Finished the implementation of the "Connect through Web server feature".
This commit is contained in:
parent
5fb592cf16
commit
7fe7751090
@ -10,11 +10,6 @@ This file contains a list of the items still outstanding for AuthTokenSvc.
|
|||||||
|
|
||||||
OUTSTANDING ITEMS
|
OUTSTANDING ITEMS
|
||||||
|
|
||||||
- Add code to verify that client/server communications occur over HTTPS.
|
|
||||||
- Create plug-in API for Identity Token Providers.
|
- Create plug-in API for Identity Token Providers.
|
||||||
- Change printfs used for debugging into a suitable mechanism.
|
|
||||||
- Create tool to connect Tomcat instance to Apache Server and disabling port 2645 listener.
|
|
||||||
- Create tool to help administrators import certificates into the ATS's key store.
|
|
||||||
- Create tool to easily edit the iaRealms file.
|
|
||||||
- Add identity token encryption capabilities.
|
- Add identity token encryption capabilities.
|
||||||
|
|
||||||
|
@ -39,14 +39,14 @@ if [ -f $APACHE_SYSCONFIG_FILE_PATH ]; then
|
|||||||
TEST_PROXY_AJP=$(grep -i proxy_ajp $APACHE_SYSCONFIG_FILE_PATH | cut -c1-14 | grep -i APACHE_MODULES)
|
TEST_PROXY_AJP=$(grep -i proxy_ajp $APACHE_SYSCONFIG_FILE_PATH | cut -c1-14 | grep -i APACHE_MODULES)
|
||||||
if [ -z "${TEST_PROXY_AJP}" ]; then
|
if [ -z "${TEST_PROXY_AJP}" ]; then
|
||||||
echo "mod_proxy_ajp not configured to be loaded"
|
echo "mod_proxy_ajp not configured to be loaded"
|
||||||
retVal=1
|
retVal=0
|
||||||
else
|
else
|
||||||
echo "mod_proxy_ajp configured to be loaded"
|
echo "mod_proxy_ajp configured to be loaded"
|
||||||
retVal=0
|
retVal=1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "Apache not installed"
|
echo "Apache not installed"
|
||||||
retVal=1
|
retVal=0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
exit $retVal
|
exit $retVal
|
||||||
|
@ -71,35 +71,66 @@ AJP_CONNECTOR_COMMENT_BEGIN="<!-- AJP_CONNECTOR_COMMENT_BEGIN"
|
|||||||
AJP_CONNECTOR_COMMENT_END="AJP_CONNECTOR_COMMENT_END -->"
|
AJP_CONNECTOR_COMMENT_END="AJP_CONNECTOR_COMMENT_END -->"
|
||||||
|
|
||||||
|
|
||||||
|
# Assume success
|
||||||
|
retVal=0
|
||||||
|
|
||||||
# Perform the operation requested
|
# Perform the operation requested
|
||||||
if [ $# -eq 2 ]; then
|
if [ $# -eq 2 ]; then
|
||||||
if [ $1 = "-e" ]; then
|
if [ $1 = "-e" ]; then
|
||||||
if [ $2 = "ssl" ]; then
|
if [ $2 = "ssl" ]; then
|
||||||
echo "Enabling ssl connector"
|
echo "Enabling ssl connector"
|
||||||
sed -i s:$SSL_CONNECTOR_COMMENT_BEGIN:$SSL_CONNECTOR_BEGIN:g SERVER_XML_FILE_PATH
|
sed -i s:"$SSL_CONNECTOR_COMMENT_BEGIN":"$SSL_CONNECTOR_BEGIN":g $SERVER_XML_FILE_PATH
|
||||||
sed -i s:$SSL_CONNECTOR_COMMENT_END:$SSL_CONNECTOR_END:g SERVER_XML_FILE_PATH
|
sed -i s:"$SSL_CONNECTOR_COMMENT_END":"$SSL_CONNECTOR_END":g $SERVER_XML_FILE_PATH
|
||||||
else
|
else
|
||||||
if [ $2 = "ajp" ]; then
|
if [ $2 = "ajp" ]; then
|
||||||
echo "Enabling ajp connector"
|
echo "Enabling ajp connector"
|
||||||
sed -i s:$AJP_CONNECTOR_COMMENT_BEGIN:$AJP_CONNECTOR_BEGIN:g SERVER_XML_FILE_PATH
|
sed -i s:"$AJP_CONNECTOR_COMMENT_BEGIN":"$AJP_CONNECTOR_BEGIN":g $SERVER_XML_FILE_PATH
|
||||||
sed -i s:$AJP_CONNECTOR_COMMENT_END:$AJP_CONNECTOR_END:g SERVER_XML_FILE_PATH
|
sed -i s:"$AJP_CONNECTOR_COMMENT_END":"$AJP_CONNECTOR_END":g $SERVER_XML_FILE_PATH
|
||||||
|
ln -s /etc/CASA/authtoken/svc/casaats.conf /etc/apache2/conf.d/casaats.conf
|
||||||
else
|
else
|
||||||
echo "Connector type not supported"
|
echo "Connector type not supported"
|
||||||
|
retVal=1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
if [ $1 = "-d" ]; then
|
if [ $1 = "-d" ]; then
|
||||||
if [ $2 = "ssl" ]; then
|
if [ $2 = "ssl" ]; then
|
||||||
echo "Disabling ssl connector"
|
echo "Disabling ssl connector"
|
||||||
sed -i s:$SSL_CONNECTOR_BEGIN:$SSL_CONNECTOR_COMMENT_BEGIN:g SERVER_XML_FILE_PATH
|
sed -i s:"$SSL_CONNECTOR_BEGIN":"$SSL_CONNECTOR_COMMENT_BEGIN":g $SERVER_XML_FILE_PATH
|
||||||
sed -i s:$SSL_CONNECTOR_END:$SSL_CONNECTOR_COMMENT_END:g SERVER_XML_FILE_PATH
|
sed -i s:"$SSL_CONNECTOR_END":"$SSL_CONNECTOR_COMMENT_END":g $SERVER_XML_FILE_PATH
|
||||||
|
rm -f /etc/apache2/conf.d/casaats.conf
|
||||||
else
|
else
|
||||||
if [ $2 = "ajp" ]; then
|
if [ $2 = "ajp" ]; then
|
||||||
echo "Disabling ajp connector"
|
echo "Disabling ajp connector"
|
||||||
sed -i s:$AJP_CONNECTOR_BEGIN:$AJP_CONNECTOR_COMMENT_BEGIN:g SERVER_XML_FILE_PATH
|
sed -i s:"$AJP_CONNECTOR_BEGIN":"$AJP_CONNECTOR_COMMENT_BEGIN":g $SERVER_XML_FILE_PATH
|
||||||
sed -i s:$AJP_CONNECTOR_END:$AJP_CONNECTOR_COMMENT_END:g SERVER_XML_FILE_PATH
|
sed -i s:"$AJP_CONNECTOR_END":"$AJP_CONNECTOR_COMMENT_END":g $SERVER_XML_FILE_PATH
|
||||||
else
|
else
|
||||||
echo "Connector type not supported"
|
echo "Connector type not supported"
|
||||||
|
retVal=1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ $1 = "-s" ]; then
|
||||||
|
if [ $2 = "ssl" ]; then
|
||||||
|
echo "Checking ssl connector status"
|
||||||
|
TEST_SSL_CONNECTOR=$(grep "$SSL_CONNECTOR_BEGIN" $SERVER_XML_FILE_PATH)
|
||||||
|
if [ -z "${TEST_SSL_CONNECTOR}" ]; then
|
||||||
|
echo "Connector disabled"
|
||||||
|
else
|
||||||
|
echo "Connector enabled"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ $2 = "ajp" ]; then
|
||||||
|
echo "Checking ajp connector status"
|
||||||
|
TEST_AJP_CONNECTOR=$(grep "$AJP_CONNECTOR_BEGIN" $SERVER_XML_FILE_PATH)
|
||||||
|
if [ -z "${TEST_AJP_CONNECTOR}" ]; then
|
||||||
|
echo "Connector disabled"
|
||||||
|
else
|
||||||
|
echo "Connector enabled"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "Connector type not supported"
|
||||||
|
retVal=1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
@ -108,10 +139,13 @@ if [ $# -eq 2 ]; then
|
|||||||
$JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.jar $*
|
$JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.jar $*
|
||||||
else
|
else
|
||||||
echo "Invalid operation requested"
|
echo "Invalid operation requested"
|
||||||
|
retVal=1
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "Invalid number of parameters"
|
echo "Invalid number of parameters"
|
||||||
|
retVal=1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -77,6 +77,12 @@
|
|||||||
<!-- Note : To disable connection timeouts, set connectionTimeout value
|
<!-- Note : To disable connection timeouts, set connectionTimeout value
|
||||||
to 0 -->
|
to 0 -->
|
||||||
|
|
||||||
|
<!-- Important Note : The ATS uses configuration tools to enable and disable connectors.
|
||||||
|
These tools expect that the connectors be surrounded by comments containing
|
||||||
|
XX_CONNECTOR_YYY or XXX_CONNECTOR_COMMENT_YYY where XXX refers
|
||||||
|
to the type of connector (SSL or AJP) and YYY refers to either BEGIN or END. Please
|
||||||
|
do not modify these comments to avoid conflicting with the configuration tools. -->
|
||||||
|
|
||||||
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
|
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
|
||||||
<!-- SSL_CONNECTOR_BEGIN -->
|
<!-- SSL_CONNECTOR_BEGIN -->
|
||||||
<Connector port="2645"
|
<Connector port="2645"
|
||||||
|
@ -77,6 +77,12 @@
|
|||||||
<!-- Note : To disable connection timeouts, set connectionTimeout value
|
<!-- Note : To disable connection timeouts, set connectionTimeout value
|
||||||
to 0 -->
|
to 0 -->
|
||||||
|
|
||||||
|
<!-- Important Note : The ATS uses configuration tools to enable and disable connectors.
|
||||||
|
These tools expect that the connectors be surrounded by comments containing
|
||||||
|
XX_CONNECTOR_YYY or XXX_CONNECTOR_COMMENT_YYY where XXX refers
|
||||||
|
to the type of connector (SSL or AJP) and YYY refers to either BEGIN or END. Please
|
||||||
|
do not modify these comments to avoid conflicting with the configuration tools. -->
|
||||||
|
|
||||||
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
|
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
|
||||||
<!-- SSL_CONNECTOR_BEGIN -->
|
<!-- SSL_CONNECTOR_BEGIN -->
|
||||||
<Connector port="2645"
|
<Connector port="2645"
|
||||||
|
@ -77,6 +77,12 @@
|
|||||||
<!-- Note : To disable connection timeouts, set connectionTimeout value
|
<!-- Note : To disable connection timeouts, set connectionTimeout value
|
||||||
to 0 -->
|
to 0 -->
|
||||||
|
|
||||||
|
<!-- Important Note : The ATS uses configuration tools to enable and disable connectors.
|
||||||
|
These tools expect that the connectors be surrounded by comments containing
|
||||||
|
XX_CONNECTOR_YYY or XXX_CONNECTOR_COMMENT_YYY where XXX refers
|
||||||
|
to the type of connector (SSL or AJP) and YYY refers to either BEGIN or END. Please
|
||||||
|
do not modify these comments to avoid conflicting with the configuration tools. -->
|
||||||
|
|
||||||
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
|
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
|
||||||
<!-- SSL_CONNECTOR_BEGIN -->
|
<!-- SSL_CONNECTOR_BEGIN -->
|
||||||
<Connector port="2645"
|
<Connector port="2645"
|
||||||
|
@ -77,6 +77,12 @@
|
|||||||
<!-- Note : To disable connection timeouts, set connectionTimeout value
|
<!-- Note : To disable connection timeouts, set connectionTimeout value
|
||||||
to 0 -->
|
to 0 -->
|
||||||
|
|
||||||
|
<!-- Important Note : The ATS uses configuration tools to enable and disable connectors.
|
||||||
|
These tools expect that the connectors be surrounded by comments containing
|
||||||
|
XX_CONNECTOR_YYY or XXX_CONNECTOR_COMMENT_YYY where XXX refers
|
||||||
|
to the type of connector (SSL or AJP) and YYY refers to either BEGIN or END. Please
|
||||||
|
do not modify these comments to avoid conflicting with the configuration tools. -->
|
||||||
|
|
||||||
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
|
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
|
||||||
<!-- SSL_CONNECTOR_BEGIN -->
|
<!-- SSL_CONNECTOR_BEGIN -->
|
||||||
<Connector port="2645"
|
<Connector port="2645"
|
||||||
|
@ -54,4 +54,4 @@ server.loader=${catalina.home}/server/classes,${catalina.home}/server/lib/*.jar
|
|||||||
# "foo/*.jar": Add all the JARs of the specified folder as class
|
# "foo/*.jar": Add all the JARs of the specified folder as class
|
||||||
# repositories
|
# repositories
|
||||||
# "foo/bar.jar": Add bar.jar as a class repository
|
# "foo/bar.jar": Add bar.jar as a class repository
|
||||||
shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar,/usr/share/java/identity-abstraction/*.jar,/usr/share/java/*.jar
|
shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar,/usr/share/java/identity-abstraction/*.jar,/usr/share/java/CASA/*.jar,/usr/share/java/*.jar
|
||||||
|
@ -1,6 +1,4 @@
|
|||||||
<!-- Example Server Configuration File -->
|
<!-- CASA ATS Server Configuration File -->
|
||||||
<!-- Note that component elements are nested corresponding to their
|
|
||||||
parent-child relationships with each other -->
|
|
||||||
|
|
||||||
<!-- A "Server" is a singleton element that represents the entire JVM,
|
<!-- A "Server" is a singleton element that represents the entire JVM,
|
||||||
which may contain one or more "Service" instances. The Server
|
which may contain one or more "Service" instances. The Server
|
||||||
@ -10,14 +8,8 @@
|
|||||||
define subcomponents such as "Valves" or "Loggers" at this level.
|
define subcomponents such as "Valves" or "Loggers" at this level.
|
||||||
-->
|
-->
|
||||||
|
|
||||||
<Server port="8585" shutdown="SHUTDOWN">
|
<Server port="8585" shutdown="SHUTDOWN" debug="0">
|
||||||
|
|
||||||
<!-- Comment these entries out to disable JMX MBeans support used for the
|
|
||||||
administration web application -->
|
|
||||||
<Listener className="org.apache.catalina.core.AprLifecycleListener" />
|
|
||||||
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
|
|
||||||
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
|
|
||||||
<Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>
|
|
||||||
|
|
||||||
<!-- Global JNDI resources -->
|
<!-- Global JNDI resources -->
|
||||||
<GlobalNamingResources>
|
<GlobalNamingResources>
|
||||||
@ -29,9 +21,18 @@
|
|||||||
UserDatabaseRealm to authenticate users -->
|
UserDatabaseRealm to authenticate users -->
|
||||||
<Resource name="UserDatabase" auth="Container"
|
<Resource name="UserDatabase" auth="Container"
|
||||||
type="org.apache.catalina.UserDatabase"
|
type="org.apache.catalina.UserDatabase"
|
||||||
description="User database that can be updated and saved"
|
description="User database that can be updated and saved">
|
||||||
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
|
</Resource>
|
||||||
pathname="conf/tomcat-users.xml" />
|
<ResourceParams name="UserDatabase">
|
||||||
|
<parameter>
|
||||||
|
<name>factory</name>
|
||||||
|
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
|
||||||
|
</parameter>
|
||||||
|
<parameter>
|
||||||
|
<name>pathname</name>
|
||||||
|
<value>conf/tomcat-users.xml</value>
|
||||||
|
</parameter>
|
||||||
|
</ResourceParams>
|
||||||
|
|
||||||
</GlobalNamingResources>
|
</GlobalNamingResources>
|
||||||
|
|
||||||
@ -73,37 +74,43 @@
|
|||||||
IP address of the remote client.
|
IP address of the remote client.
|
||||||
-->
|
-->
|
||||||
|
|
||||||
|
<!-- Note : To disable connection timeouts, set connectionTimeout value
|
||||||
|
to 0 -->
|
||||||
|
|
||||||
<!-- Note : To use gzip compression you could set the following properties :
|
<!-- Important Note : The ATS uses configuration tools to enable and disable connectors.
|
||||||
|
These tools expect that the connectors be surrounded by comments containing
|
||||||
compression="on"
|
XX_CONNECTOR_YYY or XXX_CONNECTOR_COMMENT_YYY where XXX refers
|
||||||
compressionMinSize="2048"
|
to the type of connector (SSL or AJP) and YYY refers to either BEGIN or END. Please
|
||||||
noCompressionUserAgents="gozilla, traviata"
|
do not modify these comments to avoid conflicting with the configuration tools. -->
|
||||||
compressableMimeType="text/html,text/xml"
|
|
||||||
-->
|
|
||||||
|
|
||||||
|
|
||||||
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
|
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
|
||||||
|
<!-- SSL_CONNECTOR_BEGIN -->
|
||||||
<Connector port="2645"
|
<Connector port="2645"
|
||||||
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
|
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
|
||||||
enableLookups="false" disableUploadTimeout="true"
|
enableLookups="false" disableUploadTimeout="true"
|
||||||
|
maxPostSize="16384" connectionTimeout="10000"
|
||||||
acceptCount="100" debug="0" scheme="https" secure="true"
|
acceptCount="100" debug="0" scheme="https" secure="true"
|
||||||
clientAuth="false" sslProtocol="TLS"
|
clientAuth="false" sslProtocol="TLS"
|
||||||
keystoreFile="/etc/CASA/authtoken/keys/server/jks-store"
|
keystoreFile="/etc/CASA/authtoken/keys/server/jks-store"
|
||||||
keystorePass="secret" algorithm="SunX509" />
|
keystorePass="secret" algorithm="SunX509" />
|
||||||
|
<!-- SSL_CONNECTOR_END -->
|
||||||
|
|
||||||
|
<!-- Define an AJP Connector -->
|
||||||
|
<!-- AJP_CONNECTOR_BEGIN -->
|
||||||
|
<Connector enableLookups="false" port="9595" protocol="AJP/1.3"/>
|
||||||
|
<!-- AJP_CONNECTOR_END -->
|
||||||
|
|
||||||
<!-- An Engine represents the entry point (within Catalina) that processes
|
<!-- An Engine represents the entry point (within Catalina) that processes
|
||||||
every request. The Engine implementation for Tomcat stand alone
|
every request. The Engine implementation for Tomcat stand alone
|
||||||
analyzes the HTTP headers included with the request, and passes them
|
analyzes the HTTP headers included with the request, and passes them
|
||||||
on to the appropriate Host (virtual host). -->
|
on to the appropriate Host (virtual host). -->
|
||||||
|
|
||||||
<!-- You should set jvmRoute to support load-balancing via AJP ie :
|
<!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
|
||||||
<Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1">
|
<Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">
|
||||||
-->
|
-->
|
||||||
|
|
||||||
<!-- Define the top level container in our container hierarchy -->
|
<!-- Define the top level container in our container hierarchy -->
|
||||||
<Engine name="Catalina" defaultHost="localhost">
|
<Engine name="Catalina" defaultHost="localhost" debug="0">
|
||||||
|
|
||||||
<!-- The request dumper valve dumps useful debugging information about
|
<!-- The request dumper valve dumps useful debugging information about
|
||||||
the request headers and cookies that were received, and the response
|
the request headers and cookies that were received, and the response
|
||||||
@ -123,6 +130,11 @@
|
|||||||
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
|
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
|
||||||
-->
|
-->
|
||||||
|
|
||||||
|
<!-- Global logger unless overridden at lower levels -->
|
||||||
|
<Logger className="org.apache.catalina.logger.FileLogger"
|
||||||
|
prefix="catalina_log" suffix=".txt"
|
||||||
|
timestamp="false"/>
|
||||||
|
|
||||||
<!-- Because this Realm is here, an instance will be shared globally -->
|
<!-- Because this Realm is here, an instance will be shared globally -->
|
||||||
|
|
||||||
<!-- This Realm uses the UserDatabase configured in the global JNDI
|
<!-- This Realm uses the UserDatabase configured in the global JNDI
|
||||||
@ -130,189 +142,15 @@
|
|||||||
that are performed against this UserDatabase are immediately
|
that are performed against this UserDatabase are immediately
|
||||||
available for use by the Realm. -->
|
available for use by the Realm. -->
|
||||||
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
|
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
|
||||||
resourceName="UserDatabase"/>
|
debug="0" resourceName="UserDatabase"/>
|
||||||
|
|
||||||
<!-- Comment out the old realm but leave here for now in case we
|
|
||||||
need to go back quickly -->
|
|
||||||
<!--
|
|
||||||
<Realm className="org.apache.catalina.realm.MemoryRealm" />
|
|
||||||
-->
|
|
||||||
|
|
||||||
<!-- Replace the above Realm with one of the following to get a Realm
|
|
||||||
stored in a database and accessed via JDBC -->
|
|
||||||
|
|
||||||
<!--
|
|
||||||
<Realm className="org.apache.catalina.realm.JDBCRealm"
|
|
||||||
driverName="org.gjt.mm.mysql.Driver"
|
|
||||||
connectionURL="jdbc:mysql://localhost/authority"
|
|
||||||
connectionName="test" connectionPassword="test"
|
|
||||||
userTable="users" userNameCol="user_name" userCredCol="user_pass"
|
|
||||||
userRoleTable="user_roles" roleNameCol="role_name" />
|
|
||||||
-->
|
|
||||||
|
|
||||||
<!--
|
|
||||||
<Realm className="org.apache.catalina.realm.JDBCRealm"
|
|
||||||
driverName="oracle.jdbc.driver.OracleDriver"
|
|
||||||
connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
|
|
||||||
connectionName="scott" connectionPassword="tiger"
|
|
||||||
userTable="users" userNameCol="user_name" userCredCol="user_pass"
|
|
||||||
userRoleTable="user_roles" roleNameCol="role_name" />
|
|
||||||
-->
|
|
||||||
|
|
||||||
<!--
|
|
||||||
<Realm className="org.apache.catalina.realm.JDBCRealm"
|
|
||||||
driverName="sun.jdbc.odbc.JdbcOdbcDriver"
|
|
||||||
connectionURL="jdbc:odbc:CATALINA"
|
|
||||||
userTable="users" userNameCol="user_name" userCredCol="user_pass"
|
|
||||||
userRoleTable="user_roles" roleNameCol="role_name" />
|
|
||||||
-->
|
|
||||||
|
|
||||||
<!-- Define the default virtual host
|
<!-- Define the default virtual host
|
||||||
Note: XML Schema validation will not work with Xerces 2.2.
|
Note: XML Schema validation will not work with Xerces 2.2.
|
||||||
-->
|
-->
|
||||||
<Host name="localhost" appBase="webapps"
|
<Host name="localhost" debug="0" appBase="webapps"
|
||||||
unpackWARs="true" autoDeploy="true"
|
unpackWARs="true" autoDeploy="true"
|
||||||
xmlValidation="false" xmlNamespaceAware="false">
|
xmlValidation="false" xmlNamespaceAware="false">
|
||||||
|
|
||||||
<!-- Defines a cluster for this node,
|
|
||||||
By defining this element, means that every manager will be changed.
|
|
||||||
So when running a cluster, only make sure that you have webapps in there
|
|
||||||
that need to be clustered and remove the other ones.
|
|
||||||
A cluster has the following parameters:
|
|
||||||
|
|
||||||
className = the fully qualified name of the cluster class
|
|
||||||
|
|
||||||
clusterName = a descriptive name for your cluster, can be anything
|
|
||||||
|
|
||||||
mcastAddr = the multicast address, has to be the same for all the nodes
|
|
||||||
|
|
||||||
mcastPort = the multicast port, has to be the same for all the nodes
|
|
||||||
|
|
||||||
mcastBindAddress = bind the multicast socket to a specific address
|
|
||||||
|
|
||||||
mcastTTL = the multicast TTL if you want to limit your broadcast
|
|
||||||
|
|
||||||
mcastSoTimeout = the multicast readtimeout
|
|
||||||
|
|
||||||
mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
|
|
||||||
|
|
||||||
mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
|
|
||||||
|
|
||||||
tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes
|
|
||||||
|
|
||||||
tcpListenAddress = the listen address (bind address) for TCP cluster request on this host,
|
|
||||||
in case of multiple ethernet cards.
|
|
||||||
auto means that address becomes
|
|
||||||
InetAddress.getLocalHost().getHostAddress()
|
|
||||||
|
|
||||||
tcpListenPort = the tcp listen port
|
|
||||||
|
|
||||||
tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
|
|
||||||
has a wakup bug in java.nio. Set to 0 for no timeout
|
|
||||||
|
|
||||||
printToScreen = true means that managers will also print to std.out
|
|
||||||
|
|
||||||
expireSessionsOnShutdown = true means that
|
|
||||||
|
|
||||||
useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
|
|
||||||
false means to replicate the session after each request.
|
|
||||||
false means that replication would work for the following piece of code: (only for SimpleTcpReplicationManager)
|
|
||||||
<%
|
|
||||||
HashMap map = (HashMap)session.getAttribute("map");
|
|
||||||
map.put("key","value");
|
|
||||||
%>
|
|
||||||
replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
|
|
||||||
* Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
|
|
||||||
* Synchronous means that the thread that executes the request, is also the
|
|
||||||
thread the replicates the data to the other nodes, and will not return until all
|
|
||||||
nodes have received the information.
|
|
||||||
* Asynchronous means that there is a specific 'sender' thread for each cluster node,
|
|
||||||
so the request thread will queue the replication request into a "smart" queue,
|
|
||||||
and then return to the client.
|
|
||||||
The "smart" queue is a queue where when a session is added to the queue, and the same session
|
|
||||||
already exists in the queue from a previous request, that session will be replaced
|
|
||||||
in the queue instead of replicating two requests. This almost never happens, unless there is a
|
|
||||||
large network delay.
|
|
||||||
-->
|
|
||||||
<!--
|
|
||||||
When configuring for clustering, you also add in a valve to catch all the requests
|
|
||||||
coming in, at the end of the request, the session may or may not be replicated.
|
|
||||||
A session is replicated if and only if all the conditions are met:
|
|
||||||
1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
|
|
||||||
2. a session exists (has been created)
|
|
||||||
3. the request is not trapped by the "filter" attribute
|
|
||||||
|
|
||||||
The filter attribute is to filter out requests that could not modify the session,
|
|
||||||
hence we don't replicate the session after the end of this request.
|
|
||||||
The filter is negative, ie, anything you put in the filter, you mean to filter out,
|
|
||||||
ie, no replication will be done on requests that match one of the filters.
|
|
||||||
The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
|
|
||||||
|
|
||||||
filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
|
|
||||||
ending with .gif and .js are intercepted.
|
|
||||||
|
|
||||||
The deployer element can be used to deploy apps cluster wide.
|
|
||||||
Currently the deployment only deploys/undeploys to working members in the cluster
|
|
||||||
so no WARs are copied upons startup of a broken node.
|
|
||||||
The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
|
|
||||||
When a new war file is added the war gets deployed to the local instance,
|
|
||||||
and then deployed to the other instances in the cluster.
|
|
||||||
When a war file is deleted from the watchDir the war is undeployed locally
|
|
||||||
and cluster wide
|
|
||||||
-->
|
|
||||||
|
|
||||||
<!--
|
|
||||||
<Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
|
|
||||||
managerClassName="org.apache.catalina.cluster.session.DeltaManager"
|
|
||||||
expireSessionsOnShutdown="false"
|
|
||||||
useDirtyFlag="true"
|
|
||||||
notifyListenersOnReplication="true">
|
|
||||||
|
|
||||||
<Membership
|
|
||||||
className="org.apache.catalina.cluster.mcast.McastService"
|
|
||||||
mcastAddr="228.0.0.4"
|
|
||||||
mcastPort="45564"
|
|
||||||
mcastFrequency="500"
|
|
||||||
mcastDropTime="3000"/>
|
|
||||||
|
|
||||||
<Receiver
|
|
||||||
className="org.apache.catalina.cluster.tcp.ReplicationListener"
|
|
||||||
tcpListenAddress="auto"
|
|
||||||
tcpListenPort="4001"
|
|
||||||
tcpSelectorTimeout="100"
|
|
||||||
tcpThreadCount="6"/>
|
|
||||||
|
|
||||||
<Sender
|
|
||||||
className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
|
|
||||||
replicationMode="pooled"
|
|
||||||
ackTimeout="15000"
|
|
||||||
waitForAck="true"/>
|
|
||||||
|
|
||||||
<Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
|
|
||||||
filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/>
|
|
||||||
|
|
||||||
<Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
|
|
||||||
tempDir="/tmp/war-temp/"
|
|
||||||
deployDir="/tmp/war-deploy/"
|
|
||||||
watchDir="/tmp/war-listen/"
|
|
||||||
watchEnabled="false"/>
|
|
||||||
|
|
||||||
<ClusterListener className="org.apache.catalina.cluster.session.ClusterSessionListener"/>
|
|
||||||
</Cluster>
|
|
||||||
-->
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<!-- Normally, users must authenticate themselves to each web app
|
|
||||||
individually. Uncomment the following entry if you would like
|
|
||||||
a user to be authenticated the first time they encounter a
|
|
||||||
resource protected by a security constraint, and then have that
|
|
||||||
user identity maintained across *all* web applications contained
|
|
||||||
in this virtual host. -->
|
|
||||||
<!--
|
|
||||||
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
|
|
||||||
-->
|
|
||||||
|
|
||||||
<!-- Access log processes all requests for this virtual host. By
|
<!-- Access log processes all requests for this virtual host. By
|
||||||
default, log files are created in the "logs" directory relative to
|
default, log files are created in the "logs" directory relative to
|
||||||
$CATALINA_HOME. If you wish, you can specify a different
|
$CATALINA_HOME. If you wish, you can specify a different
|
||||||
@ -325,19 +163,15 @@
|
|||||||
pattern="common" resolveHosts="false"/>
|
pattern="common" resolveHosts="false"/>
|
||||||
-->
|
-->
|
||||||
|
|
||||||
<!-- Access log processes all requests for this virtual host. By
|
<!-- Logger shared by all Contexts related to this virtual host. By
|
||||||
default, log files are created in the "logs" directory relative to
|
default (when using FileLogger), log files are created in the "logs"
|
||||||
$CATALINA_HOME. If you wish, you can specify a different
|
directory relative to $CATALINA_HOME. If you wish, you can specify
|
||||||
directory with the "directory" attribute. Specify either a relative
|
a different directory with the "directory" attribute. Specify either a
|
||||||
(to $CATALINA_HOME) or absolute path to the desired directory.
|
relative (to $CATALINA_HOME) or absolute path to the desired
|
||||||
This access log implementation is optimized for maximum performance,
|
directory.-->
|
||||||
but is hardcoded to support only the "common" and "combined" patterns.
|
<Logger className="org.apache.catalina.logger.FileLogger"
|
||||||
-->
|
directory="logs" prefix="localhost_log" suffix=".txt"
|
||||||
<!--
|
timestamp="false"/>
|
||||||
<Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
|
|
||||||
directory="logs" prefix="localhost_access_log." suffix=".txt"
|
|
||||||
pattern="common" resolveHosts="false"/>
|
|
||||||
-->
|
|
||||||
|
|
||||||
</Host>
|
</Host>
|
||||||
|
|
||||||
|
@ -187,11 +187,11 @@ install -m 755 Svc/linux/CasaAuthtokenSvcD %{buildroot}/etc/init.d/casa_atsd
|
|||||||
|
|
||||||
# Tomcat Base files
|
# Tomcat Base files
|
||||||
install -m 600 Svc/tomcat5/conf/catalina.policy %{buildroot}/srv/www/casaats/conf/catalina.policy
|
install -m 600 Svc/tomcat5/conf/catalina.policy %{buildroot}/srv/www/casaats/conf/catalina.policy
|
||||||
install -m 600 Svc/tomcat5/conf/linux/zen/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
|
install -m 600 Svc/tomcat5/conf/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
|
||||||
install -m 600 Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
|
install -m 600 Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
|
||||||
install -m 600 Svc/tomcat5/conf/linux/server-ibm.xml %{buildroot}/srv/www/casaats/conf/server-ibm.xml
|
install -m 600 Svc/tomcat5/conf/linux/server-ibm.xml %{buildroot}/srv/www/casaats/conf/server-ibm.xml
|
||||||
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-ibm.xml
|
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-ibm.xml
|
||||||
install -m 600 Svc/tomcat5/conf/linux/zen/server.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
|
install -m 600 Svc/tomcat5/conf/linux/server-sun.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
|
||||||
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-sun.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-sun.xml
|
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-sun.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-sun.xml
|
||||||
install -m 600 Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
|
install -m 600 Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
|
||||||
install -m 600 Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
|
install -m 600 Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
|
||||||
|
@ -58,6 +58,8 @@ string authPolicyEditor = "/usr/share/java/CASA/authtoken/bin/CasaAuthPolicyEdit
|
|||||||
string iaRealmsFile = "/etc/CASA/authtoken/svc/iaRealms.xml";
|
string iaRealmsFile = "/etc/CASA/authtoken/svc/iaRealms.xml";
|
||||||
string iaRealmsEditor = "/usr/share/java/CASA/authtoken/bin/CasaIaRealmsEditor.sh";
|
string iaRealmsEditor = "/usr/share/java/CASA/authtoken/bin/CasaIaRealmsEditor.sh";
|
||||||
string trustedServerCertsFolder = "/etc/CASA/authtoken/keys/trustedATSCerts";
|
string trustedServerCertsFolder = "/etc/CASA/authtoken/keys/trustedATSCerts";
|
||||||
|
string tomcatConnectorEditor = "/usr/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh";
|
||||||
|
string webServerIsAvailableChecker = "/usr/share/java/CASA/authtoken/bin/CasaIsWebServerAvailable.sh";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Settings Map
|
* Settings Map
|
||||||
@ -190,16 +192,13 @@ global boolean Read() {
|
|||||||
|
|
||||||
// Set defaults
|
// Set defaults
|
||||||
Settings["CONFIG_CASAATS_ENABLE"] = false;
|
Settings["CONFIG_CASAATS_ENABLE"] = false;
|
||||||
Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = true;
|
Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = true;;
|
||||||
Settings["CONFIG_CASAATS_WEB_ACCESS"] = false;
|
Settings["CONFIG_CASAATS_WEB_ACCESS"] = false;
|
||||||
Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"] = 60;
|
Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"] = 60;
|
||||||
|
|
||||||
if (FileUtils::Exists("/etc/sysconfig/casa-ats")) {
|
if (FileUtils::Exists("/etc/sysconfig/casa-ats")) {
|
||||||
Settings["CONFIG_CASAATS_ENABLE"] = tolower((string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_ENABLE)) == "yes";
|
Settings["CONFIG_CASAATS_ENABLE"] = tolower((string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_ENABLE)) == "yes";
|
||||||
if ((Settings["CONFIG_CASAATS_ENABLE"]:false) == true) {
|
if ((Settings["CONFIG_CASAATS_ENABLE"]:false) == true) {
|
||||||
Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = tolower((string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_DIRECT_ACCESS)) == "yes";
|
|
||||||
Settings["CONFIG_CASAATS_WEB_ACCESS"] = tolower((string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_WEB_ACCESS)) == "yes";
|
|
||||||
|
|
||||||
cmd = svcSettingsEditor + " -get ReconfigureInterval -file " + svcSettingsFile;
|
cmd = svcSettingsEditor + " -get ReconfigureInterval -file " + svcSettingsFile;
|
||||||
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
||||||
integer exit = ret["exit"]:-1;
|
integer exit = ret["exit"]:-1;
|
||||||
@ -377,6 +376,57 @@ global boolean Read() {
|
|||||||
|
|
||||||
Settings["CONFIG_CASAATS_REALMS"] = realms;
|
Settings["CONFIG_CASAATS_REALMS"] = realms;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Get the Tomcat SSL connector statuses
|
||||||
|
cmd = tomcatConnectorEditor + " -s ssl";
|
||||||
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
||||||
|
exit = ret["exit"]:-1;
|
||||||
|
if (exit != 0)
|
||||||
|
y2error("Failed to read ssl connector status");
|
||||||
|
else {
|
||||||
|
string cmd_output = ret["stdout"]:"";
|
||||||
|
list<string> lines = splitstring(cmd_output, "\n");
|
||||||
|
string statusLine = lines[2]:"";
|
||||||
|
if (statusLine == "Connector enabled") {
|
||||||
|
y2milestone("SSL connector enabled");
|
||||||
|
Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = true;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
y2milestone("SSL connector disabled");
|
||||||
|
Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get the Tomcat AJP connector statuses
|
||||||
|
cmd = tomcatConnectorEditor + " -s ajp";
|
||||||
|
ret = (map) SCR::Execute(.target.bash_output, cmd);
|
||||||
|
exit = ret["exit"]:-1;
|
||||||
|
if (exit != 0)
|
||||||
|
y2error("Failed to read ajp connector status");
|
||||||
|
else {
|
||||||
|
string cmd_output = ret["stdout"]:"";
|
||||||
|
list<string> lines = splitstring(cmd_output, "\n");
|
||||||
|
string statusLine = lines[2]:"";
|
||||||
|
if (statusLine == "Connector enabled") {
|
||||||
|
y2milestone("AJP connector enabled");
|
||||||
|
Settings["CONFIG_CASAATS_WEB_ACCESS"] = true;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
y2milestone("AJP connector disabled");
|
||||||
|
Settings["CONFIG_CASAATS_WEB_ACCESS"] = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get the Web Server status
|
||||||
|
integer status = (integer) SCR::Execute(.target.bash, webServerIsAvailableChecker);
|
||||||
|
if (status == 1) {
|
||||||
|
y2milestone("Web server available");
|
||||||
|
Settings["WEB_SERVER_AVAILABLE"] = true;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
y2milestone("Web server un-available");
|
||||||
|
Settings["WEB_SERVER_AVAILABLE"] = false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// read firewall settings
|
// read firewall settings
|
||||||
@ -523,8 +573,6 @@ global boolean Write() {
|
|||||||
if(Abort()) return false;
|
if(Abort()) return false;
|
||||||
Progress::NextStage();
|
Progress::NextStage();
|
||||||
SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_ENABLE, Settings["CONFIG_CASAATS_ENABLE"]:false ? "yes" : "no");
|
SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_ENABLE, Settings["CONFIG_CASAATS_ENABLE"]:false ? "yes" : "no");
|
||||||
SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_DIRECT_ACCESS, Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:true ? "yes" : "no");
|
|
||||||
SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_WEB_ACCESS, Settings["CONFIG_CASAATS_WEB_ACCESS"]:false ? "yes" : "no");
|
|
||||||
if (false) Report::Error (_("Cannot sysconfig settings."));
|
if (false) Report::Error (_("Cannot sysconfig settings."));
|
||||||
sleep(sl);
|
sleep(sl);
|
||||||
|
|
||||||
@ -661,6 +709,36 @@ global boolean Write() {
|
|||||||
// Refresh the server Keystore
|
// Refresh the server Keystore
|
||||||
SCR::Execute(.target.bash, "/usr/share/java/CASA/authtoken/bin/refresh_server_keystore.sh");
|
SCR::Execute(.target.bash, "/usr/share/java/CASA/authtoken/bin/refresh_server_keystore.sh");
|
||||||
|
|
||||||
|
// Adjust the Tomcat connectors
|
||||||
|
//
|
||||||
|
// First disable them both and then re-enable as necessary
|
||||||
|
cmd = tomcatConnectorEditor + " -d ssl";
|
||||||
|
exit = (integer) SCR::Execute(.target.bash, cmd);
|
||||||
|
if (exit != 0)
|
||||||
|
y2error("Failed to disable the SSL connector");
|
||||||
|
else {
|
||||||
|
if ((Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:false) == true) {
|
||||||
|
cmd = tomcatConnectorEditor + " -e ssl";
|
||||||
|
exit = (integer) SCR::Execute(.target.bash, cmd);
|
||||||
|
if (exit != 0)
|
||||||
|
y2error("Failed to enable the SSL connector");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
cmd = tomcatConnectorEditor + " -d ajp";
|
||||||
|
exit = (integer) SCR::Execute(.target.bash, cmd);
|
||||||
|
if (exit != 0)
|
||||||
|
y2error("Failed to disable the AJP connector");
|
||||||
|
else {
|
||||||
|
if (Settings["CONFIG_CASAATS_WEB_ACCESS"]:false == true)
|
||||||
|
{
|
||||||
|
cmd = tomcatConnectorEditor + " -e ajp";
|
||||||
|
exit = (integer) SCR::Execute(.target.bash, cmd);
|
||||||
|
if (exit != 0)
|
||||||
|
y2error("Failed to enable the AJP connector");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Adjust firewall as needed
|
// Adjust firewall as needed
|
||||||
if (Abort()) return false;
|
if (Abort()) return false;
|
||||||
Progress::NextStage();
|
Progress::NextStage();
|
||||||
|
@ -738,8 +738,8 @@ zero means that the server only reads its configuration during start up.</p>
|
|||||||
integer items = 0;
|
integer items = 0;
|
||||||
map<string, map> realms = (map<string, map>) CasaAts::Settings["CONFIG_CASAATS_REALMS"]:$[];
|
map<string, map> realms = (map<string, map>) CasaAts::Settings["CONFIG_CASAATS_REALMS"]:$[];
|
||||||
list<term> table_items = [];
|
list<term> table_items = [];
|
||||||
boolean direct_access = CasaAts::Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:true;
|
boolean direct_access = CasaAts::Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:false;
|
||||||
boolean web_access = false;
|
boolean web_access = CasaAts::Settings["CONFIG_CASAATS_WEB_ACCESS"]:false;
|
||||||
integer reconfig_interval = CasaAts::Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"]:60;
|
integer reconfig_interval = CasaAts::Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"]:60;
|
||||||
|
|
||||||
// Read list of search roots already configured for this realm
|
// Read list of search roots already configured for this realm
|
||||||
@ -752,7 +752,10 @@ zero means that the server only reads its configuration during start up.</p>
|
|||||||
});
|
});
|
||||||
|
|
||||||
/* Dialog contents */
|
/* Dialog contents */
|
||||||
term contents = `HBox(
|
term contents = nil;
|
||||||
|
if (CasaAts::Settings["WEB_SERVER_AVAILABLE"]:false == true)
|
||||||
|
{
|
||||||
|
contents = `HBox(
|
||||||
`HSpacing(5),
|
`HSpacing(5),
|
||||||
`VBox(
|
`VBox(
|
||||||
`VStretch(),
|
`VStretch(),
|
||||||
@ -775,6 +778,33 @@ zero means that the server only reads its configuration during start up.</p>
|
|||||||
),
|
),
|
||||||
`HSpacing(5)
|
`HSpacing(5)
|
||||||
);
|
);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
contents = `HBox(
|
||||||
|
`HSpacing(5),
|
||||||
|
`VBox(
|
||||||
|
`VStretch(),
|
||||||
|
`Frame(_("Authentication Realms"),
|
||||||
|
`VBox(
|
||||||
|
`Table(`id(`table), `opt(`notify), `header(_("Realm")), []),
|
||||||
|
`HBox(`PushButton(`id(`add), _("Ad&d")),
|
||||||
|
`PushButton(`id(`edit), `opt(`disabled), _("&Edit")),
|
||||||
|
`PushButton(`id(`delete), `opt(`disabled), _("De&lete"))
|
||||||
|
)
|
||||||
|
)
|
||||||
|
),
|
||||||
|
`VSpacing(1),
|
||||||
|
`Left(`CheckBox(`id(`direct), `opt(`notify), _("Direc&t Access"))),
|
||||||
|
`VSpacing(1),
|
||||||
|
`Left(`CheckBox(`id(`web), `opt(`disabled), _("&Web Server Access"))),
|
||||||
|
`VSpacing(1),
|
||||||
|
`Left(`TextEntry(`id(`interval), _("Recon&figure Interval"))),
|
||||||
|
`VStretch()
|
||||||
|
),
|
||||||
|
`HSpacing(5)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
boolean set_initial_focus = true;
|
boolean set_initial_focus = true;
|
||||||
any ret = nil;
|
any ret = nil;
|
||||||
@ -897,12 +927,6 @@ zero means that the server only reads its configuration during start up.</p>
|
|||||||
reconfig_interval = CasaAts::Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"]:60;
|
reconfig_interval = CasaAts::Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"]:60;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
/* Verify that web server access has not been selected */
|
|
||||||
if (web_access == true) {
|
|
||||||
Report::Error(_("Web server access is not yet supported."));
|
|
||||||
web_access = false;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
/* Verify that the server can be accessed */
|
/* Verify that the server can be accessed */
|
||||||
if (direct_access != true && web_access != true) {
|
if (direct_access != true && web_access != true) {
|
||||||
Report::Error(_("Specify server access type."));
|
Report::Error(_("Specify server access type."));
|
||||||
@ -917,6 +941,7 @@ zero means that the server only reads its configuration during start up.</p>
|
|||||||
// Save the server variables
|
// Save the server variables
|
||||||
CasaAts::Settings["CONFIG_CASAATS_REALMS"] = realms;
|
CasaAts::Settings["CONFIG_CASAATS_REALMS"] = realms;
|
||||||
CasaAts::Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = direct_access;
|
CasaAts::Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = direct_access;
|
||||||
|
CasaAts::Settings["CONFIG_CASAATS_WEB_ACCESS"] = web_access;
|
||||||
CasaAts::Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"] = reconfig_interval;
|
CasaAts::Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"] = reconfig_interval;
|
||||||
CasaAts::Settings["CONFIG_CASAATS_REALMS"] = realms;
|
CasaAts::Settings["CONFIG_CASAATS_REALMS"] = realms;
|
||||||
break;
|
break;
|
||||||
|
Loading…
Reference in New Issue
Block a user