ATS changes to allow it to leverage installed server certificate and
server key (/etc/ssl/servercerts/serverkey.pem and /etc/ssl/servercerts/servercert.pem) for SSL communications.
This commit is contained in:
parent
718b0fda28
commit
ba8e155d69
@ -100,11 +100,21 @@ StartDAEMON()
|
|||||||
# file for the JVM version that we are using.
|
# file for the JVM version that we are using.
|
||||||
if [ -z "${TEST_IBM_JVM}" ]; then
|
if [ -z "${TEST_IBM_JVM}" ]; then
|
||||||
# Assume Sun JVM
|
# Assume Sun JVM
|
||||||
|
# Use PKCS12 version if PKCS12 store exists
|
||||||
|
if [ -f /etc/ssl/servercerts/keystore.p12 ]; then
|
||||||
|
ln -s /srv/www/casaats/conf/server-pkcs12-sun.xml /srv/www/casaats/conf/server.xml
|
||||||
|
else
|
||||||
ln -s /srv/www/casaats/conf/server-sun.xml /srv/www/casaats/conf/server.xml
|
ln -s /srv/www/casaats/conf/server-sun.xml /srv/www/casaats/conf/server.xml
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
# IBM JVM
|
# IBM JVM
|
||||||
|
# Use PKCS12 version if PKCS12 store exists
|
||||||
|
if [ -f /etc/ssl/servercerts/keystore.p12 ]; then
|
||||||
|
ln -s /srv/www/casaats/conf/server-pkcs12-ibm.xml /srv/www/casaats/conf/server.xml
|
||||||
|
else
|
||||||
ln -s /srv/www/casaats/conf/server-ibm.xml /srv/www/casaats/conf/server.xml
|
ln -s /srv/www/casaats/conf/server-ibm.xml /srv/www/casaats/conf/server.xml
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# Make sure that our service has rights to the file
|
# Make sure that our service has rights to the file
|
||||||
chown -h casaatsd:casaauth /srv/www/casaats/conf/server.xml
|
chown -h casaatsd:casaauth /srv/www/casaats/conf/server.xml
|
||||||
|
@ -31,6 +31,7 @@ EXTRA_DIST = CasaAuthtokenSvcD \
|
|||||||
envvars.zen \
|
envvars.zen \
|
||||||
server_keystore_setup.sh \
|
server_keystore_setup.sh \
|
||||||
refresh_trusted_ats_keystore.sh \
|
refresh_trusted_ats_keystore.sh \
|
||||||
|
refresh_server_keystore.sh \
|
||||||
casa_crypto.properties \
|
casa_crypto.properties \
|
||||||
CasaBasicATSSetup.sh \
|
CasaBasicATSSetup.sh \
|
||||||
CasaAuthPolicyEditor.sh \
|
CasaAuthPolicyEditor.sh \
|
||||||
|
68
CASA-auth-token/server-java/Svc/linux/refresh_server_keystore.sh
Executable file
68
CASA-auth-token/server-java/Svc/linux/refresh_server_keystore.sh
Executable file
@ -0,0 +1,68 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
########################################################################
|
||||||
|
#
|
||||||
|
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
|
||||||
|
#
|
||||||
|
# This library is free software; you can redistribute it and/or
|
||||||
|
# modify it under the terms of the GNU Lesser General Public
|
||||||
|
# License as published by the Free Software Foundation; version 2.1
|
||||||
|
# of the License.
|
||||||
|
#
|
||||||
|
# This library is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
# Library Lesser General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU Lesser General Public
|
||||||
|
# License along with this library; if not, Novell, Inc.
|
||||||
|
#
|
||||||
|
# To contact Novell about this file by physical or electronic mail,
|
||||||
|
# you may find current contact information at www.novell.com.
|
||||||
|
#
|
||||||
|
# Author: Juan Carlos Luciani <jluciani@novell.com>
|
||||||
|
#
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
#
|
||||||
|
# CASA ATS Keystore Refresh Script.
|
||||||
|
#
|
||||||
|
# An ATS signs tokens and communicates with clients over
|
||||||
|
# SSL. This scrip tries to update the ATS configuration to leverage
|
||||||
|
# the server certificate and key if installed for SSL communications.
|
||||||
|
#
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
# Source our environment variables file
|
||||||
|
. /etc/CASA/authtoken/svc/envvars
|
||||||
|
|
||||||
|
PKCS12_KEYSTORE_PATH=/etc/ssl/servercerts/keystore.p12
|
||||||
|
SERVER_CERT_PATH=/etc/ssl/servercerts/servercert.pem
|
||||||
|
SERVER_KEY_PATH=/etc/ssl/servercerts/serverkey.pem
|
||||||
|
SERVER_XML_PATH=/srv/www/casaats/conf/server.xml
|
||||||
|
|
||||||
|
|
||||||
|
# Try to leverage server certificate and key
|
||||||
|
if [ -f /etc/ssl/servercerts/serverkey.pem ]; then
|
||||||
|
# Check if we must create PKCS12 keystore
|
||||||
|
if [ ! -f $PKCS12_KEYSTORE_PATH ]; then
|
||||||
|
# Create PKCS12 keystore
|
||||||
|
openssl pkcs12 -export -in $SERVER_CERT_PATH -inkey $SERVER_KEY_PATH -name tomcat -out PKCS12_KEYSTORE_PATH -password pass:password
|
||||||
|
|
||||||
|
# Make sure that the PKCS12 keystore is only accessible by the service
|
||||||
|
chown casaatsd:casaauth $PKCS12_KEYSTORE_PATH
|
||||||
|
chmod 600 $PKCS12_KEYSTORE_PATH
|
||||||
|
fi
|
||||||
|
|
||||||
|
// Make sure that the ATS is configured to leverage the server certificate and key
|
||||||
|
TEST_IBM_JVM=$($JAVA_HOME/bin/java -version 2>&1 | grep -i ibm)
|
||||||
|
rm -f $SERVER_XML_PATH
|
||||||
|
if [ -z "${TEST_IBM_JVM}" ]; then
|
||||||
|
# Assume Sun JVM
|
||||||
|
ln -s /srv/www/casaats/conf/server-pkcs12-sun.xml $SERVER_XML_PATH
|
||||||
|
else
|
||||||
|
# IBM JVM
|
||||||
|
ln -s /srv/www/casaats/conf/server-pkcs12-ibm.xml $SERVER_XML_PATH
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
@ -50,9 +50,10 @@ LOCAL_ATS_SIGNING_CERT_PATH=/etc/CASA/authtoken/keys/localSigningCert
|
|||||||
|
|
||||||
# Perform the operation requested
|
# Perform the operation requested
|
||||||
|
|
||||||
# Do not do anything if the server keystore has already been created
|
# Proceed based on whether or not the server keystore has been created
|
||||||
if [ -f $KEYSTORE_PATH ]; then
|
if [ -f $KEYSTORE_PATH ]; then
|
||||||
echo "The server keystore is already setup"
|
echo "The server keystore is already setup"
|
||||||
|
|
||||||
# Make sure that the keystore file is owned by our service
|
# Make sure that the keystore file is owned by our service
|
||||||
chown casaatsd:casaauth $KEYSTORE_PATH
|
chown casaatsd:casaauth $KEYSTORE_PATH
|
||||||
else
|
else
|
||||||
@ -82,3 +83,5 @@ else
|
|||||||
chmod 600 $KEYSTORE_PATH
|
chmod 600 $KEYSTORE_PATH
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -27,7 +27,9 @@ DIST_SUBDIRS = zen
|
|||||||
CFILES =
|
CFILES =
|
||||||
|
|
||||||
EXTRA_DIST = server-ibm.xml \
|
EXTRA_DIST = server-ibm.xml \
|
||||||
server-sun.xml
|
server-sun.xml \
|
||||||
|
server-pkcs12-ibm.xml \
|
||||||
|
server-pkcs12-sun.xml
|
||||||
|
|
||||||
.PHONY: package package-clean package-install package-uninstall
|
.PHONY: package package-clean package-install package-uninstall
|
||||||
package package-clean package-install package-uninstall:
|
package package-clean package-install package-uninstall:
|
||||||
|
@ -0,0 +1,169 @@
|
|||||||
|
<!-- CASA ATS Server Configuration File -->
|
||||||
|
|
||||||
|
<!-- A "Server" is a singleton element that represents the entire JVM,
|
||||||
|
which may contain one or more "Service" instances. The Server
|
||||||
|
listens for a shutdown command on the indicated port.
|
||||||
|
|
||||||
|
Note: A "Server" is not itself a "Container", so you may not
|
||||||
|
define subcomponents such as "Valves" or "Loggers" at this level.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<Server port="8585" shutdown="SHUTDOWN" debug="0">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Global JNDI resources -->
|
||||||
|
<GlobalNamingResources>
|
||||||
|
|
||||||
|
<!-- Test entry for demonstration purposes -->
|
||||||
|
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
|
||||||
|
|
||||||
|
<!-- Editable user database that can also be used by
|
||||||
|
UserDatabaseRealm to authenticate users -->
|
||||||
|
<Resource name="UserDatabase" auth="Container"
|
||||||
|
type="org.apache.catalina.UserDatabase"
|
||||||
|
description="User database that can be updated and saved">
|
||||||
|
</Resource>
|
||||||
|
<ResourceParams name="UserDatabase">
|
||||||
|
<parameter>
|
||||||
|
<name>factory</name>
|
||||||
|
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
|
||||||
|
</parameter>
|
||||||
|
<parameter>
|
||||||
|
<name>pathname</name>
|
||||||
|
<value>conf/tomcat-users.xml</value>
|
||||||
|
</parameter>
|
||||||
|
</ResourceParams>
|
||||||
|
|
||||||
|
</GlobalNamingResources>
|
||||||
|
|
||||||
|
<!-- A "Service" is a collection of one or more "Connectors" that share
|
||||||
|
a single "Container" (and therefore the web applications visible
|
||||||
|
within that Container). Normally, that Container is an "Engine",
|
||||||
|
but this is not required.
|
||||||
|
|
||||||
|
Note: A "Service" is not itself a "Container", so you may not
|
||||||
|
define subcomponents such as "Valves" or "Loggers" at this level.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- Define the Tomcat Stand-Alone Service -->
|
||||||
|
<Service name="Catalina">
|
||||||
|
|
||||||
|
<!-- A "Connector" represents an endpoint by which requests are received
|
||||||
|
and responses are returned. Each Connector passes requests on to the
|
||||||
|
associated "Container" (normally an Engine) for processing.
|
||||||
|
|
||||||
|
By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
|
||||||
|
You can also enable an SSL HTTP/1.1 Connector on port 8443 by
|
||||||
|
following the instructions below and uncommenting the second Connector
|
||||||
|
entry. SSL support requires the following steps (see the SSL Config
|
||||||
|
HOWTO in the Tomcat 5 documentation bundle for more detailed
|
||||||
|
instructions):
|
||||||
|
* If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
|
||||||
|
later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
|
||||||
|
* Execute:
|
||||||
|
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
|
||||||
|
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
|
||||||
|
with a password value of "changeit" for both the certificate and
|
||||||
|
the keystore itself.
|
||||||
|
|
||||||
|
By default, DNS lookups are enabled when a web application calls
|
||||||
|
request.getRemoteHost(). This can have an adverse impact on
|
||||||
|
performance, so you can disable it by setting the
|
||||||
|
"enableLookups" attribute to "false". When DNS lookups are disabled,
|
||||||
|
request.getRemoteHost() will return the String version of the
|
||||||
|
IP address of the remote client.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- Note : To disable connection timeouts, set connectionTimeout value
|
||||||
|
to 0 -->
|
||||||
|
|
||||||
|
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
|
||||||
|
<Connector port="2645"
|
||||||
|
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
|
||||||
|
enableLookups="false" disableUploadTimeout="true"
|
||||||
|
maxPostSize="16384" connectionTimeout="10000"
|
||||||
|
acceptCount="100" debug="0" scheme="https" secure="true"
|
||||||
|
clientAuth="false" sslProtocol="TLS"
|
||||||
|
keystoreFile="/etc/ssl/servercerts/keystore.p12"
|
||||||
|
keystorePass="password" keystoreType="pkcs12" algorithm="IbmX509" />
|
||||||
|
|
||||||
|
<!-- An Engine represents the entry point (within Catalina) that processes
|
||||||
|
every request. The Engine implementation for Tomcat stand alone
|
||||||
|
analyzes the HTTP headers included with the request, and passes them
|
||||||
|
on to the appropriate Host (virtual host). -->
|
||||||
|
|
||||||
|
<!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
|
||||||
|
<Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- Define the top level container in our container hierarchy -->
|
||||||
|
<Engine name="Catalina" defaultHost="localhost" debug="0">
|
||||||
|
|
||||||
|
<!-- The request dumper valve dumps useful debugging information about
|
||||||
|
the request headers and cookies that were received, and the response
|
||||||
|
headers and cookies that were sent, for all requests received by
|
||||||
|
this instance of Tomcat. If you care only about requests to a
|
||||||
|
particular virtual host, or a particular application, nest this
|
||||||
|
element inside the corresponding <Host> or <Context> entry instead.
|
||||||
|
|
||||||
|
For a similar mechanism that is portable to all Servlet 2.4
|
||||||
|
containers, check out the "RequestDumperFilter" Filter in the
|
||||||
|
example application (the source for this filter may be found in
|
||||||
|
"$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
|
||||||
|
|
||||||
|
Request dumping is disabled by default. Uncomment the following
|
||||||
|
element to enable it. -->
|
||||||
|
<!--
|
||||||
|
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- Global logger unless overridden at lower levels -->
|
||||||
|
<Logger className="org.apache.catalina.logger.FileLogger"
|
||||||
|
prefix="catalina_log" suffix=".txt"
|
||||||
|
timestamp="false"/>
|
||||||
|
|
||||||
|
<!-- Because this Realm is here, an instance will be shared globally -->
|
||||||
|
|
||||||
|
<!-- This Realm uses the UserDatabase configured in the global JNDI
|
||||||
|
resources under the key "UserDatabase". Any edits
|
||||||
|
that are performed against this UserDatabase are immediately
|
||||||
|
available for use by the Realm. -->
|
||||||
|
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
|
||||||
|
debug="0" resourceName="UserDatabase"/>
|
||||||
|
|
||||||
|
<!-- Define the default virtual host
|
||||||
|
Note: XML Schema validation will not work with Xerces 2.2.
|
||||||
|
-->
|
||||||
|
<Host name="localhost" debug="0" appBase="webapps"
|
||||||
|
unpackWARs="true" autoDeploy="true"
|
||||||
|
xmlValidation="false" xmlNamespaceAware="false">
|
||||||
|
|
||||||
|
<!-- Access log processes all requests for this virtual host. By
|
||||||
|
default, log files are created in the "logs" directory relative to
|
||||||
|
$CATALINA_HOME. If you wish, you can specify a different
|
||||||
|
directory with the "directory" attribute. Specify either a relative
|
||||||
|
(to $CATALINA_HOME) or absolute path to the desired directory.
|
||||||
|
-->
|
||||||
|
<!--
|
||||||
|
<Valve className="org.apache.catalina.valves.AccessLogValve"
|
||||||
|
directory="logs" prefix="localhost_access_log." suffix=".txt"
|
||||||
|
pattern="common" resolveHosts="false"/>
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- Logger shared by all Contexts related to this virtual host. By
|
||||||
|
default (when using FileLogger), log files are created in the "logs"
|
||||||
|
directory relative to $CATALINA_HOME. If you wish, you can specify
|
||||||
|
a different directory with the "directory" attribute. Specify either a
|
||||||
|
relative (to $CATALINA_HOME) or absolute path to the desired
|
||||||
|
directory.-->
|
||||||
|
<Logger className="org.apache.catalina.logger.FileLogger"
|
||||||
|
directory="logs" prefix="localhost_log" suffix=".txt"
|
||||||
|
timestamp="false"/>
|
||||||
|
|
||||||
|
</Host>
|
||||||
|
|
||||||
|
</Engine>
|
||||||
|
|
||||||
|
</Service>
|
||||||
|
|
||||||
|
</Server>
|
@ -0,0 +1,169 @@
|
|||||||
|
<!-- CASA ATS Server Configuration File -->
|
||||||
|
|
||||||
|
<!-- A "Server" is a singleton element that represents the entire JVM,
|
||||||
|
which may contain one or more "Service" instances. The Server
|
||||||
|
listens for a shutdown command on the indicated port.
|
||||||
|
|
||||||
|
Note: A "Server" is not itself a "Container", so you may not
|
||||||
|
define subcomponents such as "Valves" or "Loggers" at this level.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<Server port="8585" shutdown="SHUTDOWN" debug="0">
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Global JNDI resources -->
|
||||||
|
<GlobalNamingResources>
|
||||||
|
|
||||||
|
<!-- Test entry for demonstration purposes -->
|
||||||
|
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
|
||||||
|
|
||||||
|
<!-- Editable user database that can also be used by
|
||||||
|
UserDatabaseRealm to authenticate users -->
|
||||||
|
<Resource name="UserDatabase" auth="Container"
|
||||||
|
type="org.apache.catalina.UserDatabase"
|
||||||
|
description="User database that can be updated and saved">
|
||||||
|
</Resource>
|
||||||
|
<ResourceParams name="UserDatabase">
|
||||||
|
<parameter>
|
||||||
|
<name>factory</name>
|
||||||
|
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
|
||||||
|
</parameter>
|
||||||
|
<parameter>
|
||||||
|
<name>pathname</name>
|
||||||
|
<value>conf/tomcat-users.xml</value>
|
||||||
|
</parameter>
|
||||||
|
</ResourceParams>
|
||||||
|
|
||||||
|
</GlobalNamingResources>
|
||||||
|
|
||||||
|
<!-- A "Service" is a collection of one or more "Connectors" that share
|
||||||
|
a single "Container" (and therefore the web applications visible
|
||||||
|
within that Container). Normally, that Container is an "Engine",
|
||||||
|
but this is not required.
|
||||||
|
|
||||||
|
Note: A "Service" is not itself a "Container", so you may not
|
||||||
|
define subcomponents such as "Valves" or "Loggers" at this level.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- Define the Tomcat Stand-Alone Service -->
|
||||||
|
<Service name="Catalina">
|
||||||
|
|
||||||
|
<!-- A "Connector" represents an endpoint by which requests are received
|
||||||
|
and responses are returned. Each Connector passes requests on to the
|
||||||
|
associated "Container" (normally an Engine) for processing.
|
||||||
|
|
||||||
|
By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
|
||||||
|
You can also enable an SSL HTTP/1.1 Connector on port 8443 by
|
||||||
|
following the instructions below and uncommenting the second Connector
|
||||||
|
entry. SSL support requires the following steps (see the SSL Config
|
||||||
|
HOWTO in the Tomcat 5 documentation bundle for more detailed
|
||||||
|
instructions):
|
||||||
|
* If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
|
||||||
|
later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
|
||||||
|
* Execute:
|
||||||
|
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
|
||||||
|
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
|
||||||
|
with a password value of "changeit" for both the certificate and
|
||||||
|
the keystore itself.
|
||||||
|
|
||||||
|
By default, DNS lookups are enabled when a web application calls
|
||||||
|
request.getRemoteHost(). This can have an adverse impact on
|
||||||
|
performance, so you can disable it by setting the
|
||||||
|
"enableLookups" attribute to "false". When DNS lookups are disabled,
|
||||||
|
request.getRemoteHost() will return the String version of the
|
||||||
|
IP address of the remote client.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- Note : To disable connection timeouts, set connectionTimeout value
|
||||||
|
to 0 -->
|
||||||
|
|
||||||
|
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
|
||||||
|
<Connector port="2645"
|
||||||
|
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
|
||||||
|
enableLookups="false" disableUploadTimeout="true"
|
||||||
|
maxPostSize="16384" connectionTimeout="10000"
|
||||||
|
acceptCount="100" debug="0" scheme="https" secure="true"
|
||||||
|
clientAuth="false" sslProtocol="TLS"
|
||||||
|
keystoreFile="/etc/ssl/servercerts/keystore.p12"
|
||||||
|
keystorePass="password" keystoreType="pkcs12" algorithm="SunX509" />
|
||||||
|
|
||||||
|
<!-- An Engine represents the entry point (within Catalina) that processes
|
||||||
|
every request. The Engine implementation for Tomcat stand alone
|
||||||
|
analyzes the HTTP headers included with the request, and passes them
|
||||||
|
on to the appropriate Host (virtual host). -->
|
||||||
|
|
||||||
|
<!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
|
||||||
|
<Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- Define the top level container in our container hierarchy -->
|
||||||
|
<Engine name="Catalina" defaultHost="localhost" debug="0">
|
||||||
|
|
||||||
|
<!-- The request dumper valve dumps useful debugging information about
|
||||||
|
the request headers and cookies that were received, and the response
|
||||||
|
headers and cookies that were sent, for all requests received by
|
||||||
|
this instance of Tomcat. If you care only about requests to a
|
||||||
|
particular virtual host, or a particular application, nest this
|
||||||
|
element inside the corresponding <Host> or <Context> entry instead.
|
||||||
|
|
||||||
|
For a similar mechanism that is portable to all Servlet 2.4
|
||||||
|
containers, check out the "RequestDumperFilter" Filter in the
|
||||||
|
example application (the source for this filter may be found in
|
||||||
|
"$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
|
||||||
|
|
||||||
|
Request dumping is disabled by default. Uncomment the following
|
||||||
|
element to enable it. -->
|
||||||
|
<!--
|
||||||
|
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- Global logger unless overridden at lower levels -->
|
||||||
|
<Logger className="org.apache.catalina.logger.FileLogger"
|
||||||
|
prefix="catalina_log" suffix=".txt"
|
||||||
|
timestamp="false"/>
|
||||||
|
|
||||||
|
<!-- Because this Realm is here, an instance will be shared globally -->
|
||||||
|
|
||||||
|
<!-- This Realm uses the UserDatabase configured in the global JNDI
|
||||||
|
resources under the key "UserDatabase". Any edits
|
||||||
|
that are performed against this UserDatabase are immediately
|
||||||
|
available for use by the Realm. -->
|
||||||
|
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
|
||||||
|
debug="0" resourceName="UserDatabase"/>
|
||||||
|
|
||||||
|
<!-- Define the default virtual host
|
||||||
|
Note: XML Schema validation will not work with Xerces 2.2.
|
||||||
|
-->
|
||||||
|
<Host name="localhost" debug="0" appBase="webapps"
|
||||||
|
unpackWARs="true" autoDeploy="true"
|
||||||
|
xmlValidation="false" xmlNamespaceAware="false">
|
||||||
|
|
||||||
|
<!-- Access log processes all requests for this virtual host. By
|
||||||
|
default, log files are created in the "logs" directory relative to
|
||||||
|
$CATALINA_HOME. If you wish, you can specify a different
|
||||||
|
directory with the "directory" attribute. Specify either a relative
|
||||||
|
(to $CATALINA_HOME) or absolute path to the desired directory.
|
||||||
|
-->
|
||||||
|
<!--
|
||||||
|
<Valve className="org.apache.catalina.valves.AccessLogValve"
|
||||||
|
directory="logs" prefix="localhost_access_log." suffix=".txt"
|
||||||
|
pattern="common" resolveHosts="false"/>
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- Logger shared by all Contexts related to this virtual host. By
|
||||||
|
default (when using FileLogger), log files are created in the "logs"
|
||||||
|
directory relative to $CATALINA_HOME. If you wish, you can specify
|
||||||
|
a different directory with the "directory" attribute. Specify either a
|
||||||
|
relative (to $CATALINA_HOME) or absolute path to the desired
|
||||||
|
directory.-->
|
||||||
|
<Logger className="org.apache.catalina.logger.FileLogger"
|
||||||
|
directory="logs" prefix="localhost_log" suffix=".txt"
|
||||||
|
timestamp="false"/>
|
||||||
|
|
||||||
|
</Host>
|
||||||
|
|
||||||
|
</Engine>
|
||||||
|
|
||||||
|
</Service>
|
||||||
|
|
||||||
|
</Server>
|
@ -172,7 +172,8 @@ install -m 700 Svc/linux/log4j.properties %{buildroot}/etc/CASA/authtoken/svc/lo
|
|||||||
|
|
||||||
# Others
|
# Others
|
||||||
install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
|
install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
|
||||||
install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
|
install -m 700 Svc/linux/refresh_trusted_ats_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
|
||||||
|
install -m 700 Svc/linux/refresh_server_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
|
||||||
install -m 700 Svc/linux/CasaBasicATSSetup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
|
install -m 700 Svc/linux/CasaBasicATSSetup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
|
||||||
install -m 700 Svc/linux/CasaAuthPolicyEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
|
install -m 700 Svc/linux/CasaAuthPolicyEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
|
||||||
install -m 700 Svc/linux/CasaTomcatConnectorEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
|
install -m 700 Svc/linux/CasaTomcatConnectorEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
|
||||||
@ -187,7 +188,9 @@ install -m 600 Svc/tomcat5/conf/catalina.policy %{buildroot}/srv/www/casaats/con
|
|||||||
install -m 600 Svc/tomcat5/conf/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
|
install -m 600 Svc/tomcat5/conf/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
|
||||||
install -m 600 Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
|
install -m 600 Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
|
||||||
install -m 600 Svc/tomcat5/conf/linux/server-ibm.xml %{buildroot}/srv/www/casaats/conf/server-ibm.xml
|
install -m 600 Svc/tomcat5/conf/linux/server-ibm.xml %{buildroot}/srv/www/casaats/conf/server-ibm.xml
|
||||||
|
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-ibm.xml
|
||||||
install -m 600 Svc/tomcat5/conf/linux/server-sun.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
|
install -m 600 Svc/tomcat5/conf/linux/server-sun.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
|
||||||
|
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-sun.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-sun.xml
|
||||||
install -m 600 Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
|
install -m 600 Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
|
||||||
install -m 600 Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
|
install -m 600 Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
|
||||||
|
|
||||||
@ -262,6 +265,7 @@ rm -f /srv/www/casaats/conf/server.xml
|
|||||||
%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
|
%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
|
||||||
%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
|
%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
|
||||||
%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
|
%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
|
||||||
|
%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
|
||||||
%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
|
%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
|
||||||
%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
|
%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
|
||||||
%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
|
%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
|
||||||
@ -307,7 +311,9 @@ rm -f /srv/www/casaats/conf/server.xml
|
|||||||
%config /srv/www/casaats/conf/catalina.properties
|
%config /srv/www/casaats/conf/catalina.properties
|
||||||
%config /srv/www/casaats/conf/jk2.properties
|
%config /srv/www/casaats/conf/jk2.properties
|
||||||
%config /srv/www/casaats/conf/server-ibm.xml
|
%config /srv/www/casaats/conf/server-ibm.xml
|
||||||
|
%config /srv/www/casaats/conf/server-pkcs12-ibm.xml
|
||||||
%config /srv/www/casaats/conf/server-sun.xml
|
%config /srv/www/casaats/conf/server-sun.xml
|
||||||
|
%config /srv/www/casaats/conf/server-pkcs12-sun.xml
|
||||||
%config /srv/www/casaats/conf/tomcat-users.xml
|
%config /srv/www/casaats/conf/tomcat-users.xml
|
||||||
%config /srv/www/casaats/conf/web.xml
|
%config /srv/www/casaats/conf/web.xml
|
||||||
%config /etc/CASA/authtoken/svc/envvars
|
%config /etc/CASA/authtoken/svc/envvars
|
||||||
|
@ -172,7 +172,8 @@ install -m 700 Svc/linux/log4j.properties %{buildroot}/etc/CASA/authtoken/svc/lo
|
|||||||
|
|
||||||
# Others
|
# Others
|
||||||
install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
|
install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
|
||||||
install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
|
install -m 700 Svc/linux/refresh_trusted_ats_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
|
||||||
|
install -m 700 Svc/linux/refresh_server_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
|
||||||
install -m 700 Svc/linux/CasaBasicATSSetup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
|
install -m 700 Svc/linux/CasaBasicATSSetup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
|
||||||
install -m 700 Svc/linux/CasaAuthPolicyEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
|
install -m 700 Svc/linux/CasaAuthPolicyEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
|
||||||
install -m 700 Svc/linux/CasaTomcatConnectorEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
|
install -m 700 Svc/linux/CasaTomcatConnectorEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
|
||||||
@ -187,7 +188,9 @@ install -m 600 Svc/tomcat5/conf/catalina.policy %{buildroot}/srv/www/casaats/con
|
|||||||
install -m 600 Svc/tomcat5/conf/linux/zen/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
|
install -m 600 Svc/tomcat5/conf/linux/zen/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
|
||||||
install -m 600 Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
|
install -m 600 Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
|
||||||
install -m 600 Svc/tomcat5/conf/linux/server-ibm.xml %{buildroot}/srv/www/casaats/conf/server-ibm.xml
|
install -m 600 Svc/tomcat5/conf/linux/server-ibm.xml %{buildroot}/srv/www/casaats/conf/server-ibm.xml
|
||||||
|
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-ibm.xml
|
||||||
install -m 600 Svc/tomcat5/conf/linux/zen/server.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
|
install -m 600 Svc/tomcat5/conf/linux/zen/server.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
|
||||||
|
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-sun.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-sun.xml
|
||||||
install -m 600 Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
|
install -m 600 Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
|
||||||
install -m 600 Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
|
install -m 600 Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
|
||||||
|
|
||||||
@ -262,6 +265,7 @@ rm -f /srv/www/casaats/conf/server.xml
|
|||||||
%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
|
%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
|
||||||
%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
|
%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
|
||||||
%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
|
%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
|
||||||
|
%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
|
||||||
%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
|
%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
|
||||||
%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
|
%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
|
||||||
%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
|
%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
|
||||||
@ -307,7 +311,9 @@ rm -f /srv/www/casaats/conf/server.xml
|
|||||||
%config /srv/www/casaats/conf/catalina.properties
|
%config /srv/www/casaats/conf/catalina.properties
|
||||||
%config /srv/www/casaats/conf/jk2.properties
|
%config /srv/www/casaats/conf/jk2.properties
|
||||||
%config /srv/www/casaats/conf/server-ibm.xml
|
%config /srv/www/casaats/conf/server-ibm.xml
|
||||||
|
%config /srv/www/casaats/conf/server-pkcs12-ibm.xml
|
||||||
%config /srv/www/casaats/conf/server-sun.xml
|
%config /srv/www/casaats/conf/server-sun.xml
|
||||||
|
%config /srv/www/casaats/conf/server-pkcs12-sun.xml
|
||||||
%config /srv/www/casaats/conf/tomcat-users.xml
|
%config /srv/www/casaats/conf/tomcat-users.xml
|
||||||
%config /srv/www/casaats/conf/web.xml
|
%config /srv/www/casaats/conf/web.xml
|
||||||
%config /etc/CASA/authtoken/svc/envvars
|
%config /etc/CASA/authtoken/svc/envvars
|
||||||
|
Loading…
Reference in New Issue
Block a user