUBDIRS = localhost
CFILES =
EXTRA_DIST =
.PHONY: package package-clean package-install package-uninstall
package package-clean package-install package-uninstall:
$(MAKE) -C $(TARGET_OS) $@
maintainer-clean-local:
rm -f Makefile.in

39
CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/Makefile.am Normal file
View File

@ -0,0 +1,39 @@
#######################################################################
#
# Copyright (C) 2006 Novell, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
#######################################################################
SUBDIRS =
DIST_SUBDIRS =
CFILES =
EXTRA_DIST = admin.xml \
balancer.xml \
manager.xml
.PHONY: package package-clean package-install package-uninstall
package package-clean package-install package-uninstall:
$(MAKE) -C $(TARGET_OS) $@
maintainer-clean-local:
rm -f Makefile.in

30
CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/admin.xml Normal file
View File

@ -0,0 +1,30 @@
<!--
Context configuration file for the Tomcat Administration Web App
$Id: admin.xml,v 1.3 2004/02/20 17:09:19 remm Exp $
-->
<Context path="/admin" docBase="${catalina.home}/server/webapps/admin"
debug="0" privileged="true">
<!-- Uncomment this Valve to limit access to the Admin app to localhost
for obvious security reasons. Allow may be a comma-separated list of
hosts (or even regular expressions).
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127.0.0.1"/>
-->
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="localhost_admin_log." suffix=".txt"
timestamp="true"/>
<!-- Allow linking since JPackage do not install jar as copies -->
<Resources className="org.apache.naming.resources.FileDirContext"
allowLinking="true"/>
</Context>

14
CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/balancer.xml Normal file
View File

@ -0,0 +1,14 @@
<!--
Context configuration file for the Tomcat Balancer Web App
This is only needed to keep the distribution small and avoid duplicating
commons libraries
$Id: balancer.xml,v 1.1 2003/11/20 21:43:32 remm Exp $
-->
<Context path="/balancer" docBase="balancer" debug="0" privileged="true">
</Context>

17
CASA-auth-token/java/server/Svc/tomcat5/conf/Catalina/localhost/manager.xml Normal file
View File

@ -0,0 +1,17 @@
<!--
Context configuration file for the Tomcat Manager Web App
$Id: manager.xml,v 1.2 2004/02/20 17:09:29 remm Exp $
-->
<Context path="/manager" docBase="${catalina.home}/server/webapps/manager"
debug="0" privileged="true">
<!-- Link to the user database we will get roles from -->
<ResourceLink name="users" global="UserDatabase"
type="org.apache.catalina.UserDatabase"/>
</Context>

43
CASA-auth-token/java/server/Svc/tomcat5/conf/Makefile.am Normal file
View File

@ -0,0 +1,43 @@
#######################################################################
#
# Copyright (C) 2006 Novell, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
#######################################################################
SUBDIRS =
DIST_SUBDIRS = Catalina
CFILES =
EXTRA_DIST = catalina.policy \
catalina.properties \
jk2.properties \
server.xml \
server-minimal.xml \
tomcat-users.xml \
web.xml
.PHONY: package package-clean package-install package-uninstall
package package-clean package-install package-uninstall:
$(MAKE) -C $(TARGET_OS) $@
maintainer-clean-local:
rm -f Makefile.in

162
CASA-auth-token/java/server/Svc/tomcat5/conf/catalina.policy Normal file
View File

@ -0,0 +1,162 @@
// ============================================================================
// catalina.corepolicy - Security Policy Permissions for Tomcat 5
//
// This file contains a default set of security policies to be enforced (by the
// JVM) when Catalina is executed with the "-security" option. In addition
// to the permissions granted here, the following additional permissions are
// granted to the codebase specific to each web application:
//
// * Read access to the document root directory
//
// $Id: catalina.policy,v 1.11 2004/03/02 12:36:22 remm Exp $
// ============================================================================
// ========== SYSTEM CODE PERMISSIONS =========================================
// These permissions apply to javac
grant codeBase "file:${java.home}/lib/-" {
permission java.security.AllPermission;
};
// These permissions apply to all shared system extensions
grant codeBase "file:${java.home}/jre/lib/ext/-" {
permission java.security.AllPermission;
};
// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
grant codeBase "file:${java.home}/../lib/-" {
permission java.security.AllPermission;
};
// These permissions apply to all shared system extensions when
// ${java.home} points at $JAVA_HOME/jre
grant codeBase "file:${java.home}/lib/ext/-" {
permission java.security.AllPermission;
};
// ========== CATALINA CODE PERMISSIONS =======================================
// These permissions apply to the launcher code
grant codeBase "file:${catalina.home}/bin/commons-launcher.jar" {
permission java.security.AllPermission;
};
// These permissions apply to the daemon code
grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
permission java.security.AllPermission;
};
// These permissions apply to the commons-logging API
grant codeBase "file:${catalina.home}/bin/commons-logging-api.jar" {
permission java.security.AllPermission;
};
// These permissions apply to the server startup code
grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
permission java.security.AllPermission;
};
// These permissions apply to the JMX server
grant codeBase "file:${catalina.home}/bin/jmx.jar" {
permission java.security.AllPermission;
};
// These permissions apply to the servlet API classes
// and those that are shared across all class loaders
// located in the "common" directory
grant codeBase "file:${catalina.home}/common/-" {
permission java.security.AllPermission;
};
// These permissions apply to the container's core code, plus any additional
// libraries installed in the "server" directory
grant codeBase "file:${catalina.home}/server/-" {
permission java.security.AllPermission;
};
// ========== WEB APPLICATION PERMISSIONS =====================================
// These permissions are granted by default to all web applications
// In addition, a web application will be given a read FilePermission
// and JndiPermission for all files and directories in its document root.
grant {
// Required for JNDI lookup of named JDBC DataSource's and
// javamail named MimePart DataSource used to send mail
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "java.naming.*", "read";
permission java.util.PropertyPermission "javax.sql.*", "read";
// OS Specific properties to allow read access
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
// JVM properties to allow read access
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
// Required for OpenJMX
permission java.lang.RuntimePermission "getAttribute";
// Allow read of JAXP compliant XML parser debug
permission java.util.PropertyPermission "jaxp.debug", "read";
// Precompiled JSPs need access to this package.
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
};
// You can assign additional permissions to particular web applications by
// adding additional "grant" entries here, based on the code base for that
// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
//
// Different permissions can be granted to JSP pages, classes loaded from
// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
//
// For instance, assume that the standard "examples" application
// included a JDBC driver that needed to establish a network connection to the
// corresponding database and used the scrape taglib to get the weather from
// the NOAA web server. You might create a "grant" entries like this:
//
// The permissions granted to the context root directory apply to JSP pages.
// grant codeBase "file:${catalina.home}/webapps/examples/-" {
// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
// };
//
// The permissions granted to the context WEB-INF/classes directory
// grant codeBase "file:${catalina.home}/webapps/examples/WEB-INF/classes/-" {
// };
//
// The permission granted to your JDBC driver
// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
// };
// The permission granted to the scrape taglib
// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
// };

57
CASA-auth-token/java/server/Svc/tomcat5/conf/catalina.properties Normal file
View File

@ -0,0 +1,57 @@
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageAccess unless the
# corresponding RuntimePermission ("accessClassInPackage."+package) has
# been granted.
package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.,sun.beans.
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageDefinition unless the
# corresponding RuntimePermission ("defineClassInPackage."+package) has
# been granted.
#
# by default, no packages are restricted for definition, and none of
# the class loaders supplied with the JDK call checkPackageDefinition.
#
package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
#
#
# List of comma-separated paths defining the contents of the "common"
# classloader. Prefixes should be used to define what is the repository type.
# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
# If left as blank,the JVM system loader will be used as Catalina's "common"
# loader.
# Examples:
# "foo": Add this folder as a class repository
# "foo/*.jar": Add all the JARs of the specified folder as class
# repositories
# "foo/bar.jar": Add bar.jar as a class repository
common.loader=${catalina.home}/common/classes,${catalina.home}/common/endorsed/*.jar,${catalina.home}/common/lib/*.jar
#
# List of comma-separated paths defining the contents of the "server"
# classloader. Prefixes should be used to define what is the repository type.
# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
# If left as blank, the "common" loader will be used as Catalina's "server"
# loader.
# Examples:
# "foo": Add this folder as a class repository
# "foo/*.jar": Add all the JARs of the specified folder as class
# repositories
# "foo/bar.jar": Add bar.jar as a class repository
server.loader=${catalina.home}/server/classes,${catalina.home}/server/lib/*.jar
#
# List of comma-separated paths defining the contents of the "shared"
# classloader. Prefixes should be used to define what is the repository type.
# Path may be relative to the CATALINA_BASE path or absolute. If left as blank,
# the "common" loader will be used as Catalina's "shared" loader.
# Examples:
# "foo": Add this folder as a class repository
# "foo/*.jar": Add all the JARs of the specified folder as class
# repositories
# "foo/bar.jar": Add bar.jar as a class repository
shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar

26
CASA-auth-token/java/server/Svc/tomcat5/conf/jk2.properties Normal file
View File

@ -0,0 +1,26 @@
## THIS FILE MAY BE OVERRIDEN AT RUNTIME. MAKE SURE TOMCAT IS STOPED
## WHEN YOU EDIT THE FILE.
## COMMENTS WILL BE _LOST_
## DOCUMENTATION OF THE FORMAT IN JkMain javadoc.
# Set the desired handler list
# handler.list=apr,request,channelJni
#
# Override the default port for the socketChannel
# channelSocket.port=8019
# Default:
# channelUnix.file=${jkHome}/work/jk2.socket
# Just to check if the the config is working
# shm.file=${jkHome}/work/jk2.shm
# In order to enable jni use any channelJni directive
# channelJni.disabled = 0
# And one of the following directives:
# apr.jniModeSo=/opt/apache2/modules/mod_jk2.so
# If set to inprocess the mod_jk2 will Register natives itself
# This will enable the starting of the Tomcat from mod_jk2
# apr.jniModeSo=inprocess

35
CASA-auth-token/java/server/Svc/tomcat5/conf/server-minimal.xml Normal file
View File

@ -0,0 +1,35 @@
<Server port="8005" shutdown="SHUTDOWN">
<GlobalNamingResources>
<!-- Used by Manager webapp -->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" />
<!-- This is here for compatibility only, not required -->
<Connector port="8009" protocol="AJP/1.3" />
<Engine name="Catalina" defaultHost="localhost">
<Logger className="org.apache.catalina.logger.FileLogger" />
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" />
<Host name="localhost" appBase="webapps" />
</Engine>
</Service>
</Server>

383
CASA-auth-token/java/server/Svc/tomcat5/conf/server.xml Normal file
View File

@ -0,0 +1,383 @@
<!-- Example Server Configuration File -->
<!-- Note that component elements are nested corresponding to their
parent-child relationships with each other -->
<!-- A "Server" is a singleton element that represents the entire JVM,
which may contain one or more "Service" instances. The Server
listens for a shutdown command on the indicated port.
Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" or "Loggers" at this level.
-->
<Server port="8005" shutdown="SHUTDOWN" debug="0">
<!-- Comment these entries out to disable JMX MBeans support -->
<!-- You may also configure custom components (e.g. Valves/Realms) by
including your own mbean-descriptor file(s), and setting the
"descriptors" attribute to point to a ';' seperated list of paths
(in the ClassLoader sense) of files to add to the default list.
e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
-->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
debug="0"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
debug="0"/>
<!-- Global JNDI resources -->
<GlobalNamingResources>
<!-- Test entry for demonstration purposes -->
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users -->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" (and therefore the web applications visible
within that Container). Normally, that Container is an "Engine",
but this is not required.
Note: A "Service" is not itself a "Container", so you may not
define subcomponents such as "Valves" or "Loggers" at this level.
-->
<!-- Define the Tomcat Stand-Alone Service -->
<Service name="Catalina">
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Each Connector passes requests on to the
associated "Container" (normally an Engine) for processing.
By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
You can also enable an SSL HTTP/1.1 Connector on port 8443 by
following the instructions below and uncommenting the second Connector
entry. SSL support requires the following steps (see the SSL Config
HOWTO in the Tomcat 5 documentation bundle for more detailed
instructions):
* If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and
the keystore itself.
By default, DNS lookups are enabled when a web application calls
request.getRemoteHost(). This can have an adverse impact on
performance, so you can disable it by setting the
"enableLookups" attribute to "false". When DNS lookups are disabled,
request.getRemoteHost() will return the String version of the
IP address of the remote client.
-->
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
<Connector port="8080"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
debug="0" connectionTimeout="20000"
disableUploadTimeout="true" />
<!-- Note : To disable connection timeouts, set connectionTimeout value
to 0 -->
<!-- Note : To use gzip compression you could set the following properties :
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml"
-->
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
<Connector port="8009"
enableLookups="false" redirectPort="8443" debug="0"
protocol="AJP/1.3" />
<!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
<!-- See proxy documentation for more information about using this. -->
<!--
<Connector port="8082"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false"
acceptCount="100" debug="0" connectionTimeout="20000"
proxyPort="80" disableUploadTimeout="true" />
-->
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host). -->
<!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
<Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">
-->
<!-- Define the top level container in our container hierarchy -->
<Engine name="Catalina" defaultHost="localhost" debug="0">
<!-- The request dumper valve dumps useful debugging information about
the request headers and cookies that were received, and the response
headers and cookies that were sent, for all requests received by
this instance of Tomcat. If you care only about requests to a
particular virtual host, or a particular application, nest this
element inside the corresponding <Host> or <Context> entry instead.
For a similar mechanism that is portable to all Servlet 2.4
containers, check out the "RequestDumperFilter" Filter in the
example application (the source for this filter may be found in
"$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
Request dumping is disabled by default. Uncomment the following
element to enable it. -->
<!--
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-->
<!-- Global logger unless overridden at lower levels -->
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log" suffix=".txt"
timestamp="false"/>
<!-- Because this Realm is here, an instance will be shared globally -->
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/>
<!-- Comment out the old realm but leave here for now in case we
need to go back quickly -->
<!--
<Realm className="org.apache.catalina.realm.MemoryRealm" />
-->
<!-- Replace the above Realm with one of the following to get a Realm
stored in a database and accessed via JDBC -->
<!--
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/authority"
connectionName="test" connectionPassword="test"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
-->
<!--
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="oracle.jdbc.driver.OracleDriver"
connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
connectionName="scott" connectionPassword="tiger"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
-->
<!--
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="sun.jdbc.odbc.JdbcOdbcDriver"
connectionURL="jdbc:odbc:CATALINA"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
-->
<!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2.
-->
<Host name="localhost" debug="0" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<!-- Defines a cluster for this node,
By defining this element, means that every manager will be changed.
So when running a cluster, only make sure that you have webapps in there
that need to be clustered and remove the other ones.
A cluster has the following parameters:
className = the fully qualified name of the cluster class
name = a descriptive name for your cluster, can be anything
debug = the debug level, higher means more output
mcastAddr = the multicast address, has to be the same for all the nodes
mcastPort = the multicast port, has to be the same for all the nodes
mcastBindAddr = bind the multicast socket to a specific address
mcastTTL = the multicast TTL if you want to limit your broadcast
mcastSoTimeout = the multicast readtimeout
mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes
tcpListenAddress = the listen address (bind address) for TCP cluster request on this host,
in case of multiple ethernet cards.
auto means that address becomes
InetAddress.getLocalHost().getHostAddress()
tcpListenPort = the tcp listen port
tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
has a wakup bug in java.nio. Set to 0 for no timeout
printToScreen = true means that managers will also print to std.out
expireSessionsOnShutdown = true means that
useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
false means to replicate the session after each request.
false means that replication would work for the following piece of code:
<%
HashMap map = (HashMap)session.getAttribute("map");
map.put("key","value");
%>
replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
* Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
* Synchronous means that the thread that executes the request, is also the
thread the replicates the data to the other nodes, and will not return until all
nodes have received the information.
* Asynchronous means that there is a specific 'sender' thread for each cluster node,
so the request thread will queue the replication request into a "smart" queue,
and then return to the client.
The "smart" queue is a queue where when a session is added to the queue, and the same session
already exists in the queue from a previous request, that session will be replaced
in the queue instead of replicating two requests. This almost never happens, unless there is a
large network delay.
-->
<!--
When configuring for clustering, you also add in a valve to catch all the requests
coming in, at the end of the request, the session may or may not be replicated.
A session is replicated if and only if all the conditions are met:
1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
2. a session exists (has been created)
3. the request is not trapped by the "filter" attribute
The filter attribute is to filter out requests that could not modify the session,
hence we don't replicate the session after the end of this request.
The filter is negative, ie, anything you put in the filter, you mean to filter out,
ie, no replication will be done on requests that match one of the filters.
The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
ending with .gif and .js are intercepted.
The deployer element can be used to deploy apps cluster wide.
Currently the deployment only deploys/undeploys to working members in the cluster
so no WARs are copied upons startup of a broken node.
The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
When a new war file is added the war gets deployed to the local instance,
and then deployed to the other instances in the cluster.
When a war file is deleted from the watchDir the war is undeployed locally
and cluster wide
-->
<!--
<Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
managerClassName="org.apache.catalina.cluster.session.DeltaManager"
expireSessionsOnShutdown="false"
useDirtyFlag="true">
<Membership
className="org.apache.catalina.cluster.mcast.McastService"
mcastAddr="228.0.0.4"
mcastPort="45564"
mcastFrequency="500"
mcastDropTime="3000"/>
<Receiver
className="org.apache.catalina.cluster.tcp.ReplicationListener"
tcpListenAddress="auto"
tcpListenPort="4001"
tcpSelectorTimeout="100"
tcpThreadCount="6"/>
<Sender
className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
replicationMode="pooled"/>
<Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
filter=".*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;"/>
<Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
tempDir="/tmp/war-temp/"
deployDir="/tmp/war-deploy/"
watchDir="/tmp/war-listen/"
watchEnabled="false"/>
</Cluster>
-->
<!-- Normally, users must authenticate themselves to each web app
individually. Uncomment the following entry if you would like
a user to be authenticated the first time they encounter a
resource protected by a security constraint, and then have that
user identity maintained across *all* web applications contained
in this virtual host. -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn"
debug="0"/>
-->
<!-- Access log processes all requests for this virtual host. By
default, log files are created in the "logs" directory relative to
$CATALINA_HOME. If you wish, you can specify a different
directory with the "directory" attribute. Specify either a relative
(to $CATALINA_HOME) or absolute path to the desired directory.
-->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="localhost_access_log." suffix=".txt"
pattern="common" resolveHosts="false"/>
-->
<!-- Logger shared by all Contexts related to this virtual host. By
default (when using FileLogger), log files are created in the "logs"
directory relative to $CATALINA_HOME. If you wish, you can specify
a different directory with the "directory" attribute. Specify either a
relative (to $CATALINA_HOME) or absolute path to the desired
directory.-->
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="localhost_log" suffix=".txt"
timestamp="false"/>
</Host>
</Engine>
</Service>
</Server>

3
CASA-auth-token/java/server/Svc/tomcat5/conf/tomcat-users.xml Normal file
View File

@ -0,0 +1,3 @@
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
</tomcat-users>

964
CASA-auth-token/java/server/Svc/tomcat5/conf/web.xml Normal file
View File

@ -0,0 +1,964 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<!-- ======================== Introduction ============================== -->
<!-- This document defines default values for *all* web applications -->
<!-- loaded into this instance of Tomcat. As each application is -->
<!-- deployed, this file is processed, followed by the -->
<!-- "/WEB-INF/web.xml" deployment descriptor from your own -->
<!-- applications. -->
<!-- -->
<!-- WARNING: Do not configure application-specific resources here! -->
<!-- They should go in the "/WEB-INF/web.xml" file in your application. -->
<!-- ================== Built In Servlet Definitions ==================== -->
<!-- The default servlet for all web applications, that serves static -->
<!-- resources. It processes all requests that are not mapped to other -->
<!-- servlets with servlet mappings (defined either here or in your own -->
<!-- web.xml file. This servlet supports the following initialization -->
<!-- parameters (default values are in square brackets): -->
<!-- -->
<!-- debug Debugging detail level for messages logged -->
<!-- by this servlet. [0] -->
<!-- -->
<!-- input Input buffer size (in bytes) when reading -->
<!-- resources to be served. [2048] -->
<!-- -->
<!-- listings Should directory listings be produced if there -->
<!-- is no welcome file in this directory? [true] -->
<!-- -->
<!-- output Output buffer size (in bytes) when writing -->
<!-- resources to be served. [2048] -->
<!-- -->
<!-- readonly Is this context "read only", so HTTP -->
<!-- commands like PUT and DELETE are -->
<!-- rejected? [true] -->
<!-- -->
<!-- readmeFile File name to display with the directory -->
<!-- contents. [null] -->
<!-- -->
<!-- For directory listing customization. Checks localXsltFile, then -->
<!-- globalXsltFile, then defaults to original behavior. -->
<!-- -->
<!-- localXsltFile Make directory listings an XML doc and -->
<!-- pass the result to this style sheet residing -->
<!-- in that directory. This overrides -->
<!-- globalXsltFile[null] -->
<!-- -->
<!-- globalXsltFile Site wide configuration version of -->
<!-- localXsltFile This argument is expected -->
<!-- to be a physical file. [null] -->
<!-- -->
<!-- -->
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>
org.apache.catalina.servlets.DefaultServlet
</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- The "invoker" servlet, which executes anonymous servlet classes -->
<!-- that have not been defined in a web.xml file. Traditionally, this -->
<!-- servlet is mapped to the URL pattern "/servlet/*", but you can map -->
<!-- it to other patterns as well. The extra path info portion of such a -->
<!-- request must be the fully qualified class name of a Java class that -->
<!-- implements Servlet (or extends HttpServlet), or the servlet name -->
<!-- of an existing servlet definition. This servlet supports the -->
<!-- following initialization parameters (default values are in square -->
<!-- brackets): -->
<!-- -->
<!-- debug Debugging detail level for messages logged -->
<!-- by this servlet. [0] -->
<!--
<servlet>
<servlet-name>invoker</servlet-name>
<servlet-class>
org.apache.catalina.servlets.InvokerServlet
</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
-->
<!-- The JSP page compiler and execution servlet, which is the mechanism -->
<!-- used by Tomcat to support JSP pages. Traditionally, this servlet -->
<!-- is mapped to the URL pattern "*.jsp". This servlet supports the -->
<!-- following initialization parameters (default values are in square -->
<!-- brackets): -->
<!-- -->
<!-- checkInterval If development is false and reloading is true, -->
<!-- background compiles are enabled. checkInterval -->
<!-- is the time in seconds between checks to see -->
<!-- if a JSP page needs to be recompiled. [300] -->
<!-- -->
<!-- compiler Which compiler Ant should use to compile JSP -->
<!-- pages. See the Ant documentation for more -->
<!-- information. [javac] -->
<!-- -->
<!-- classdebuginfo Should the class file be compiled with -->
<!-- debugging information? [true] -->
<!-- -->
<!-- classpath What class path should I use while compiling -->
<!-- generated servlets? [Created dynamically -->
<!-- based on the current web application] -->
<!-- -->
<!-- development Is Jasper used in development mode (will check -->
<!-- for JSP modification on every access)? [true] -->
<!-- -->
<!-- enablePooling Determines whether tag handler pooling is -->
<!-- enabled [true] -->
<!-- -->
<!-- fork Tell Ant to fork compiles of JSP pages so that -->
<!-- a separate JVM is used for JSP page compiles -->
<!-- from the one Tomcat is running in. [true] -->
<!-- -->
<!-- ieClassId The class-id value to be sent to Internet -->
<!-- Explorer when using <jsp:plugin> tags. -->
<!-- [clsid:8AD9C840-044E-11D1-B3E9-00805F499D93] -->
<!-- -->
<!-- javaEncoding Java file encoding to use for generating java -->
<!-- source files. [UTF8] -->
<!-- -->
<!-- keepgenerated Should we keep the generated Java source code -->
<!-- for each page instead of deleting it? [true] -->
<!-- -->
<!-- mappedfile Should we generate static content with one -->
<!-- print statement per input line, to ease -->
<!-- debugging? [true] -->
<!-- -->
<!-- trimSpaces Should white spaces in template text between -->
<!-- actions or directives be trimmed? [false] -->
<!-- -->
<!-- reloading Should Jasper check for modified JSPs? [true] -->
<!-- -->
<!-- suppressSmap Should the generation of SMAP info for JSR45 -->
<!-- debugging be suppressed? [false] -->
<!-- -->
<!-- dumpSmap Should the SMAP info for JSR45 debugging be -->
<!-- dumped to a file? [false] -->
<!-- False if suppressSmap is true -->
<!-- -->
<!-- genStrAsCharArray Should text strings be generated as char -->
<!-- arrays, to improve performance in some cases? -->
<!-- [false] -->
<!-- -->
<!-- errorOnUseBeanInvalidClassAttribute -->
<!-- Should Jasper issue an error when the value of -->
<!-- the class attribute in an useBean action is -->
<!-- not a valid bean class? [true] -->
<!-- -->
<!-- scratchdir What scratch directory should we use when -->
<!-- compiling JSP pages? [default work directory -->
<!-- for the current web application] -->
<!-- -->
<!-- xpoweredBy Determines whether X-Powered-By response -->
<!-- header is added by generated servlet [false] -->
<!-- -->
<!-- If you wish to use Jikes to compile JSP pages: -->
<!-- Set the init parameter "compiler" to "jikes". Define -->
<!-- the property "-Dbuild.compiler.emacs=true" when starting Tomcat -->
<!-- by adding the above to your CATALINA_OPTS environment variable. -->
<!-- If you get an error reporting that jikes can't use UTF8 encoding, -->
<!-- try setting the init parameter "javaEncoding" to "ISO-8859-1". -->
<servlet>
<servlet-name>jsp</servlet-name>
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
<init-param>
<param-name>fork</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>xpoweredBy</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>3</load-on-startup>
</servlet>
<!-- Server Side Includes processing servlet, which processes SSI -->
<!-- directives in HTML pages consistent with similar support in web -->
<!-- servers like Apache. Traditionally, this servlet is mapped to the -->
<!-- URL pattern "*.shtml". This servlet supports the following -->
<!-- initialization parameters (default values are in square brackets): -->
<!-- -->
<!-- buffered Should output from this servlet be buffered? -->
<!-- (0=false, 1=true) [0] -->
<!-- -->
<!-- debug Debugging detail level for messages logged -->
<!-- by this servlet. [0] -->
<!-- -->
<!-- expires The number of seconds before a page with SSI -->
<!-- directives will expire. [No default] -->
<!-- -->
<!-- isVirtualWebappRelative -->
<!-- Should "virtual" paths be interpreted as -->
<!-- relative to the context root, instead of -->
<!-- the server root? (0=false, 1=true) [0] -->
<!-- -->
<!-- -->
<!-- IMPORTANT: To use the SSI servlet, you also need to rename the -->
<!-- $CATALINA_HOME/server/lib/servlets-ssi.renametojar file -->
<!-- to $CATALINA_HOME/server/lib/servlets-ssi.jar -->
<!--
<servlet>
<servlet-name>ssi</servlet-name>
<servlet-class>
org.apache.catalina.ssi.SSIServlet
</servlet-class>
<init-param>
<param-name>buffered</param-name>
<param-value>1</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>expires</param-name>
<param-value>666</param-value>
</init-param>
<init-param>
<param-name>isVirtualWebappRelative</param-name>
<param-value>0</param-value>
</init-param>
<load-on-startup>4</load-on-startup>
</servlet>
-->
<!-- Common Gateway Includes (CGI) processing servlet, which supports -->
<!-- execution of external applications that conform to the CGI spec -->
<!-- requirements. Typically, this servlet is mapped to the URL pattern -->
<!-- "/cgi-bin/*", which means that any CGI applications that are -->
<!-- executed must be present within the web application. This servlet -->
<!-- supports the following initialization parameters (default values -->
<!-- are in square brackets): -->
<!-- -->
<!-- cgiPathPrefix The CGI search path will start at -->
<!-- webAppRootDir + File.separator + this prefix. -->
<!-- [WEB-INF/cgi] -->
<!-- -->
<!-- debug Debugging detail level for messages logged -->
<!-- by this servlet. [0] -->
<!-- -->
<!-- executable Name of the exectuable used to run the script. -->
<!-- [perl] -->
<!-- -->
<!-- IMPORTANT: To use the CGI servlet, you also need to rename the -->
<!-- $CATALINA_HOME/server/lib/servlets-cgi.renametojar file -->
<!-- to $CATALINA_HOME/server/lib/servlets-cgi.jar -->
<!--
<servlet>
<servlet-name>cgi</servlet-name>
<servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>6</param-value>
</init-param>
<init-param>
<param-name>cgiPathPrefix</param-name>
<param-value>WEB-INF/cgi</param-value>
</init-param>
<load-on-startup>5</load-on-startup>
</servlet>
-->
<!-- ================ Built In Servlet Mappings ========================= -->
<!-- The servlet mappings for the built in servlets defined above. Note -->
<!-- that, by default, the CGI and SSI servlets are *not* mapped. You -->
<!-- must uncomment these mappings (or add them to your application's own -->
<!-- web.xml deployment descriptor) to enable these services -->
<!-- The mapping for the default servlet -->
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- The mapping for the invoker servlet -->
<!--
<servlet-mapping>
<servlet-name>invoker</servlet-name>
<url-pattern>/servlet/*</url-pattern>
</servlet-mapping>
-->
<!-- The mapping for the JSP servlet -->
<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>*.jspx</url-pattern>
</servlet-mapping>
<!-- The mapping for the SSI servlet -->
<!--
<servlet-mapping>
<servlet-name>ssi</servlet-name>
<url-pattern>*.shtml</url-pattern>
</servlet-mapping>
-->
<!-- The mapping for the CGI Gateway servlet -->
<!--
<servlet-mapping>
<servlet-name>cgi</servlet-name>
<url-pattern>/cgi-bin/*</url-pattern>
</servlet-mapping>
-->
<!-- ==================== Default Session Configuration ================= -->
<!-- You can set the default session timeout (in minutes) for all newly -->
<!-- created sessions by modifying the value below. -->
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<!-- ===================== Default MIME Type Mappings =================== -->
<!-- When serving static resources, Tomcat will automatically generate -->
<!-- a "Content-Type" header based on the resource's filename extension, -->
<!-- based on these mappings. Additional mappings can be added here (to -->
<!-- apply to all web applications), or in your own application's web.xml -->
<!-- deployment descriptor. -->
<mime-mapping>
<extension>abs</extension>
<mime-type>audio/x-mpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ai</extension>
<mime-type>application/postscript</mime-type>
</mime-mapping>
<mime-mapping>
<extension>aif</extension>
<mime-type>audio/x-aiff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>aifc</extension>
<mime-type>audio/x-aiff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>aiff</extension>
<mime-type>audio/x-aiff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>aim</extension>
<mime-type>application/x-aim</mime-type>
</mime-mapping>
<mime-mapping>
<extension>art</extension>
<mime-type>image/x-jg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>asf</extension>
<mime-type>video/x-ms-asf</mime-type>
</mime-mapping>
<mime-mapping>
<extension>asx</extension>
<mime-type>video/x-ms-asf</mime-type>
</mime-mapping>
<mime-mapping>
<extension>au</extension>
<mime-type>audio/basic</mime-type>
</mime-mapping>
<mime-mapping>
<extension>avi</extension>
<mime-type>video/x-msvideo</mime-type>
</mime-mapping>
<mime-mapping>
<extension>avx</extension>
<mime-type>video/x-rad-screenplay</mime-type>
</mime-mapping>
<mime-mapping>
<extension>bcpio</extension>
<mime-type>application/x-bcpio</mime-type>
</mime-mapping>
<mime-mapping>
<extension>bin</extension>
<mime-type>application/octet-stream</mime-type>
</mime-mapping>
<mime-mapping>
<extension>bmp</extension>
<mime-type>image/bmp</mime-type>
</mime-mapping>
<mime-mapping>
<extension>body</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>cdf</extension>
<mime-type>application/x-cdf</mime-type>
</mime-mapping>
<mime-mapping>
<extension>cer</extension>
<mime-type>application/x-x509-ca-cert</mime-type>
</mime-mapping>
<mime-mapping>
<extension>class</extension>
<mime-type>application/java</mime-type>
</mime-mapping>
<mime-mapping>
<extension>cpio</extension>
<mime-type>application/x-cpio</mime-type>
</mime-mapping>
<mime-mapping>
<extension>csh</extension>
<mime-type>application/x-csh</mime-type>
</mime-mapping>
<mime-mapping>
<extension>css</extension>
<mime-type>text/css</mime-type>
</mime-mapping>
<mime-mapping>
<extension>dib</extension>
<mime-type>image/bmp</mime-type>
</mime-mapping>
<mime-mapping>
<extension>doc</extension>
<mime-type>application/msword</mime-type>
</mime-mapping>
<mime-mapping>
<extension>dtd</extension>
<mime-type>application/xml-dtd</mime-type>
</mime-mapping>
<mime-mapping>
<extension>dv</extension>
<mime-type>video/x-dv</mime-type>
</mime-mapping>
<mime-mapping>
<extension>dvi</extension>
<mime-type>application/x-dvi</mime-type>
</mime-mapping>
<mime-mapping>
<extension>eps</extension>
<mime-type>application/postscript</mime-type>
</mime-mapping>
<mime-mapping>
<extension>etx</extension>
<mime-type>text/x-setext</mime-type>
</mime-mapping>
<mime-mapping>
<extension>exe</extension>
<mime-type>application/octet-stream</mime-type>
</mime-mapping>
<mime-mapping>
<extension>gif</extension>
<mime-type>image/gif</mime-type>
</mime-mapping>
<mime-mapping>
<extension>gtar</extension>
<mime-type>application/x-gtar</mime-type>
</mime-mapping>
<mime-mapping>
<extension>gz</extension>
<mime-type>application/x-gzip</mime-type>
</mime-mapping>
<mime-mapping>
<extension>hdf</extension>
<mime-type>application/x-hdf</mime-type>
</mime-mapping>
<mime-mapping>
<extension>hqx</extension>
<mime-type>application/mac-binhex40</mime-type>
</mime-mapping>
<mime-mapping>
<extension>htc</extension>
<mime-type>text/x-component</mime-type>
</mime-mapping>
<mime-mapping>
<extension>htm</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>hqx</extension>
<mime-type>application/mac-binhex40</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ief</extension>
<mime-type>image/ief</mime-type>
</mime-mapping>
<mime-mapping>
<extension>jad</extension>
<mime-type>text/vnd.sun.j2me.app-descriptor</mime-type>
</mime-mapping>
<mime-mapping>
<extension>jar</extension>
<mime-type>application/java-archive</mime-type>
</mime-mapping>
<mime-mapping>
<extension>java</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>jnlp</extension>
<mime-type>application/x-java-jnlp-file</mime-type>
</mime-mapping>
<mime-mapping>
<extension>jpe</extension>
<mime-type>image/jpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>jpeg</extension>
<mime-type>image/jpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>jpg</extension>
<mime-type>image/jpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>js</extension>
<mime-type>text/javascript</mime-type>
</mime-mapping>
<mime-mapping>
<extension>jsf</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>jspf</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>kar</extension>
<mime-type>audio/x-midi</mime-type>
</mime-mapping>
<mime-mapping>
<extension>latex</extension>
<mime-type>application/x-latex</mime-type>
</mime-mapping>
<mime-mapping>
<extension>m3u</extension>
<mime-type>audio/x-mpegurl</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mac</extension>
<mime-type>image/x-macpaint</mime-type>
</mime-mapping>
<mime-mapping>
<extension>man</extension>
<mime-type>application/x-troff-man</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mathml</extension>
<mime-type>application/mathml+xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>me</extension>
<mime-type>application/x-troff-me</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mid</extension>
<mime-type>audio/x-midi</mime-type>
</mime-mapping>
<mime-mapping>
<extension>midi</extension>
<mime-type>audio/x-midi</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mif</extension>
<mime-type>application/x-mif</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mov</extension>
<mime-type>video/quicktime</mime-type>
</mime-mapping>
<mime-mapping>
<extension>movie</extension>
<mime-type>video/x-sgi-movie</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mp1</extension>
<mime-type>audio/x-mpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mp2</extension>
<mime-type>audio/x-mpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mp3</extension>
<mime-type>audio/x-mpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mpa</extension>
<mime-type>audio/x-mpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mpe</extension>
<mime-type>video/mpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mpeg</extension>
<mime-type>video/mpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mpega</extension>
<mime-type>audio/x-mpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mpg</extension>
<mime-type>video/mpeg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>mpv2</extension>
<mime-type>video/mpeg2</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ms</extension>
<mime-type>application/x-wais-source</mime-type>
</mime-mapping>
<mime-mapping>
<extension>nc</extension>
<mime-type>application/x-netcdf</mime-type>
</mime-mapping>
<mime-mapping>
<extension>oda</extension>
<mime-type>application/oda</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ogg</extension>
<mime-type>application/ogg</mime-type>
</mime-mapping>
<mime-mapping>
<extension>pbm</extension>
<mime-type>image/x-portable-bitmap</mime-type>
</mime-mapping>
<mime-mapping>
<extension>pct</extension>
<mime-type>image/pict</mime-type>
</mime-mapping>
<mime-mapping>
<extension>pdf</extension>
<mime-type>application/pdf</mime-type>
</mime-mapping>
<mime-mapping>
<extension>pgm</extension>
<mime-type>image/x-portable-graymap</mime-type>
</mime-mapping>
<mime-mapping>
<extension>pic</extension>
<mime-type>image/pict</mime-type>
</mime-mapping>
<mime-mapping>
<extension>pict</extension>
<mime-type>image/pict</mime-type>
</mime-mapping>
<mime-mapping>
<extension>pls</extension>
<mime-type>audio/x-scpls</mime-type>
</mime-mapping>
<mime-mapping>
<extension>png</extension>
<mime-type>image/png</mime-type>
</mime-mapping>
<mime-mapping>
<extension>pnm</extension>
<mime-type>image/x-portable-anymap</mime-type>
</mime-mapping>
<mime-mapping>
<extension>pnt</extension>
<mime-type>image/x-macpaint</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ppm</extension>
<mime-type>image/x-portable-pixmap</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ppt</extension>
<mime-type>application/powerpoint</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ps</extension>
<mime-type>application/postscript</mime-type>
</mime-mapping>
<mime-mapping>
<extension>psd</extension>
<mime-type>image/x-photoshop</mime-type>
</mime-mapping>
<mime-mapping>
<extension>qt</extension>
<mime-type>video/quicktime</mime-type>
</mime-mapping>
<mime-mapping>
<extension>qti</extension>
<mime-type>image/x-quicktime</mime-type>
</mime-mapping>
<mime-mapping>
<extension>qtif</extension>
<mime-type>image/x-quicktime</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ras</extension>
<mime-type>image/x-cmu-raster</mime-type>
</mime-mapping>
<mime-mapping>
<extension>rdf</extension>
<mime-type>application/rdf+xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>rgb</extension>
<mime-type>image/x-rgb</mime-type>
</mime-mapping>
<mime-mapping>
<extension>rm</extension>
<mime-type>application/vnd.rn-realmedia</mime-type>
</mime-mapping>
<mime-mapping>
<extension>roff</extension>
<mime-type>application/x-troff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>rtf</extension>
<mime-type>application/rtf</mime-type>
</mime-mapping>
<mime-mapping>
<extension>rtx</extension>
<mime-type>text/richtext</mime-type>
</mime-mapping>
<mime-mapping>
<extension>sh</extension>
<mime-type>application/x-sh</mime-type>
</mime-mapping>
<mime-mapping>
<extension>shar</extension>
<mime-type>application/x-shar</mime-type>
</mime-mapping>
<mime-mapping>
<extension>smf</extension>
<mime-type>audio/x-midi</mime-type>
</mime-mapping>
<mime-mapping>
<extension>sit</extension>
<mime-type>application/x-stuffit</mime-type>
</mime-mapping>
<mime-mapping>
<extension>snd</extension>
<mime-type>audio/basic</mime-type>
</mime-mapping>
<mime-mapping>
<extension>src</extension>
<mime-type>application/x-wais-source</mime-type>
</mime-mapping>
<mime-mapping>
<extension>sv4cpio</extension>
<mime-type>application/x-sv4cpio</mime-type>
</mime-mapping>
<mime-mapping>
<extension>sv4crc</extension>
<mime-type>application/x-sv4crc</mime-type>
</mime-mapping>
<mime-mapping>
<extension>svg</extension>
<mime-type>image/svg+xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>swf</extension>
<mime-type>application/x-shockwave-flash</mime-type>
</mime-mapping>
<mime-mapping>
<extension>t</extension>
<mime-type>application/x-troff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>tar</extension>
<mime-type>application/x-tar</mime-type>
</mime-mapping>
<mime-mapping>
<extension>tcl</extension>
<mime-type>application/x-tcl</mime-type>
</mime-mapping>
<mime-mapping>
<extension>tex</extension>
<mime-type>application/x-tex</mime-type>
</mime-mapping>
<mime-mapping>
<extension>texi</extension>
<mime-type>application/x-texinfo</mime-type>
</mime-mapping>
<mime-mapping>
<extension>texinfo</extension>
<mime-type>application/x-texinfo</mime-type>
</mime-mapping>
<mime-mapping>
<extension>tif</extension>
<mime-type>image/tiff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>tiff</extension>
<mime-type>image/tiff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>tr</extension>
<mime-type>application/x-troff</mime-type>
</mime-mapping>
<mime-mapping>
<extension>tsv</extension>
<mime-type>text/tab-separated-values</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ulw</extension>
<mime-type>audio/basic</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ustar</extension>
<mime-type>application/x-ustar</mime-type>
</mime-mapping>
<mime-mapping>
<extension>vxml</extension>
<mime-type>application/voicexml+xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xbm</extension>
<mime-type>image/x-xbitmap</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xht</extension>
<mime-type>application/xhtml+xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xhtml</extension>
<mime-type>application/xhtml+xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xml</extension>
<mime-type>application/xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xpm</extension>
<mime-type>image/x-xpixmap</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xsl</extension>
<mime-type>application/xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xslt</extension>
<mime-type>application/xslt+xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xul</extension>
<mime-type>application/vnd.mozilla.xul+xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xwd</extension>
<mime-type>image/x-xwindowdump</mime-type>
</mime-mapping>
<mime-mapping>
<extension>wav</extension>
<mime-type>audio/x-wav</mime-type>
</mime-mapping>
<mime-mapping>
<extension>svg</extension>
<mime-type>image/svg+xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>svgz</extension>
<mime-type>image/svg+xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>vsd</extension>
<mime-type>application/x-visio</mime-type>
</mime-mapping>
<mime-mapping>
<!-- Wireless Bitmap -->
<extension>wbmp</extension>
<mime-type>image/vnd.wap.wbmp</mime-type>
</mime-mapping>
<mime-mapping>
<!-- WML Source -->
<extension>wml</extension>
<mime-type>text/vnd.wap.wml</mime-type>
</mime-mapping>
<mime-mapping>
<!-- Compiled WML -->
<extension>wmlc</extension>
<mime-type>application/vnd.wap.wmlc</mime-type>
</mime-mapping>
<mime-mapping>
<!-- WML Script Source -->
<extension>wmls</extension>
<mime-type>text/vnd.wap.wmlscript</mime-type>
</mime-mapping>
<mime-mapping>
<!-- Compiled WML Script -->
<extension>wmlscriptc</extension>
<mime-type>application/vnd.wap.wmlscriptc</mime-type>
</mime-mapping>
<mime-mapping>
<extension>wrl</extension>
<mime-type>x-world/x-vrml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>Z</extension>
<mime-type>application/x-compress</mime-type>
</mime-mapping>
<mime-mapping>
<extension>z</extension>
<mime-type>application/x-compress</mime-type>
</mime-mapping>
<mime-mapping>
<extension>zip</extension>
<mime-type>application/zip</mime-type>
</mime-mapping>
<!-- ==================== Default Welcome File List ===================== -->
<!-- When a request URI refers to a directory, the default servlet looks -->
<!-- for a "welcome file" within that directory and, if present, -->
<!-- to the corresponding resource URI for display. If no welcome file -->
<!-- is present, the default servlet either serves a directory listing, -->
<!-- or returns a 404 status, depending on how it is configured. -->
<!-- -->
<!-- If you define welcome files in your own application's web.xml -->
<!-- deployment descriptor, that list *replaces* the list configured -->
<!-- here, so be sure that you include any of the default values that -->
<!-- you wish to include. -->
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>