CASA/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml

<!-- CASA ATS Server Configuration File -->

<!-- A "Server" is a singleton element that represents the entire JVM,
     which may contain one or more "Service" instances.  The Server
     listens for a shutdown command on the indicated port.

     Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" or "Loggers" at this level.
 -->

<Server port="8585" shutdown="SHUTDOWN" debug="0">


  <!-- Global JNDI resources -->
  <GlobalNamingResources>

    <!-- Test entry for demonstration purposes -->
    <Environment name="simpleValue" type="java.lang.Integer" value="30"/>

    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
       description="User database that can be updated and saved">
    </Resource>
    <ResourceParams name="UserDatabase">
      <parameter>
        <name>factory</name>
        <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
      </parameter>
      <parameter>
        <name>pathname</name>
        <value>conf/tomcat-users.xml</value>
      </parameter>
    </ResourceParams>

  </GlobalNamingResources>

  <!-- A "Service" is a collection of one or more "Connectors" that share
       a single "Container" (and therefore the web applications visible
       within that Container).  Normally, that Container is an "Engine",
       but this is not required.

       Note:  A "Service" is not itself a "Container", so you may not
       define subcomponents such as "Valves" or "Loggers" at this level.
   -->

  <!-- Define the Tomcat Stand-Alone Service -->
  <Service name="Catalina">

    <!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned.  Each Connector passes requests on to the
         associated "Container" (normally an Engine) for processing.

         By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
         You can also enable an SSL HTTP/1.1 Connector on port 8443 by
         following the instructions below and uncommenting the second Connector
         entry.  SSL support requires the following steps (see the SSL Config
         HOWTO in the Tomcat 5 documentation bundle for more detailed
         instructions):
         * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
           later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
         * Execute:
             %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
             $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
           with a password value of "changeit" for both the certificate and
           the keystore itself.

         By default, DNS lookups are enabled when a web application calls
         request.getRemoteHost().  This can have an adverse impact on
         performance, so you can disable it by setting the
         "enableLookups" attribute to "false".  When DNS lookups are disabled,
         request.getRemoteHost() will return the String version of the
         IP address of the remote client.
    -->

    <!-- Note : To disable connection timeouts, set connectionTimeout value
     to 0 -->
	
      <!-- Important Note : The ATS uses configuration tools to enable and disable  connectors.
            These tools expect that the connectors be surrounded by  comments containing
            XX_CONNECTOR_YYY or XXX_CONNECTOR_COMMENT_YYY  where XXX refers
            to the type of connector (SSL or AJP) and YYY refers to either BEGIN  or END.  Please
            do not modify these comments to avoid conflicting with the configuration tools.  -->

    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
    <!-- SSL_CONNECTOR_BEGIN -->
    <Connector port="2645" 
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               maxPostSize="16384" connectionTimeout="10000"
               acceptCount="100" debug="0" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/etc/ssl/servercerts/keystore.p12"
               keystorePass="password" keystoreType="pkcs12" algorithm="IbmX509" />
    <!-- SSL_CONNECTOR_END -->

    <!-- Define an AJP Connector -->
    <!-- AJP_CONNECTOR_BEGIN -->
    <Connector enableLookups="false" port="9595" protocol="AJP/1.3"/>
    <!-- AJP_CONNECTOR_END -->

    <!-- An Engine represents the entry point (within Catalina) that processes
         every request.  The Engine implementation for Tomcat stand alone
         analyzes the HTTP headers included with the request, and passes them
         on to the appropriate Host (virtual host). -->

    <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
    <Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">         
    --> 
         
    <!-- Define the top level container in our container hierarchy -->
    <Engine name="Catalina" defaultHost="localhost" debug="0">

      <!-- The request dumper valve dumps useful debugging information about
           the request headers and cookies that were received, and the response
           headers and cookies that were sent, for all requests received by
           this instance of Tomcat.  If you care only about requests to a
           particular virtual host, or a particular application, nest this
           element inside the corresponding <Host> or <Context> entry instead.

           For a similar mechanism that is portable to all Servlet 2.4
           containers, check out the "RequestDumperFilter" Filter in the
           example application (the source for this filter may be found in
           "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").

           Request dumping is disabled by default.  Uncomment the following
           element to enable it. -->
      <!--
      <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
      -->

      <!-- Global logger unless overridden at lower levels -->
      <Logger className="org.apache.catalina.logger.FileLogger"
              prefix="catalina_log" suffix=".txt"
              timestamp="false"/>

      <!-- Because this Realm is here, an instance will be shared globally -->

      <!-- This Realm uses the UserDatabase configured in the global JNDI
           resources under the key "UserDatabase".  Any edits
           that are performed against this UserDatabase are immediately
           available for use by the Realm.  -->
      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
                 debug="0" resourceName="UserDatabase"/>

      <!-- Define the default virtual host
           Note: XML Schema validation will not work with Xerces 2.2.
       -->
      <Host name="localhost" debug="0" appBase="webapps"
       unpackWARs="true" autoDeploy="true"
       xmlValidation="false" xmlNamespaceAware="false">

        <!-- Access log processes all requests for this virtual host.  By
             default, log files are created in the "logs" directory relative to
             $CATALINA_HOME.  If you wish, you can specify a different
             directory with the "directory" attribute.  Specify either a relative
             (to $CATALINA_HOME) or absolute path to the desired directory.
        -->
        <!--
        <Valve className="org.apache.catalina.valves.AccessLogValve"
                 directory="logs"  prefix="localhost_access_log." suffix=".txt"
                 pattern="common" resolveHosts="false"/>
        -->

        <!-- Logger shared by all Contexts related to this virtual host.  By
             default (when using FileLogger), log files are created in the "logs"
             directory relative to $CATALINA_HOME.  If you wish, you can specify
             a different directory with the "directory" attribute.  Specify either a
             relative (to $CATALINA_HOME) or absolute path to the desired
             directory.-->
        <Logger className="org.apache.catalina.logger.FileLogger"
                 directory="logs"  prefix="localhost_log" suffix=".txt"
            timestamp="false"/>

      </Host>

    </Engine>

  </Service>

</Server>
ATS changes to allow it to leverage installed server certificate and server key (/etc/ssl/servercerts/serverkey.pem and /etc/ssl/servercerts/servercert.pem) for SSL communications. 2007-06-02 00:07:46 +02:00			`<!-- CASA ATS Server Configuration File -->`

			`<!-- A "Server" is a singleton element that represents the entire JVM,`
			`which may contain one or more "Service" instances. The Server`
			`listens for a shutdown command on the indicated port.`

			`Note: A "Server" is not itself a "Container", so you may not`
			`define subcomponents such as "Valves" or "Loggers" at this level.`
			`-->`

			`<Server port="8585" shutdown="SHUTDOWN" debug="0">`


			`<!-- Global JNDI resources -->`
			`<GlobalNamingResources>`

			`<!-- Test entry for demonstration purposes -->`
			`<Environment name="simpleValue" type="java.lang.Integer" value="30"/>`

			`<!-- Editable user database that can also be used by`
			`UserDatabaseRealm to authenticate users -->`
			`<Resource name="UserDatabase" auth="Container"`
			`type="org.apache.catalina.UserDatabase"`
			`description="User database that can be updated and saved">`
			`</Resource>`
			`<ResourceParams name="UserDatabase">`
			`<parameter>`
			`<name>factory</name>`
			`<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>`
			`</parameter>`
			`<parameter>`
			`<name>pathname</name>`
			`<value>conf/tomcat-users.xml</value>`
			`</parameter>`
			`</ResourceParams>`

			`</GlobalNamingResources>`

			`<!-- A "Service" is a collection of one or more "Connectors" that share`
			`a single "Container" (and therefore the web applications visible`
			`within that Container). Normally, that Container is an "Engine",`
			`but this is not required.`

			`Note: A "Service" is not itself a "Container", so you may not`
			`define subcomponents such as "Valves" or "Loggers" at this level.`
			`-->`

			`<!-- Define the Tomcat Stand-Alone Service -->`
			`<Service name="Catalina">`

			`<!-- A "Connector" represents an endpoint by which requests are received`
			`and responses are returned. Each Connector passes requests on to the`
			`associated "Container" (normally an Engine) for processing.`

			`By default, a non-SSL HTTP/1.1 Connector is established on port 8080.`
			`You can also enable an SSL HTTP/1.1 Connector on port 8443 by`
			`following the instructions below and uncommenting the second Connector`
			`entry. SSL support requires the following steps (see the SSL Config`
			`HOWTO in the Tomcat 5 documentation bundle for more detailed`
			`instructions):`
			`* If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or`
			`later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".`
			`* Execute:`
			`%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)`
			`$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)`
			`with a password value of "changeit" for both the certificate and`
			`the keystore itself.`

			`By default, DNS lookups are enabled when a web application calls`
			`request.getRemoteHost(). This can have an adverse impact on`
			`performance, so you can disable it by setting the`
			`"enableLookups" attribute to "false". When DNS lookups are disabled,`
			`request.getRemoteHost() will return the String version of the`
			`IP address of the remote client.`
			`-->`

			`<!-- Note : To disable connection timeouts, set connectionTimeout value`
			`to 0 -->`

Finished the implementation of the "Connect through Web server feature". 2007-06-25 18:39:33 +02:00			`<!-- Important Note : The ATS uses configuration tools to enable and disable connectors.`
			`These tools expect that the connectors be surrounded by comments containing`
			`XX_CONNECTOR_YYY or XXX_CONNECTOR_COMMENT_YYY where XXX refers`
			`to the type of connector (SSL or AJP) and YYY refers to either BEGIN or END. Please`
			`do not modify these comments to avoid conflicting with the configuration tools. -->`

ATS changes to allow it to leverage installed server certificate and server key (/etc/ssl/servercerts/serverkey.pem and /etc/ssl/servercerts/servercert.pem) for SSL communications. 2007-06-02 00:07:46 +02:00			`<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->`
Added functionality to allow the ATS to be accessible through Apache if mod_proxy_ajp is configured. 2007-06-23 00:12:20 +02:00			`<!-- SSL_CONNECTOR_BEGIN -->`
ATS changes to allow it to leverage installed server certificate and server key (/etc/ssl/servercerts/serverkey.pem and /etc/ssl/servercerts/servercert.pem) for SSL communications. 2007-06-02 00:07:46 +02:00			`<Connector port="2645"`
			`maxThreads="150" minSpareThreads="25" maxSpareThreads="75"`
			`enableLookups="false" disableUploadTimeout="true"`
			`maxPostSize="16384" connectionTimeout="10000"`
			`acceptCount="100" debug="0" scheme="https" secure="true"`
			`clientAuth="false" sslProtocol="TLS"`
			`keystoreFile="/etc/ssl/servercerts/keystore.p12"`
			`keystorePass="password" keystoreType="pkcs12" algorithm="IbmX509" />`
Added functionality to allow the ATS to be accessible through Apache if mod_proxy_ajp is configured. 2007-06-23 00:12:20 +02:00			`<!-- SSL_CONNECTOR_END -->`

			`<!-- Define an AJP Connector -->`
			`<!-- AJP_CONNECTOR_BEGIN -->`
			`<Connector enableLookups="false" port="9595" protocol="AJP/1.3"/>`
			`<!-- AJP_CONNECTOR_END -->`
ATS changes to allow it to leverage installed server certificate and server key (/etc/ssl/servercerts/serverkey.pem and /etc/ssl/servercerts/servercert.pem) for SSL communications. 2007-06-02 00:07:46 +02:00
			`<!-- An Engine represents the entry point (within Catalina) that processes`
			`every request. The Engine implementation for Tomcat stand alone`
			`analyzes the HTTP headers included with the request, and passes them`
			`on to the appropriate Host (virtual host). -->`

			`<!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :`
			`<Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">`
			`-->`

			`<!-- Define the top level container in our container hierarchy -->`
			`<Engine name="Catalina" defaultHost="localhost" debug="0">`

			`<!-- The request dumper valve dumps useful debugging information about`
			`the request headers and cookies that were received, and the response`
			`headers and cookies that were sent, for all requests received by`
			`this instance of Tomcat. If you care only about requests to a`
			`particular virtual host, or a particular application, nest this`
			`element inside the corresponding <Host> or <Context> entry instead.`

			`For a similar mechanism that is portable to all Servlet 2.4`
			`containers, check out the "RequestDumperFilter" Filter in the`
			`example application (the source for this filter may be found in`
			`"$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").`

			`Request dumping is disabled by default. Uncomment the following`
			`element to enable it. -->`
			`<!--`
			`<Valve className="org.apache.catalina.valves.RequestDumperValve"/>`
			`-->`

			`<!-- Global logger unless overridden at lower levels -->`
			`<Logger className="org.apache.catalina.logger.FileLogger"`
			`prefix="catalina_log" suffix=".txt"`
			`timestamp="false"/>`

			`<!-- Because this Realm is here, an instance will be shared globally -->`

			`<!-- This Realm uses the UserDatabase configured in the global JNDI`
			`resources under the key "UserDatabase". Any edits`
			`that are performed against this UserDatabase are immediately`
			`available for use by the Realm. -->`
			`<Realm className="org.apache.catalina.realm.UserDatabaseRealm"`
			`debug="0" resourceName="UserDatabase"/>`

			`<!-- Define the default virtual host`
			`Note: XML Schema validation will not work with Xerces 2.2.`
			`-->`
			`<Host name="localhost" debug="0" appBase="webapps"`
			`unpackWARs="true" autoDeploy="true"`
			`xmlValidation="false" xmlNamespaceAware="false">`

			`<!-- Access log processes all requests for this virtual host. By`
			`default, log files are created in the "logs" directory relative to`
			`$CATALINA_HOME. If you wish, you can specify a different`
			`directory with the "directory" attribute. Specify either a relative`
			`(to $CATALINA_HOME) or absolute path to the desired directory.`
			`-->`
			`<!--`
			`<Valve className="org.apache.catalina.valves.AccessLogValve"`
			`directory="logs" prefix="localhost_access_log." suffix=".txt"`
			`pattern="common" resolveHosts="false"/>`
			`-->`

			`<!-- Logger shared by all Contexts related to this virtual host. By`
			`default (when using FileLogger), log files are created in the "logs"`
			`directory relative to $CATALINA_HOME. If you wish, you can specify`
			`a different directory with the "directory" attribute. Specify either a`
			`relative (to $CATALINA_HOME) or absolute path to the desired`
			`directory.-->`
			`<Logger className="org.apache.catalina.logger.FileLogger"`
			`directory="logs" prefix="localhost_log" suffix=".txt"`
			`timestamp="false"/>`

			`</Host>`

			`</Engine>`

			`</Service>`

			`</Server>`